WP
Nobody bothers hacking Windows Phone huh?
Researchers attending the PacSec 2013 security conference in Japan have won nearly $70,000 after demonstrating how to compromise iPhones and a Samsung Galaxy S4 running Android in a mobile version of the legendary Pwn2Own hacking contest. A Japanese team from Mitsui Bussan Secure Directions earned $40,000 after showing how …
Doesn't look like it. All us WP users can be smug in the belief that we have a safe phone OS. Sadly, the truth is that we're an obscure minority who buy cheap phones. Not worth hacking as there's not enough of us and we can't afford a better phone, so nothing to steal.
Mine's a Nokia 520 in a nasty shade of red.
Security through obscurity is no security at all, and - like I've said before - the biggest target is going to be the one the miscreants go after.
Of course, it doesn't help that the biggest target is in this case the most open, and therefore the easiest.
That said, I don't believe any system is completely secure against exploits when user action is required - there will always be someone who is stupid enough to press the big red shiny button.
@Mike Moyle: How do you define "safest"?
Yes, everyone can look at the code. But what seems to be forgotten so often when this sort of discussion starts is that the vast majority of smartphone users are not tech-savvy. It doesn't make a blind bit of difference to Wayne or Sharon if they can see the code - in fact they're probably not even aware their phone runs Android, just as long as it's a Galaxy and you can text and play Angry Birds on it.
So yes, open is great for those who understand the tech. But for those who don't - who are at the same time also the ones more likely to fall for social engineering tricks - it's an open playing field for the malware flingers. The fact that Android is open, and therefore simplest to get apps containing malware etc. onto makes it the easiest ecosystem to target.
"Wrong. SecureBoot requires a UEFI bootloader. WP is firmware, not UEFI."
Wrong: http://go.microsoft.com/fwlink/?LinkId=266838
Windows Phone architecture uses a System-on-a-Chip (SoC) design provided by SoC vendors. The SoC vendor and device manufactures provide the pre-UEFI boot loaders and the UEFI environment. The UEFI environment implements the UEFI secure boot standard that is described in section 27 of the UEFI Specification (http://www.uefi.org/specs). This standard describes a process by which all UEFI drivers and applications are validated against keys provisioned into a UEFI runtime variable before they are executed.
The UEFI and Windows document (http://msdn.microsoft.com/en- us/windows/hardware/gg463149.aspx) on MSDN describes the advantages of using UEFI and how UEFI is supported by desktop versions of the Windows operating system. Although the document focuses on UEFI and Windows, most of the information in the document also applies to Windows Phone.
Microsoft provides the Windows Phone boot manager in the UEFI environment. After the pre-UEFI and UEFI components complete their boot processes, the Windows Phone boot manager takes over to complete the Windows Phone 8 boot process so that the user can start using the smartphone. All code in the Windows Phone operating system is signed by Microsoft, including OEM drivers and applications. Also, applications that are added after manufacturing, or installed from the Windows Phone Store or a private enterprise store must be properly signed to execute
What it needs, for carriers to remove their collectives fingers from their arses, is a little persuasion.
If, for example, someone with an S4 (after Samsug has released the update required) happened to stumble on a compromised website, entirely accidentally of course, and was pwned, could they then take the negligent carrier to court, as their inaction has left the phone insecure, despite a fix existing and being available?
well, in my experience at my office, those who have upgraded to iOS 7 are advising the rest of the office not to upgrade. it's about 50/50 of those who have or have not upgraded. I know it's nowhere near a large enough sample, but I'd warrant lots are on iOS7, but quite a large number have chosen not to upgrade.
"iPhones are updated by Apple, and most devices are now on iOS7."
Not in this house!
1 is on iOS7, 2 are on iOS5
You can choose to update or not. Only 1 in this house has chosen to update - and I expect that there are a significant number of others (outside this house) who do not like the new OS, running iOS 6.
(They are not all outside my house - some of them live round the corner.)
The original point was that operators are slow to put out OTA updates (it's there in the title). I mentioned that Apple push updates without using the operators so it's only Androids that suffer this. So why is everyone pointing out that they know iOS users that have chosen not to upgrade? The Android users haven't got that choice if the Operators don't push (providing they're not on a Nexus device for the rest of you smartarses.) That's the point, with iOS you have a choice that a lot on Android users don't. Not often I get to type that!!!
@sabroni
Reading the article would be your man here.
"Meanwhile, an eight-person team from Keen Cloud Tech in China showed how to exploit a vulnerability in iOS version 7.0.3 to steal Facebook login credentials "
I'd be willing to be that in the case of a frightening percentage of cases that "facebook password" = "password for everything"
Really? I normally just wade straight into the comments.
Doesn't really adress my point, made so eloquently yet totally missed above, that Apple push udpates without using the Operators. So Apple can apply a fix, Google can fix Nexus devices, most others on Android using a manufacturer's version are stuck with the vulnerability. Do you get it now? Not sure how to make it any clearer...