[lrn2board]

Legit Windows Phone Apps Can Be Replaced By Malicious Ones Through Copy/Paste - Softpedia

WTF

[Scienceguy Labs]

But doesn't it require that someone physically put an "infected" SD card into your phone???

[pankaj981]

Lol. Before posting the link and freaking out, your should've at least read the xda thread, it's just 8 pages after all. None of the folks in the thread have had luck in getting control of unsigned assembly code to run on the device. And even by the time they do, Microsoft would patch it up. So relax and enjoy the weather...well depends where you're located. Here in Ohio i would prefer staying inside :P

[a5cent]

Even if people could get this to work, I'm not sure it's even half as bad as it sounds. You'd still have to:

1. have your apps installed on the SD card
2. have granted at least one of those apps "interesting" permissions
3. physically hand your phone or SD card over to someone who knows about this vulnerability, has the necessary skills to exploit it (which seemingly nobody has), and give them enough time to do so.

Even if all this were to happen, the rogue app is still confined to it's own sandbox, so how much damage can it do? It might be able to delete all the files that belonged to the original app, but that's pretty much the end of it.

Sure, definitely not good, and it needs to be patched, but it doesn't look like something anybody at XDA can actually pull off, even if they did get their hands on your phone.

[anon(8150199)]

So not having expandable storage is a good idea 😊

[marcos86]

I think that if that would be a real threat, someone would have used it at the latest pwn2own

[Jas00555]

I didn't even bother to read the article. I knew it was BS when I saw it from Softpedia.

[EspHack]

actually I got a bit excited, though it was a way to positively hack wp 8.1, you know.. like the other OS' so maybe we could finally tweak our own brightness settings and extremely advanced things like that.. maybe Ad-hoc wifi or USB on-the-go too?

too bad its just bogus

[RumoredNow]

That title worries me: "WP8.1 hacked? If true I don't know what to think or do"

Really? It's that bad? This is news that has been out. There is even a thread about it right in the same neighborhood as this one, in this very forum from 6 1/2 hours before this one...

Hacking goes on day in and day out from amateurs to paid professionals working for black bag agencies... And this minor exploit has melted your reasoning capacity? The NSA is not sneaking into your house and fiddling with your SD card while you sleep. I'd be more worried about other things. Please get a grip or get some help.

[a5cent]

^ to be fair, those two threads started out in different forums, and it was I that moved them to the same spot. That can happen. I don't think the OP is outraged really. I think the OP is just enquiring what the community thinks about this, but based on many of the other threads we get around here, I understand your reaction. I think in this specific situation it may just be out of place

(I know, I've had a long day too )

[poken1151]

So this is a hack found by XDA users a week ago or so. It's not as bad as it seems, quite seriously, it's akin to rooting an Android device, you have to be quite actively involved.

I'm a fair bit excited by this. While yes, it can be a bad thing if people get as far as automating something like this remotely, but the OS doesn't have that capability in this regard.

But the positive perspectives are quite interesting. Imagine registry mods that open up the OS to show some really good functionailty. To be honest half of what makes Android likeable by so many users involve the open API platform and the modifiability. Users going crazy with some intricate kind of apps and people using them. Right now WP is extremely tied down. I'm not saying it needs to go that far as Android. But the OS and the API is so restricted it's no wonder why some DEVs on other platforms don't come by.

Had this simple idea to make a WiFi analyzer, get all the wifi around your phone, display the channels clogged, and sugest one to use for your router. Ok, didn't "have" this idea as much as I loved an app that was on Android that did this and saw none on WP, so thought I'd bring something here. Well.. API says NOPE. Amongst so many other things, so many good ideas are kinda held back. So yea, depending on what people do with this, I'd be excited to see some cool stuff.

[Jas00555]

So this is a hack found by XDA users a week ago or so. It's not as bad as it seems, quite seriously, it's akin to rooting an Android device, you have to be quite actively involved.

.

I'm not sure if I'm misunderstanding the actual hack or you are, but I don't think that's right. This hack is basically like if you were to root an app, as opposed to the phone itself. The sandbox of WP won't allow this to do anything else aside to do whatever you want with that particular app. I think you're gonna have to live without that wifi app (;

[a5cent]

I'm not sure if I'm misunderstanding the actual hack or you are, but I don't think that's right. This hack is basically like if you were to root an app, as opposed to the phone itself. The sandbox of WP won't allow this to do anything else aside to do whatever you want with that particular app. I think you're gonna have to live without that wifi app (;

I think the hypothesis/hope is that somebody will find an app with some super special privileges, that no standard 3rd party app has, but which can still be installed onto the SD card. If they do find such an app, then that might be (in some ways and depending on those privileges) comparable to a rooted device. They just won't find any such thing...

[techiez]

So not having expandable storage is a good idea 

Tell that to Lumia 530 owners :P

[Wam1q]

That djamol actually came here first (as amolbaikar) with a hack and people here degraded him so bad. Good to see him doing some great work over at xda.

Edit: And no, this will not increase piracy/cause a security breach in the OS without your knowledge. It is something you should do deliberately. It can give really cool features to geeky people.

[anon9169769]

I can't see why it can't be hacked. Take a look at Nokia software recovery tool for example or DP....it over writes the old OS and installs another one on there. I guess its possible to recode it for android if you know the in and out's. It's a bit like recording on a cd... Have all your music on there then with the same cd you can wipe it off and replace it with something else. It's all about re-writing the code. That's just my guess and not an official fact so no having any go's at me please lol 😉

[Wam1q]

I can't see why it can't be hacked. Take a look at Nokia software recovery tool for example or DP....it over writes the old OS and installs another one on there. I guess its possible to recode it for android if you know the in and out's. It's a bit like recording on a cd... Have all your music on there then with the same cd you can wipe it off and replace it with something else. It's all about re-writing the code. That's just my guess and not an official fact so no having any go's at me please lol 😉

You might fool it to install Android, but WP's come with UEFI Secure Boot since WP8 (just like PC's with Windows 8 preinstalled). It will not let another OS run on the device. Like if you dual boot Windows 7 on your OEM Windows 8 PC and keep Secure Boot on in the UEFI settings, Windows 7 won't even boot; Only Windows 8 could boot up then. Secure Boot needs to be disabled to run another OS. And no-one knows how to disable it on a phone. :/

[realwarder]

I can't see why it can't be hacked. Take a look at Nokia software recovery tool for example or DP....it over writes the old OS and installs another one on there. I guess its possible to recode it for android if you know the in and out's. It's a bit like recording on a cd... Have all your music on there then with the same cd you can wipe it off and replace it with something else. It's all about re-writing the code. That's just my guess and not an official fact so no having any go's at me please lol ��

SecureBoot only runs signed Operating Systems. And the Nokia Recovery Tool installs OS's signed by Microsoft... so unless you get their master keys you cannot digitally sign or run anything else. Likewise, the OS then only runs signed OS DLLs and installs signed apps. It's a whole chain of trust. Even when the apps run they run in a sandbox with strong walls that limit what they can do. All of these steps and layers of security make for a very secure platform.

XDA has been trying to hack Windows 8 phones since release and they are talented people. Anyone attacking an OS helps make it more secure and I'm sure this issue (which is minor) will get patched in a future OS update at which point they'll be back to finding another entry point.

Windows Phone is still the most secure phone OS and that can make you feel safe using it for our your daily activities.

[a5cent]

^ Normally I give "likes" for posts I agree with and "thanks" for posts that bring things to my attention I was previously unaware of. That response was just too good for only one like however

[colinkiama]

Lol they sent the issue to Microsoft so it's fine. All it really enables is homebrew/sideloaded apps to be honest. No actual exploit that could 'break' the OS.

[jmshub]

So not having expandable storage is a good idea 

I don't think that's the takeaway. A really nice feature of the OS is that even if your phone has an SD card, you can still use it for only documents and keep apps installed only on the phone's onboard storage.