07-14-2016 08:50 AM
43 12
tools
  1. buddy007's Avatar
    Hello all,
    I just upgraded my sister's lumia 730 from WP8. 1 to Windows 10 mobile. I hard reset the phone after upgrade so it would be a smooth ride without the 8.1 junk. Now after the upgrade, if I open any non SSL site i.e http sites, for example, gsmarena.com, pocketnow.com, etc, the site loads and after a couple of seconds it redirects to ad site. No matter how many times I tried, it always redirects.
    At this point I hard reset the phone again, but it is still the same. I am absolutely unable to browse the Web without. t it redirecting to an ad.
    Anyone experienced this before? Any solution? I put her on release preview ring, current version is 10586.420
    Note: I've tried this on mobile data too and the end result is the same.

    Posted via the Windows Central App for Android
    Demian Mioc likes this.
    07-10-2016 04:42 AM
  2. Timbre70's Avatar
    Uninstall the browser and reinstall.

    Were you using uc browser?
    07-10-2016 04:58 AM
  3. mtiede's Avatar
    You might try deleting all the browser tabs.
    07-10-2016 05:41 AM
  4. Maurizio Troso's Avatar
    Hello all,
    I just upgraded my sister's lumia 730 from WP8. 1 to Windows 10 mobile. I hard reset the phone after upgrade so it would be a smooth ride without the 8.1 junk. Now after the upgrade, if I open any non SSL site i.e http sites, for example, gsmarena.com, pocketnow.com, etc, the site loads and after a couple of seconds it redirects to ad site. No matter how many times I tried, it always redirects.
    At this point I hard reset the phone again, but it is still the same. I am absolutely unable to browse the Web without. t it redirecting to an ad.
    Anyone experienced this before? Any solution? I put her on release preview ring, current version is 10586.420
    Note: I've tried this on mobile data too and the end result is the same.

    Posted via the Windows Central App for Android
    Relax, Win10M can't be attacked due it's own closed nature. You got the classic redirect link. It's due to a dirty chronology / past infected site visited, whic pop ups every site you take.
    Go to Settings, advanced, Clean cache, cookies, chronology, everything, then reboot phone.

    A nice workaroud I use everytime for not closing my session is tapping back fast, faster than redirector ;)
    In some rare case, I simply tap X (STOP) and rewrite the site name I was visiting.
    It works on pc too ;)

    Hope next Edge mobile versione will came with ad block extension, as desktops
    07-10-2016 10:59 AM
  5. thron's Avatar
    I haven't seen this on my own phone, but I'm curious how this occurs.. is it an infected cookie? What causes it to give the appearance of an infection?
    I don't fully buy that W10 Mobile is impenetrable, because nothing is "hack proof," if someone wants in badly enough, they can get in to anything.
    Tom Snyder and Timbre70 like this.
    07-10-2016 03:39 PM
  6. PGrey's Avatar
    Yep, W10m isn't closed, iOS is FAR more closed, by comparison.
    Think about it, I can install an app/driver for my XYZ widget, that someone makes for W10m, which means you have the same right to grant someone privledge to install almost anything at kernel level.

    The low-installed base is a help here though, it's probably not very interesting for someone to go to the bother. However, the Universal Windows app model may change this. In the same way it's opening up app development, it may also open up exploits...
    07-10-2016 08:51 PM
  7. EspHack's Avatar
    I haven't seen this on my own phone, but I'm curious how this occurs.. is it an infected cookie? What causes it to give the appearance of an infection?
    I don't fully buy that W10 Mobile is impenetrable, because nothing is "hack proof," if someone wants in badly enough, they can get in to anything.
    it probably has more holes than the other two for the same reason it is regarded as secure: no one is looking into it

    obviously it is not impenetrable, but you have to wonder, if there ever was a person hacked directly thought his windows phone in any news worthy fashion, man, that was some serious hacking, you would need to be such a threat they would be willing to do anything
    thron likes this.
    07-10-2016 09:24 PM
  8. hprvez's Avatar
    Yep, W10m isn't closed, iOS is FAR more closed, by comparison.
    Think about it, I can install an app/driver for my XYZ widget, that someone makes for W10m, which means you have the same right to grant someone privledge to install almost anything at kernel level.

    The low-installed base is a help here though, it's probably not very interesting for someone to go to the bother. However, the Universal Windows app model may change this. In the same way it's opening up app development, it may also open up exploits...
    Everything you wrote is wrong or very wrong
    07-11-2016 04:59 AM
  9. Maurizio Troso's Avatar
    I haven't seen this on my own phone, but I'm curious how this occurs.. is it an infected cookie? What causes it to give the appearance of an infection?
    I don't fully buy that W10 Mobile is impenetrable, because nothing is "hack proof," if someone wants in badly enough, they can get in to anything.
    Sandbox design by zero. Other mobile o.s. are designed more like an onion. More, in droids, most of users jailbreak their phones
    Chintan Gohel likes this.
    07-11-2016 05:57 AM
  10. Kevin Rush's Avatar
    Sandbox design by zero. Other mobile o.s. are designed more like an onion. More, in droids, most of users jailbreak their phones
    Respectfully, what are you trying to say? I really want to know. (Are you on a flip phone and your carrier charges you for every letter you type?)
    07-11-2016 07:33 AM
  11. Maurizio Troso's Avatar
    (Are you on a flip phone and your carrier charges you for every letter you type?)
    LOL

    My old english teacher must spinning in his grave!

    I was tryin to say Windows 10 was designed by zero with a sandbox structure, different by iOs and Android made in concentric structure (like an onion) + thousand external subroutines.

    I used a primitive language for sayin a complex thing :D
    07-11-2016 07:46 AM
  12. PGrey's Avatar
    Everything you wrote is wrong or very wrong
    Okay, then explain *exactly* how malicious code is prevented from being published in the store?
    I can publish a utility, and obtain a driver cert, and as long as it matches my "company", and meets certain guidelines, I'm allowed to publish.

    While this makes it *appear* closed, it's really not that hard to circumvent, if someone decides the attack surface is sufficient.
    Chintan Gohel likes this.
    07-11-2016 01:09 PM
  13. Krystianpants's Avatar
    Does it happen on your wifi at home? What about on cellular data? Sometimes wifi routers are hacked and cause redirections. Sometimes a worm on an old pc can spread to the wifi router as there have been many exploits found for typical routers. Having WPS enabled on a router is the worst thing you can possibly do.

    If you hard reset and you don't restore any backups and this happens then you need to look at the network.
    Chintan Gohel likes this.
    07-11-2016 02:18 PM
  14. Demian Mioc's Avatar
    This stuff is real, thank god for Opera mini browser and its adblock. Edge mobile sucks without extensions.
    Timbre70 likes this.
    07-11-2016 05:21 PM
  15. Jazmac's Avatar
    Wow. He didn't come back.
    07-11-2016 08:33 PM
  16. PGrey's Avatar
    Does it happen on your wifi at home? What about on cellular data? Sometimes wifi routers are hacked and cause redirections. Sometimes a worm on an old pc can spread to the wifi router as there have been many exploits found for typical routers. Having WPS enabled on a router is the worst thing you can possibly do.

    If you hard reset and you don't restore any backups and this happens then you need to look at the network.
    That's interesting, the router wouldn't have occurred to me, but it makes perfect sense. I bet buffer overflows are pretty common in unchecked router code, given the packet issues and such. There's a lot of alignment being managed, and I'm sure they're try to squeeze every last bit out of transfers.
    I would hope the larger manufacturers would run at least basic code checks on their firmware work, but if you're writing some routines in assembly to optimize, then there's not much that I know of in terms of scanning tools...
    07-11-2016 09:06 PM
  17. Iain_S's Avatar
    yes completely wrong, they test all 3 for exploits and hacks and security bugs each year for money. Windows Phone has never been hacked to my knowledge.
    Maurizio Troso and Kevin Rush like this.
    07-11-2016 11:27 PM
  18. Timbre70's Avatar
    Nobody bothered due to small or near non-existent market share.
    Demian Mioc likes this.
    07-12-2016 12:04 AM
  19. PGrey's Avatar
    It's never been hacked for the last reason here (to my knowledge either), lack of market share, as per the last comment.
    Trust me, I've test-signed drivers (for driver-test purposes), and you could get a signed driver in, as part of a "utility" or similar, if you were motivated.

    Absolutely, you couldn't use a current, known compromise, as that would be caught by a scan. But, you could write a new exploit, and once coded, compiled in, it wouldn't get caught, by any scan, since the signature wouldn't match a known issue.

    Will it happen, probably/hopefully not.
    As things get more sandboxed, the likelihood will go down, eventually.

    That said, if someone really wants to exploit, they'd probably go with Android.

    If you think they can test-scan for new/unknown exploits, please explain the technical details, I'm curious...
    07-12-2016 02:22 AM
  20. Maurizio Troso's Avatar
    That's interesting, the router wouldn't have occurred to me, but it makes perfect sense. I bet buffer overflows are pretty common in unchecked router code, given the packet issues and such. There's a lot of alignment being managed, and I'm sure they're try to squeeze every last bit out of transfers.
    I would hope the larger manufacturers would run at least basic code checks on their firmware work, but if you're writing some routines in assembly to optimize, then there's not much that I know of in terms of scanning tools...

    That's an old iussue, exploded on news magazines last year, there was a check site checking if a simple malicious site could change + redirect DNS router.
    Most of producer released new firmware, and there was a workaround in 3 steps which did one thing all routers SHOULD got since out-of-the-box: closing all checking backdoor remote tools except the main menu.

    That are useful tools for advanced users, but completely unknown to the averages
    07-12-2016 02:38 AM
  21. KimRM's Avatar
    Okay, then explain *exactly* how malicious code is prevented from being published in the store?
    I can publish a utility, and obtain a driver cert, and as long as it matches my "company", and meets certain guidelines, I'm allowed to publish.

    While this makes it *appear* closed, it's really not that hard to circumvent, if someone decides the attack surface is sufficient.
    It's not only "guidelines". You have to declare what you want to have access to in the apps manifest. If you don't it won't have access. The apps are tested based on what you declare before they get to be published in the Store.
    07-12-2016 03:46 AM
  22. Pete's Avatar
    Nobody bothered due to small or near non-existent market share.
    This is not entirely true. The guys over on XDA (and other places, I'm sure), have tried. They're intelligent guys and some of them would love to be able to prove a vulnerability in Windows Phone. There has been some hackery on dev unlocked devices, there's been no case where any vulnerability can be crafted to attack a "normal" user.

    Windows Phone has a reputation for being secure, and any cracks in that armour would be quickly and widely reported. I've never yet seen such a case beyond simple DNS redirection (as in this thread) and phishing attempts.
    07-12-2016 04:10 AM
  23. Krystianpants's Avatar
    That's interesting, the router wouldn't have occurred to me, but it makes perfect sense. I bet buffer overflows are pretty common in unchecked router code, given the packet issues and such. There's a lot of alignment being managed, and I'm sure they're try to squeeze every last bit out of transfers.
    I would hope the larger manufacturers would run at least basic code checks on their firmware work, but if you're writing some routines in assembly to optimize, then there's not much that I know of in terms of scanning tools...
    Yah I read an article not too long ago how many home routers are susceptible to different exploits. Even allowing remote access by crafting a packet in a very specific way that leaks into other memory locations and allows configuration information to be sent in the packet.

    Nobody bothered due to small or near non-existent market share.
    Well Mac OSx has had the most vulnerabilities even though it's a small market share. If they were exploited or not is tough to say. But since it is based on microkernel approach of *nix and nix has a huge amount of vulnerabilities which even travel to android, it's possible. But Apple is quick to patch things up while android isn't. There's still some out in the wild that Google won't even fix because they can't. But they usually are fine if the devices aren't rooted.

    Anyways, I don't know about windows 10. But there was a hackathon trying to get into ios/android/windows phone. The others they were able to get full permissions pretty quickly while on windows phone 8 the most they got were cookies from the browser and they couldn't get anything beyond that. And these people prepare before hand as there are big prizes and such.

    Who survived this three-way hackathon: Android, iOS, or Windows Phone? | SciTech | GMA News Online
    Saijin_Naib likes this.
    07-12-2016 08:44 AM
  24. Krystianpants's Avatar
    It's not only "guidelines". You have to declare what you want to have access to in the apps manifest. If you don't it won't have access. The apps are tested based on what you declare before they get to be published in the Store.
    Exactly and then on top of that MS signs the application. And even if you publish something malicious it is contained in its own virtual environment and within a randomly generated memory location. So the worst you could do is get someone's contacts if they allow you permissions. Anything the app tries to do outside of the scope of what the user allowed won't work. Plus users can restrict it even further in privacy settings.
    07-12-2016 08:48 AM
  25. PGrey's Avatar
    Everything you wrote is wrong or very wrong
    This is really constructive, maybe support your statement, with facts?
    I can tell someone they're wrong all day, but wouldn't do so, without facts/evidence to back it up, it's mostly just offensive, and I'm pretty thick-skinned, particularly when it comes to forums.

    I used to work on mini-drivers for testing facets of windows, granted it was mostly back in the Win7, and before, some win8, but then dating way back, to the early Windows days.

    I'm reading some more about the new SecureBoot mechanism (TrustedBoot/MeasuredBoot), but I'm still not all that convinced, it seems like this fails, if you get an app/driver published. They would measure against a known-good quantity, which if installed, would potentially just verifying a driver or similar was working fine.

    Provide *some facts*, as to what's in place, to prevent someone from getting an app/driver signed in this scenario.
    I'm not saying this is easy, or likely, and I certainly hope it never happens, but I don't think turning a blind eye with a low-install/attack surface product is necessarily good either.
    07-12-2016 11:03 AM
43 12

Similar Threads

  1. ONE DAY ONLY Surface 3 LTE Bundle on QVC $700
    By RumoredNow in forum Expired & Archived Deals
    Replies: 3
    Last Post: 07-13-2016, 04:38 PM
  2. Will the mobile branches ever merge?
    By Schnuffi in forum Windows 10 Mobile
    Replies: 10
    Last Post: 07-12-2016, 02:46 AM
  3. Lumia icon t-mobile no pictures in messages
    By wp8-1 in forum Ask a Question
    Replies: 7
    Last Post: 07-11-2016, 10:11 PM
  4. Microsoft 950 extreme battery drain on new phone, what could the problem be?
    By Windows Central Question in forum Microsoft Lumia 950
    Replies: 3
    Last Post: 07-10-2016, 09:00 AM
  5. Why isn't my Windows 10 store not working?
    By Windows Central Question in forum Windows 10
    Replies: 1
    Last Post: 07-10-2016, 02:04 AM
LINK TO POST COPIED TO CLIPBOARD