windows phone apps | WP7 Accessories | WP7 games » Security Vulnerability

An SMS could cripple Windows Phone .. do you really want to know how ?

Saijo George — Tue, 13 Dec 2011 01:48:14 +0000

It seems that Khaled Salameh has discovered a bug with Windows Phone that could cause serious problem for Windows Phone users. Its is not know if this affect all Windows Phone users at this stage but winrumors does test this out on a Samsung and HTC device and it would seem both of them are affected by the bug, the effect of which causes Windows Phone to reboot and disables the message hub and it’s said that the user will not be able to open up the messaging hub unless they do a hard reset. All it takes is a SMS to be sent to Windows Phone ( using a specific set of text ).

Thankfully Khaled Salameh and WinRumors have not made this particular info public and its a good thing , imagine the trouble if something like this were made public.

(more…)

Check out more : Windows Phone Apps | Windows Phone Games

[ Security ] moTweets saves your twitter password in plain text !!

. Saijo — Tue, 15 Jun 2010 06:44:21 +0000

moTweets-AccountsXML

I am not sure how the other Windows Mobile clients handle this according to @mus_hi, the free ad supported version of moTweets saves your twitter password in an XML file. With access to the file system via a File Explorer on Windows Mobile, its all too easy to look for this XML file in the installation directory and open it and guess what ? You password is saved there. We have contacted Panoramic Software to inform them of the issue and will let you know about any updates on the issue. ( read more about the issue on mushive.com ), I wouldn’t say you should stop using moTweets, but dont pass your device around to those nosy friends / siblings. moTweets is definitely one of the better twitter client on Windows Phone and I hope they have an update to fix the issue soon.

What twitter Client do you guys use ? Does it have the same issue ?

Update : A rep from Panoramic Software got back to us with this info .. This issue has already been addressed and will be released with the next version 1.8.3, which should be out today.

Check out more : Windows Phone Apps | Windows Phone Games

[ Security Vulnerability ] International Calls from Windows Mobile without users permission – ghost dialer trojan ??

. Saijo — Thu, 08 Apr 2010 07:20:22 +0000

Virus

Many Windows Mobile users started noticing a strange issue with their windows Mobile device. The device was automatically calling out random international numbers with out the users permission.

The issue was first noticed by smudgelab over at xda-developers. some of the telephone numbers that was dialed out includes

+88213213214
+1(767)503-3611
+25240221601

After a lot of discussion , they have found a common issue most of the users have installed a game ” 3D Anti-terrorist “. We are not 100% if the issue stems from this game but We received an email from someone who posed to be the developer of the game, and gave us the developers site as a fake-page hosted on atspace.com. The game was hosted on rapidshare on the fake-developers page. Apparently the game was developed by Huike.cn and its not a free game. This dodgy individual must have loaded the game with the trojan dialer and many unsuspecting users including myself installed this game.

What should you do now.

Go through your call history, check for any calls that look suspicious ( cross reference with the numbers posted above ). Block out going international and premium numbers ( if you dont use them ). Delete ” 3D Anti-terrorist ” if you have installed it. Install a Windows Mobile Antivirus ( most of them are not free, try the demo to see if they work for you )
AirScanner
LookOut ( Free )
Kaspersky Mobile Security
Symantec Mobile AntiVirus
F-Secure Mobile Security

We will keep you posted on the developments in regards to this issue.

Thanks to Alfredo-Nicolas Rios for bringing the issue to our attention.

Check out more : Windows Phone Apps | Windows Phone Games

Trojan-SMS.WinCE.Sejweek.a for Windows Mobile

. Saijo — Fri, 18 Dec 2009 04:54:29 +0000

windows-mobile-virus

Kaspersky has relased info on a new Mobile Phone trojan ( Trojan-SMS.WinCE.Sejweek.a ) , WMPowerUser informs us that ” the Trojan-SMS.WinCE.Sejweek.a trojan is commonly found associated with pirated software, downloads an XML file from a website which contains the numbers of premium rate SMS numbers and the frequency at which the expensive ($1 per message) SMS messages will be sent. Due to the variety of SMS numbers being sent to it is less easy to block the money making part of the scheme, making the trojan’s utility that much longer lived. ”

Check out more : Windows Phone Apps | Windows Phone Games

Australian DSD ( Defense Signals Directorate ) gives Windows Mobile 6.1 the thumbs up

. Saijo — Thu, 20 Aug 2009 02:28:55 +0000

No ScreenShot

The DSD is the Australian Government’s national authority for information security. Windows Mobile 6.1 operating system have successful completed the Defence Signals Directorate (DSD) Australasian Information Security Evaluation Program and also has obtained Common Criteria Evaluation Assurance Level 4 (EAL4). ( EAL7 is the highest possible level )

By meeting the security criteria for EAL4, Windows Mobile 6.1 are accepted under the Common Criteria Recognition Arrangement (CCRA) by Australia and 25 other countries worldwide including the United Kingdom and the United States. The CCRA ensures that evaluations of IT products are performed to high and globally consistent standards. Thus, this certification provides government and enterprise customers with definitive information about the security features in Windows Mobile 6.1, and assurance that mobile workers can securely access sensitive data on information networks.

Mike Burgess, first assistant secretary, Information Security, Defence Signals Directorate, said, “We have worked very closely with Microsoft throughout this assessment process to ensure that Windows Mobile 6.1 meets the security needs for government and enterprise networks.”

via windowsteamblog.com

Check out more : Windows Phone Apps | Windows Phone Games

iPhone 3GS Encryption Is ‘Useless’ for Business!! is it really ?

. Saijo — Fri, 24 Jul 2009 01:45:31 +0000

iPhone Hacked

Here is an iPhone Story that many wont tell you. According to Jonathan Zdziarski,, an iPhone developer and a hacker who teaches forensics courses on recovering data from iPhones, claims that the enterprise-friendly encryption included with the iPhone 3GS is so weak it can be cracked in two minutes with a few pieces of readily available freeware. In a recent report from wired.com He claims that “It is kind of like storing all your secret messages right next to the secret decoder ring,” and also went on to say “I don’t think any of us have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”

Get more info about the iPhone’s Encryption Flaws

Check out more : Windows Phone Apps | Windows Phone Games

O2 Toshiba TG01 Windows Mobile shipped with a virus !!!

. Saijo — Thu, 16 Jul 2009 05:02:51 +0000

windows-mobile-virus

According to MSMobile.com Toshiba TG01 Windows Mobile sold by O2 has a virus that is located in some memory cards that are delivered in package of Toshiba TG01. This virus has infected only devices sold in July 2009 and devices sold previously (sales of Toshiba TG01 started at O2 Germany in June) are not affected. This is the first time ever when virus software is encountered in a Windows Mobile phone that is commercially sold.

Check out more : Windows Phone Apps | Windows Phone Games

HTC WM6.1 and WM6 Bluetooth Vulnerability

. Saijo — Tue, 14 Jul 2009 13:35:27 +0000

Bluetooth Vulnerability

HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and write or read arbitrary files, via a ../ in a pathname. HTC handsets running Windows Mobile 5 are not affected. Users worried about the vulnerability should avoid pairing their phones with an untrusted handset or computer. They may also want to delete any devices that are already paired with their phones. Because the driver, obexfile.dll, is an HTC driver, only handsets from the company are affected. Apparently Windows Mobile 6.5 devices will be vulnerable too if HTC does not fix the driver according to Moreno Tablado, who discovered this Vulnerability.

[ via PC World ]

More info about the Vulnerability

Check out more : Windows Phone Apps | Windows Phone Games

Phone Creeper 0.3 – Espionage Application or Security Vulnerability?

Mukku — Sun, 21 Jun 2009 16:20:15 +0000

No ScreenShot

Phone Creeper which the author describes an an Espionage Suite has been recently released by chetstriker from xda-developers. I am thankful to the developer for pointing out such a vulnerability within the Windows Mobile operating system.

Currently it has the following features:

secretly and remotely read incoming / outgoing sms
secretly and remotely delete incoming / outgoing sms
secretly and remotely view call history
bounce sms messages off remote phone to someone else.
create a pop-up message on phone
send a secret fart sound
secretly and remotely listen to person. (Initiates silent call back of person to your phone with thier speaker phone enabled)
also send listening in call to somebody else’s phone

All results will be sent via SMS back without leaving any trace on the phone being controlled. Any cell phone can be used to initiate the commands and all commands will respond with a success message for acknowledgment.

Install Instructions :
Just install .cab on the victims wm5 or higher phone. THEN MAKE SURE YOU REBOOT TO INITIATE IT.
by default the password is “chetstriker“, obviously not including the quotes and BE SURE IT’S ALL IN LOWER CASE. The command format is (password and then command)

Download this Application

Check out more : Windows Phone Apps | Windows Phone Games

Security Vunerability for Microsoft Windows CE 5.0

Saijo George — Tue, 27 May 2008 13:08:19 +0000

We dont usually find a lot of Security Vunerability on Mobile devices when compared to the desktop cousin but once in a while a few of them do surface.

A security vunerability for Windows CE posted in the US-CERT Cyber Security Bulletin.

Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted JPEG and GIF images.

For more details see National Vulnerability Database (CVE-2008-2160)

And update is available from Microsoft here.
Source : 4winmobile.com

Check out more : Windows Phone Apps | Windows Phone Games