Researcher to present Windows Phone 8 malware at MalCon
- 13 November, 2012 20:26
A 16-year-old security researcher from India plans to present a malware application for Windows Phone 8 at the upcoming MalCon security conference in New Delhi, India, on Nov. 24.
According to a brief description of the presentation on the MalCon website, it will show approaches and techniques for infecting Windows Phone 8 devices and will demonstrate how the prototype malware can steal contacts, upload pictures, access text messages and more.
The malware's author is Shantanu Gawde, a high school student and security researcher, who last year at MalCon presented a proof-of-concept malware program capable of interacting with Xbox Kinect devices.
Gawde is a member of the National Security Database (NSD), an accreditation program for information security experts run by a nonprofit organization called the Information Sharing and Analysis Center (ISAC) with support from the government of India.
The Windows Phone 8 malware prototype was built for educational purposes and to raise awareness about how malware authors can target the platform, Gawde said Tuesday via email. "The app will be shared with antivirus vendors and Microsoft after the conference so as to enable mitigation of such threats."
"The malware uses legitimate WP8 functionality without resorting to other methods such as 'homebrew apps' and interop capabilities," Gawde said. "The idea behind the app was to code it in such a way that it would be accepted into the marketplace [Windows Phone Store], whilst having hidden functionality."
Gawde declined to reveal other technical details about the malware ahead of his presentation at MalCon.
ISAC researchers are analyzing possible methods that attackers could use to distribute Windows Phone 8 malware apps in enterprise environments.
"We are currently researching the impact on security of deploying and updating apps in the enterprise through various MDM [mobile device management] products," Rajshekhar Murthy, director of the National Security Database program and founder of the MalCon conference, said Tuesday via email. "There are possible chances that hackers can still compromise private enterprise app stores and cause significant damage."
"We would like to further add that based on our malware research internally, we find that Windows Phone 8 is way superior and better than Android in all aspects of security," Murthy said.
"Microsoft is aware of the upcoming presentation but further details have not been shared with us," Dave Forstrom, director in the Trustworthy Computing Group at Microsoft, said Tuesday via email. "As always, we will investigate any issues disclosed in the talk, and will take appropriate action to help protect our customers."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Cloud debate now about speed and sophistication
Yahoo Mail still down for some users, after an attempted fix
Queensland government to provide 200 services online by 2015
CIOs need to get their house in order, CFO panel says
Is Data Complexity Blinding Your IT Decision-Making?
Pathways Course Curriculum 2014
Developed by the CIO Executive Council, Pathways is a unique, flexible, self-managed, self-paced 12-month professional development program that brings together best practices, thought leadership and business insights for today’s most promising ICT professionals. Pathways is designed and delivered by leading local and global CIOs; enabling participants to capitalise on mentor CIOs personal experiences, expertise and knowledge.
The New Disruption for Brands
The new frontier of mobile and social is a game changer, opening new channels in which consumers and brands can interact. This whitepaper details the results of a survey spanning consumers in the US, UK, Singapore and Australia, exploring their expectations of using mobile devices and social media to engage with brands. The results confirm that consumers live across various channels, and as part of their experience there is an expectation of consistency, value and individualised attention. Read more to learn who you’re talking to, what to say and where to say it.
Siemens Redefines Efficiency
Siemens is leading the migration to a smarter energy grid by enabling utilities to collect and analyse data from the new generation of smart meters, providing both utilities and their customers usable information to make smarter energy decisions. In this case study, we look at how they could provision full stack environments quickly and flexibly leveraging a shared hardware model, and one the delivered performance and scale to meet large testing requirements.