Microsoft is adding a kill switch to Windows Phone

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

vetran replied

20 June 2014, 12:13
Originally posted by wonderboy View Post

It's written in a C-based language (with the concomitant buffer overflow vulnerabilities). That means there will be an exploit that bypasses such checks.

if the phone is programmed with an individual private key only the factory & network know and the routine that does it isn't exposed uses this hard coded key then the risks are less.
Leave a comment:
scooterscot replied

20 June 2014, 11:47
They've had that for years. Press this:

And in a few minutes this:
Leave a comment:
wonderboy replied

20 June 2014, 11:43
Originally posted by vetran View Post

indeed it does, however the sensible thing to do is to make the networks support it with commands normal people can't use. I expect Microsoft will think of such things, they hire some bright kids.

I'm assuming it would be linked to IMEI, subscriber and serial / phone number so any hacker would need all for each phone.

It's written in a C-based language (with the concomitant buffer overflow vulnerabilities). That means there will be an exploit that bypasses such checks.

Last edited by wonderboy; 20 June 2014, 11:47.
Leave a comment:
Sysman replied

20 June 2014, 11:09
Originally posted by amcdonald View Post

So Cryptolocker will shortly be arriving on smartphones

Android is already "The Windows of the mobile world" in terms of being targeted by malware. One nasty trick out there is knobbliing installers for reputable apps to include nasties.

The antivirus offerings for it are pretty weak too.
Leave a comment:
vetran replied

20 June 2014, 10:54
Originally posted by wonderboy View Post

Actually the failure-mode I was thinking of was simply someone hacking the system and issuing an ecosystem-wide kill command. At that point, the fact you can return your phone to a dealer becomes moot.

indeed it does, however the sensible thing to do is to make the networks support it with commands normal people can't use. I expect Microsoft will think of such things, they hire some bright kids.

I'm assuming it would be linked to IMEI, subscriber and serial / phone number so any hacker would need all for each phone.

Last edited by vetran; 20 June 2014, 11:04.
Leave a comment:
xoggoth replied

20 June 2014, 10:34
You can easily stop crypto locker or other malware affecting your phone by keeping it wrapped in tinfoil.
Leave a comment:
wonderboy replied

20 June 2014, 10:19
Originally posted by vetran View Post

If its an immobiliser that can be reset by returning to a dealer it will work like car keys (until someone builds a tool to reset but hopefully that will be after the phone's value has fallen).

A new theory of crime: Driven down | The Economist

Actually the failure-mode I was thinking of was simply someone hacking the system and issuing an ecosystem-wide kill command. At that point, the fact you can return your phone to a dealer becomes moot.

Last edited by wonderboy; 20 June 2014, 10:21.
Leave a comment:
vetran replied

20 June 2014, 10:16
If its an immobiliser that can be reset by returning to a dealer it will work like car keys (until someone builds a tool to reset but hopefully that will be after the phone's value has fallen).

A new theory of crime: Driven down | The Economist
Leave a comment:
wonderboy replied

20 June 2014, 10:11
Originally posted by amcdonald View Post

So Cryptolocker will shortly be arriving on smartphones

Reading the Wikipedia article on this trojan. I love the fact that a newer variant was released by the creator with the ransom adjusted down "to reflect the fluctuating value of Bitcoin".

CryptoLocker - Wikipedia, the free encyclopedia
Leave a comment:
CloudWalker replied

20 June 2014, 10:03
oh dear, this will be exploited at the first chance....
"pay me $10000 BTC or I'll wipe all your phones"
Leave a comment:
amcdonald replied

20 June 2014, 09:59
So Cryptolocker will shortly be arriving on smartphones
Leave a comment:
wonderboy replied

20 June 2014, 09:57
Originally posted by d000hg View Post

You mean the thing iPhone already has, which hasn't led to massive problems?

Two things:

1. This is will be based on Microsoft technology and not NeXT.
2. The Apple kill switch can be bypassed by a factory reset (and so it is essentially useless).

Last edited by wonderboy; 20 June 2014, 10:24.
Leave a comment:
d000hg replied

20 June 2014, 09:55
You mean the thing iPhone already has, which hasn't led to massive problems?
Leave a comment:
wonderboy started a topic Microsoft is adding a kill switch to Windows Phone

20 June 2014, 09:54
Microsoft is adding a kill switch to Windows Phone

Potentially to "render a stolen device permanently unusable... ...to give stolen devices the value of a paperweight"

...what could possibly go wrong?

BBC News - Android and Windows to get 'kill switch'
Tags: None