windows phones

[krugersystem]

Im interested in getting the kids windows phones. I am concerned that they may be at risk of hacking if i were to go with android or iphone - ive seen a phone suitable, a Lumia 535 which i think is os8.1. Is this correct?
My concern is that their files may be stolen or that they may be watched via camera. Is this easy? I heard on Android its not difficult though which is why i font want to take that road, why anyone would want to do it is beyond me as i just dont see financial gain from using a camera inside someones pocket or looking up at a ceiling lol.

Anyone able to offer advice?

 

[gpobernardo]

Yes, there has been a bug in Android (not in Windows Phones) when someone can remotely access the webcam of an Android phone without the user knowing, but this has been patched by Google already.

In Windows Phones, there is no known danger. Files kept inside the main phone cannot be stolen remotely, and the webcam cannot be viewed remotely as well. It is highly recommended, however, that a four-digit pin/password and lock screen be set such that if the phone was stolen physically, only the files in the SD card are at risk, while the files and documents saved in the main storage of the phone are safe.

Yes, the Lumia 535 runs Windows Phone 8.1. I've given mine to my younger sister and it's been suiting her needs quite well (although she's already in college, not really a kid anymore).

As to what gains a hacker would get (in hacking hack-able phones (which Windows Phones are NOT)), discussion about this can lead to speculations, ranging from the sake of fun to high-level conspiracies.

How old are your kids?

 

[krugersystem]

Thanks - why microsoft dont highlight this more i dont know, surely it would be a huge selling point.

Kids are late primary school aged so approaching 11.

Id set up all the parental controls possible etc but, its the thought of them downloading apps with malware that could give someone the ability to watch them at their leisure that bothers me. I dont like thinking about it re myself, and i have an Android phone.

Why dont microsoft tell us how safe it is? Bizarre!

 

[gpobernardo]

I believe this was highlighted, but it was done so a long time ago when Windows Phones were just starting. :smile:

Don't worry, there are no known malware apps for Windows Phones. Even if a malware is forcefully downloaded into the phone (e.g. by downloading it onto an SD Card and then inserting that SD Card into the phone), that malware won't be able to run because 1) it needs the consent of the user to run (which malwares don't ask), 2) unsigned codes/apps/programs do not make their way to the Store, 3) Windows Phones are implementing Sand Boxing technology which prevents third party apps from interfering or communicating with other third party apps (unless explicitly allowed by Microsoft) so malware can't just begin extracting information or attacking the OS at random.

But.... anyone with a browser nowadays can watch anything; you don't have to have a malware installed to "search" for "certain websites". Good thing, Windows Phones have a neat feature called "Smart Screen Filter" which filters out age-inappropriate and potentially unsafe content from generic web searches. So even if someone searches for a sensually-suggestive subject matter, with that filter on, the results that will be returned will be safe for "viewers of all ages".

I believe you would find the windowsphone.com website especially useful and informative. If what you find there looks attractive and sensible, you may even want to consider switching over to Windows Phones yourself - in harmony with your children, setting up Family accounts, and more.


But if I may, I'd caution you against the Lumia 535 - there have been known and relatively persistent hardware issues with that particular model, such as the touch screen, ambient light sensor, GPS antenna reception and signal quality. The other Lumia models are fine. :smile:

 

[krugersystem]

Thanks a lot for the help - really useful!

 

[krugersystem]

As an aside, with recent reports in the last couple of years, do you ever wonder/worry about who official, but yet unofficially may be looking in? Gathering info? Passwords? Banking details etc?

Only since i started researching this have i read such issues and its mind boggling!!

 

[gpobernardo]

In the realm of technology, "the last couple of years" may not exactly be "recent". :smile:

But yes, I've been concerned once or twice about who may be seeing what information I put in my devices, especially in the new Windows 10 (for PCs). But for Windows Phones, I'd say the greatest risk would be in connecting to unsecure public Wi-Fi hotspots where a third party could potentially sniff out some of the data being transferred through their network. For that, there are VPN settings to make Internet connection more secure, a standard which almost every Internet capable device today has.

In summary, in general, whenever I perform sensitive transactions online, whether through my PC or through my Windows Phone, I make sure I use a known and trusted web browser (such as Edge, Internet Explorer, Chrome) that would authenticate and show the authenticity of the websites I'm visiting - usually by showing me a security-related icon (padlock) in the URL box. This way, I know the connection I have with their servers is encrypted. Next, I use a VPN to add an extra layer of security to my transactions in cases when it is unavoidable to make such transactions in public areas.

There are many threats, but the means to protect ourselves against them are even simpler - just make sure the connection is secure. Besides, unless the user is a billionaire, chances are that nobody would waste their time attacking or hacking his or her accounts.

 

[krugersystem]

So...correct me here, if access to the wifi were possible connection to the phone and remotely controlling cameras, stealing files, bank details from phone becomes then possible - or is the phone itself and its contents and functions still secure?

Also, re hacking in (sorry to be a bore) would it not be mandatory that microsoft/phone operator give access to security services/governments at any given time? Ie can they just log into our phones and control our devices at will?

Obviously, if (if!) this were a risk, surely they would need to target device to device manually as i dont think its like the issue yahoo had with users webcams.

Sorry - reading up has really astonished me!

 

[gpobernardo]

Here's what I've understood on how Windows Phones work: basically, nothing runs without the permission of the user. Hence, nothing gets extracted from the phone without the user's consent. Simply: a stranger can't get candy from a child if the child says no (user consent)... if the child throws that candy (or a copy of it) in open air to give to another child (unencrypted connection), then the stranger can simply catch it... but if the same child throws that candy through a thick metal pipe directly to the other child (encrypted connection), then the stranger knows that something is going on but he won't even have an idea what was thrown, when it was thrown, or if it was thrown at all. So, two things must happen for the stranger to get the candy: 1) the child must throw the candy (user consent) and 2) it must be thrown in open air (unsecure, unencrypted connection).

The sniffing off information in public WiFi doesn't happen "automatically". The risk can only exist during the process when the user is sending, i.e. with the user's knowledge and consent, the information to be stolen, e.g. while logging into an unsecure/phishing website or through an unencrypted connection (without the padlock sign in the URL box).

Hence, even if the phone was connected to a certain WiFi router/hotspot, the information in a Windows Phone can't simply be accessed remotely without the user's consent. The camera can't be remotely activated (unlike the recent Android bug), files can't be copied, personal information can't be stolen... all without the user's consent. To illustrate the difficulty, an app that is already installed on the phone can't even access these information without the user's consent (they can't modify, copy or even communicated with other installed apps on the same phone), so access from a remote location outside the phone should even be more difficult. Another illustration is if the user forgets his or her lock screen password, all his or her files in his or her phone can no longer be accessed. So if a Windows Phone gets stolen, the thief won't be able to do anything with it. In addition, the user can simply go to his or her Windowsphone.com account and remotely wipe the contents of that phone, or lock it if it goes missing for example.

In the user agreement, Microsoft (and the two other main competitors) have reserved the right to provide user information to governments when mandated by the government, e.g. when the user faces a criminal case and the government needs evidence or information from Microsoft. BUT, that doesn't give governments the ability to control our devices at their will. This creepy scenario hasn't been observed yet, although given the Sand Boxing technology in Windows Phones that controlling thing is highly unlikely. Not even Microsoft can do that.

Ip-based webcams are a different case. They are usually connected through an unsecure, unencrypted and unprotected connection, that's why they can be accessed remotely via the web... but simply adding a password to the network blocks that from happening again.

The text might be long. In short, Windows Phones are secure. I won't say they're the safest devices out there (probably they are), but I'd say the level of security implemented on Windows Phones is high enough to keep the majority, if not all, of its users at peace. I had a multiple-page document detailing the security specifications implemented on Windows Phones... it's basically like a fortress, fortified several times and there's only one way to get in.

 

[krugersystem]

Whats an lp based webcam?

 

[krugersystem]

Ignore that - i see now.
But Ip camera wont be whats in the phone surely? If so all and sundry in theory could remotely access after all?

Sorry - im really not clued up!

And why do i keep accessing news reports telling me we can be watched through our phone cameras seemingly easily, and that whistleblower chap said it himself....most frustrating! I draw the curtain at night so nobody can look at me, its natural to want privacy i think.

Sorry if im asking a lot/boring you

 

[gpobernardo]

No problem, you're welcome. :smile:

An IP-camera and the camera in Windows Phones are different in terms of security and in a lot of ways. In Windows Phones, nothing runs without the user's permission/consent. So, nothing can make the camera start recording or take pictures without the user allowing it. The cameras in Windows Phones cannot be accessed remotely. There's even an article with the enticing title "how to hack a windows phone", dated in 2013... but the reader will find that the article means the exact opposite of what the title implies - the truth is that it not possible to hack a windows phone because of the security features implemented on it, something not all IP-cameras have.

Those news reports may be outdated - check the dates. Also, those reports most probably are referring to Android phones - there has been a recent and confirmed bug with Android phones that allowed remote access to the camera even without the user knowing. But here are two things to remember: 1) those are not Windows Phones; 2) that bug in Android phones has already been fixed/patched by Google.

Side note: certain news articles are designed to be catchy, so the writers needs to make their content interesting, usually by making their topic look relevant and important, even if it already borders on being deceptive. Such articles include unverified leakages (of upcoming phones, features, OS, etc.) and undated or not-updated issues, i.e. by simply not telling the users that a problem has been patched so their article would get more views since it stirs up panic in the reader, or just by not putting a date on the article (imagine not seeing a date? Something that has been fixed ten years ago may still seem unfixed ten years from now just because the date was omitted!). That way, their site gets more traffic and they would potentially earn more. I'd stay away from sites that don't tell anything conclusive.

Bottom line: given the current technology, Windows Phones can't be hacked. Windows Phone users are safe from malicious activity, both externally (hacking) and internally (viruses). And as technology progresses, our high-tech companies, including Microsoft, will surely be upgrading the security features possibly faster than they can be broken.

 

[krugersystem]

Thanks - useful info again. You seem quite a technical guy, and im just trying to look at what-if scenarios rather than create a conspiracy theory lol. I get that they cant be hacked - thats understandable, but what if we as users arent being told that Microsoft are allowing a way in for security agents and the like? To bypass the user consent part at least, to act like the owner. With windows, are applications not at all able to run in the background? Ie if i was watching a video, i couldnt have a calculator open too? I get that with my Android and it drives me crazy because im seemingly always having to manually shut things down - that would attract me to Windows Phone in itself, it makes my phone run slow and uses battery to have several applications open when im not using them.

Having said that the probability of one specific phone, unless targetted directly (im assuming on any type of phone these attacks need to be targetted one at a time as opposed to a blanket surveillance method as you need to access each phone seperately to turn functions like cameras and mics on on each device, rather than enter a chat room and grab all who may be on webcam etc) with millions upon millions of handsets also out there being spyed on would be tiny.

Also, and sorry, some of these articles seem to suggest that programs exist whereby camera activity is sensored by motion which then sends whoever an email informing them that xxx is active, go look sorta thing....i dont get that, its surely driving hysteria, surely if that were the case on say an Android device, i know well enough from my own that if the camera were running and recording my battery life would be non existant haha.

Its amazing what stuff people will put out there!

Lots of questions - but i think by answering me you are selling me a WP yourself!! Im not crazy paranoid, i just really like my privacy and the freedom of not being watched in my own home.

 

[Pete]

Put simply, Windows Phone itself isn't easily hackable, and there's no reported cases of this happening. Some people have managed to get in and tinker with the OS, but in order to be vulnerable to that, you (as the owner of the phone) needs to go through some technical steps to open the phone up and then let a hacker gain physical control over it. Even with access to the OS, your data is pretty safe due to the way the system is partitioned. The effort involved in doing this simply isn't worthwhile. It's easier for any hackers to target other operating systems.

The hacking method that is possible is that someone will be able to scan your network traffic. It's technical, and you need specialised equipment and software, but it's possible. You can protect yourself as much as possible by using secure WiFi. Banking and other financial websites/apps that you use on your phone will have further protection of SSL. Data that Microsoft syncs as part of backup/email/etc. is also encrypted.

Personally, I don't use the free WiFi offered by coffee shops etc. They typically offer lower security protocols (or just leave them open).

No one is going to be watching you. The security agencies doesn't scan the entire world like the do in films.

 

[gpobernardo]

Agreed with Pete. Hacking into a Windows Phone itself is highly improbable that it becomes almost impossible; the technical difficulty of hacking into one is more than enough to stop most hackers from even trying. The only vulnerable point is through unsecured networks, but banking/financial websites, as well as the data Microsoft collects, are always encrypted so those sensitive information are safe.

Technical? Sort of :wink: , but these topics can indeed easily become highly technical in order to provide all the satisfactory information a reader may need. I've found the file in my PC about an Overview of Windows Phone 8.1 Security, and although it's just an overview it is 25 pages long. Here's the link to the file for reference.

Security is truly one of the main selling points of any smart phone manufacturing company, and if 25 pages' worth of text (well, actually only 24 pages since the first page is just the Title) detailing just that isn't convincing enough, then the absence of reports of Windows Phones actually being hacked remotely should nail it. I'm not convincing you to switch to WP, but if the facts are inviting enough then you (and your children) will be always welcome here at Windows Central (enjoying your new Windows Phones). :wink:

 

[krugersystem]

Thank you both. I'll ponder over this but i cant see me keeping to Android.

Cheers!

 

[Pete]

No problem.

But aside from the security considerations, there's also personal choice to take into account. Kids (ands more than a few adults) are especially prone to peer pressure and like to share the same experiences where it comes to technology. There may be a case of you issuing Windows Phones to your kids and this causing issues when one of the key apps that their friends use isn't on Windows Phone. Asking such questions as "Why do you want to send photos that disappear two seconds later?", or "What's so important about Candycrush Farmville Minions anyway?" doesn't really cut much ice....

 

[krugersystem]

Haha - thats true. But....sometimes in life we have to go without, eh?