0

How secure is the windows phone in protecting against professional hackers? Is buying one a bad idea now that Microsoft is "scaling down" its mobile phone business (and perhaps devoting less resources to providing security fixes and updates, etc)? Should the lack of third-party security apps to be a concern, or is the OS so hardened that it isn't worth it?

Not worried about people with physical access to device, or NSA, or authorities, etc.

lasdfasf
  • 21
  • 2
  • Never had one, never looked at one in detail, so this is a random fallacy (and a comment not an answer). A simple `nmap` scan of the wireless network in my department revealed 5 windows phones, each has 3-4 open TCP ports that talk HTTP. They return 403 to pretty much everything I send, but if someone knows what to send (or reverse engineer the phone) you may be able to get some (personal) info out of it, and quite easily at that. – grochmal Sep 23 '16 at 02:50
  • Unfortunately, this is a really broad and opinion-laden set of questions. It will be hard to give you hard facts to the questions you've asked. – schroeder Sep 24 '16 at 21:11

1 Answers1

2

The Windows Phone 10 platform is the most secure of all of the current mobile platforms and the only one (last time I checked) that has no known external vulnerabilities (e.g. no way to break into a phone without the passcode).

I've been speaking to Microsoft regularly about the platform as we have over 4,000 WP10 devices deployed. The software continues to be actively updated but they seem to have had some issues with hardware channels. It is widely anticipated that there will be some announcements at Ignite at the end of the month and HP already announced a flagship device.

Windows Phone is actually pretty popular with enterprise and public sector customers, particularly in the EU. Helped by aggressive pricing and integration into the Windows platform.

It may be that part of the reason for scaling back on the division is that the platform is more unified than it has even previously been, hard to say for sure.

In terms of security, I have no current specific concerns beyond the usual mobile platform issues of rogue apps in the appstore. We are seeing very few security issues on the platform though that may be somewhat due to the limited market penetration.

As far as I am aware, there is no known malware currently for the platform and it has multi-layered security features described here including a hardware TPM chip. In addition, several WP devices have achieved FIPS140 and/or Common Criteria certification.

Microsoft's primary market right now for Windows Phone is government and large enterprises. What ever else you may think about them, they are very good at ensuring they protect these markets and so security features and certifications (for proof) are very much central to both their device and service strategies.

So I am not worried especially about the current state, the OS is clearly still under active development and is a key part of their Windows everywhere strategy so whatever other troubles it may have, I don't see it going away in a hurry and Microsoft are not going to compromise their key markets with poor security (well not deliberately anyway!) so that, at least, should be no barrier for continued adoption.

And no, I don't work for them!

Julian Knight
  • 7,092
  • 17
  • 23