Cellular security

T-Mobile quietly upgrades 2G network security

We teach you

How Microsoft Account two-step verification works

Here we go again

Dropbox accounts hacked, service not to blame for leak

Play your part

How to report dangerous or malicious apps to the Store

Hypothetical threat watch

New malware exploits USB, but isn't really that scary

Microsoft News

Microsoft issues security advisory affecting all versions of Windows, Windows Phone

General News

UK government set to rush through emergency surveillance legislation

General News

UK officials follow US counterparts by banning electronics that have no charge from boarding flights

Microsoft News

Microsoft restores control of seized domains to No-IP

Microsoft News

Microsoft takes down accounts hosted through No-IP in latest malware crackdown

Windows Apps

1Password for Windows gets much needed 4.0 update

Editorials

Using strong passwords and keeping your online self secure

General News

First smartphone 'kill switch' bill in the US passed by… Minnesota

Windows Phone Apps

Secure your passwords and critical information with Enpass Password Manager

General News

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

Windows Phone Apps

John McAfee's Chadder aims to keep your messages private, lands on Windows Phone before iOS

Windows

Microsoft issues security patch for Internet Explorer

Microsoft News

Microsoft issues warning about limited, targeted attack vulnerability in Internet Explorer

How To

Get secure by encrypting your PC with Microsoft BitLocker for Windows 8 Pro

Microsoft News

Microsoft Store giving away $100 credit; simply trade up your Windows XP dinosaur (US and Canada Only)

< >
21

Windows Phone only smartphone OS immune to Webkit vulnerability

Windows Phone unaffected by new malware

Security firm CrowdStrike has identified a vulnerability that could allow attackers to seize complete control over a smartphone.  The hole could allow an attacker to gain access via Webkit-based browsers, which makes up the bulk of mobile web browsers.  The good news for Windows Phone users is that they are in the clear because Microsoft designed Internet Explorer themselves, opting not to use the Webkit platform.

George Kurtz, CEO of CrowdStrike, has tested this theory and has confirmed that Windows Phone, unlike iOS, Android and Blackberry, is immune to this threat.  Kurtz has not revealed the details of the vulnerability, but will be holding a demonstration tomorrow at a TSA conference.  For the time being, there is little that users can do to protect themselves.  Any fixes must come from the OS developers first, and then get pushed out to consumers.

Source: Zunited

14
loading...
0
loading...
0
loading...
0
loading...

Reader comments

Windows Phone only smartphone OS immune to Webkit vulnerability

21 Comments

This is good news. However, it got me thinking. Almost every month MS patches an IE security vulnerability via Windows Updates. Since IE on WP is much the same, shouldn't we be getting regular IE patches on our phones, too?

I don't think so because on a PC such a security hole would allow the hacker/spyware to seize control of the PC, with WP there is no way to take control of the OS. If I'm not mistaken.

That's a good question once we reach WP8, but for now, it's IE on Windows CE platform which wouldn't be affected by the same vulnerabilities.
That's not to say it doesn't have its own potential issues though.

Apple will probably release an update to all supported iOS devices in a month or 2, Google will also fix Chrome for Android and the ICS browser soon, probably faster than Apple, but the majority of Android phones, that are running 2.2 and 2.3 will never see a fix

Wow. Only now do I finally realize that the stock browser of nearly every Mobile OS is based on Webkit. That's insane.
 
I also wonder if you're an Android user and you use Opera or Firefox as your main browser if you're free from the vulnerability.

Mixed feelings on this one. I somehow feel that the only reason there aren't the vulnerabilities in mobile IE is exactly because of how small the market share is. The hackers are focusing on webkit because it pretty much targets everybody.

Or it really is just Webkit that's at fault. It's had several major security flaws in the last few months.
 
I've never liked Webkit very much compared to Gecko and this just further cements my belief.