Is it possible for a malicious website to change phone's settings without any user interaction?

[factor828]

Hello,

I own a Nokia Lumia 635 running Windows Phone 8.1. Recently I have grown concerned about the malicious redirect ads that have become a plague on smartphones. What I would like to know is if using cellular 4G data (not WiFi) it is possible for a malicious site, after being redirected to it by redirect ads placed on a legitimate webpage, to access and change my phone's settings like DNS server address, proxy etc. on its own, without any interaction on my site? I have not found any way to view my current DNS settings for mobile data connection so it seems that there is no way for me to make sure that everything is in order.

I am asking because I very often use this phone to tether the internet connection to my notebook where I access my mail, banking sites etc. and I am concerned about safety of such connection, e.g. being a victim to DNS spoofing, having my passwords stolen and so on.

I appreciate any answers concerning this matter. Thank you!

 

[Chintan Gohel]

Viruses or any malicious entity cannot affect your phone or phone settings by virtue of it being a windows phone'

however, when you tether, the malicious entities can affect your pc if it does not have adequate protection

As a suggestion: on your pc, use a browser where you can install an ad blocker - ad blockers are quite effective in stopping those redirect ads from happening
Second is to get a good anti virus, you can use the default windows defender that comes in the pc or you can get one like Kaspersky or BitDefender
Third is to get a good anti malware program such as super antispyware
Fourth - try to right click and open in new tab instead of just clicking on them - most redirect ads don't open when right click option is used

Best solution is of course to try to avoid visiting those sites completely - you won't get viruses from visiting edx.org or wikipedia or facebook. But you can get from sites where illegal stuff is hosted

 

[factor828]

Viruses or any malicious entity cannot affect your phone or phone settings by virtue of it being a windows phone'

however, when you tether, the malicious entities can affect your pc if it does not have adequate protection

As a suggestion: on your pc, use a browser where you can install an ad blocker - ad blockers are quite effective in stopping those redirect ads from happening
Second is to get a good anti virus, you can use the default windows defender that comes in the pc or you can get one like Kaspersky or BitDefender
Third is to get a good anti malware program such as super antispyware
Fourth - try to right click and open in new tab instead of just clicking on them - most redirect ads don't open when right click option is used

Best solution is of course to try to avoid visiting those sites completely - you won't get viruses from visiting edx.org or wikipedia or facebook. But you can get from sites where illegal stuff is hosted

Thank you for answering!

Of course I am aware of and use ad and script blockers on my PCs but I think that they would not help much if my DNS was poisoned and I landed on a spoofed page in the first place, hence my question. I have read that routers can have their DNS settings altered by malicious software and wanted to know if the same was possible with a phone acting as a router when tethering but from your answer I guess the chances of this happening silently are slim, right?

 

[Chintan Gohel]

Thank you for answering!

Of course I am aware of and use ad and script blockers on my PCs but I think that they would not help much if my DNS was poisoned and I landed on a spoofed page in the first place, hence my question. I have read that routers can have their DNS settings altered by malicious software and wanted to know if the same was possible with a phone acting as a router when tethering but from your answer I guess the chances of this happening silently are slim, right?

right - I've never heard of that happenning

 

[jmshub]

Thank you for answering!

Of course I am aware of and use ad and script blockers on my PCs but I think that they would not help much if my DNS was poisoned and I landed on a spoofed page in the first place, hence my question. I have read that routers can have their DNS settings altered by malicious software and wanted to know if the same was possible with a phone acting as a router when tethering but from your answer I guess the chances of this happening silently are slim, right?

While it's not likely to happen, I could see how malware could change router settings. All home and office grade routers are configured from a web page. If you were logged on to the router for any reason, malware could hijack that session, and inject changes into the router.

Your phone's browser is in a sandbox that isolates it from other processes running on the phone. Malware would have to break through that sandbox to actually get into the settings of the phone.