Windows Phone not affected by smartphone exploit

A few days ago, the newly launched software security firm CrowdStrike announced that it had found a flaw in Android-based smartphones. The firm claims that the flaw would allow hackers to take over an Android smartphone just by getting the phone's user to click on a link in an email which would then begin the infection process.

Now there's word that CrowdStrike has shown that the flaw will work on all smartphones that use web browsers based on the Webkit browser engine. That includes all iOS devices as well as Blackberry smartphones.

However, the mobile OS that isn't affected by this flaw is Microsoft's Windows Phone. According to ZUnited.com, this is due to Microsoft using their own browser engine for Windows Phone rather than Webkit. CrowdStrike CEO George Kurtz has reportedly confirmed this with the web site.

Kurtz will reportedly be demonstrating this smartphone flaw tomorrow at a computer security conference. However, at the moment there doesn't seem to be anything that users can do except to wait until Google, Apple and Research in Motion issue OS updates that fix this flaw. Of course, they can also choose not to click on every email link that is sent to them. So far, Google, Apple and RIM have yet to comment about CrowdStrike's claims.

Report a problem with article
Previous Story

Study finds open source is slightly better than closed source software

Next Story

Microsoft: financial info exposed in Microsoft India Store cyber attack

15 Comments

Commenting is disabled on this article.

Meph said,
So does this mean you'd also be safe using Firefox for Android and Opera Mobile?

Nah, not really. Afaik, all apps (including the Market itself) still utilize the built-in browser to show content from the internets.

cralias said,

Nah, not really. Afaik, all apps (including the Market itself) still utilize the built-in browser to show content from the internets.

Not on Android / iPhone

Razorfolds said,

Not on Android / iPhone

Pardon. Indeed they don't.
However, don't they still use portions of Webkit code to fetch and display web-based stuffs then?

cralias said,

Pardon. Indeed they don't.
However, don't they still use portions of Webkit code to fetch and display web-based stuffs then?

Not on Android. They aren't available on iOS, though.

Well, thank you, that's pretty obvious, Captain, isn't it? Good thing there's just "word on it" from whichever dip**** on the internets and CrowdStrike hasn't actually said that.
On WP there's a different program, different system, different kernel altogether, like everything from MS has been since the beginning of time!

Maria Mari said,
thats great thx for ur answer ...i cant wait too..i will stay i wake all night

it's coming out 9 AM EST, so I'll wake up an hour or so earlier

Looks like I can click safe in Windows Phone.

Of course, it's pretty obvious it won't affect Windows Phone if it's a Webkit-based bug, any geek worth their title knows IE runs on the Trident Engine.