Malicious Apps Can Simply Be Copied To Windows Phone

November 18, 2014
21
Views

here, this loophole provides users with a ridiculously easy way to replace a legitimate application on Windows Phone with a rogue one — which, interestingly, inherits the same data access permissions. It involves simply transferring the installation data of the malicious app into the program directory of the target, though it involves a few extra steps. The ability to sideload apps is essential for this trick to work. Microsoft, of course, added this ability to load applications from SD cards in Windows Phone 8.1. Anyway, the first step is to create the same manifest for the rogue app as the legitimate one, and then have them installed on the target device. The files are replaced in the program directory, and the original software is swapped with content from the custom package. The developer tested this hack on a Lumia device, and even created a registry tool that allows writing registry values with the inherited permissions. All things considered, the discovery of this loophole could allow cybercriminals to target Windows Phone users with malicious applications. Hopefully Microsoft gets to this first, and releases an update that tightens up security on its mobile platform.]]>

Article Categories:
Microsoft · Windows Phone Blue

Mike Johnson is a writer for The Redmond Cloud - the most comprehensive source of news and information about Microsoft Azure and the Microsoft Cloud. He enjoys writing about Azure Security, IOT and the Blockchain.

Leave a Reply

Your email address will not be published. Required fields are marked *