Windows Phone seems to be earning its stripes as a security option, as the platform’s sandbox emerged undefeated from this year’s Mobile Pwn2Own hacking competition.
While details are still scarce, the news emerging only from HP’s blog on the matter, it appears that the contest’s sole competitor focusing on Windows Phone – Nico Joly – was unable to take full control of a Lumia 1520.
Joly’s targeted exploit – aimed at the phone’s web browser – was, according to HP, “successfully able to exfiltrate the cookie database, however, the sandbox held and he was unable to gain full control of the system”.
Moreover, Microsoft will now be able to patch the vulnerability that led to the cookie database infiltration.
Other platforms didn’t fare so well at Pwn2Own, with Apple’s Safari browser being cracked, leading to hackers escaping Safari’s sandbox completely on an iPhone S5.
Meanwhile, Google’s flagship (though now strangely discontinued) LG Nexus 5 was unwittingly forced to pair with another phone via an NFC and BlueTooth exploit.
British firm MWR InfoSecurity emerged with two awards for grabbing control of a Samsung Galaxy S5, also via NFC, and Amazon’s Fire Phone was hijacked via its web browser.
While it could be argued that Windows Phone had less chance of being cracked with so little focus placed on it by competitors (with only one entrant attempting the feat), Windows has worked hard on its sandbox structure for its apps, as well as secure booting operations.
The phone’s Secure Boot component is a unique feature, which cannot be turned off and protects against malware or other resident intrusion during the phone’s critical first few seconds of operation.
The phone also refuses to run apps that are not signed by the Windows store.
While Computing is yet to speak to a customer who has chosen Windows Phone for its security abilities alone, we had a brief – yet encouraging and off-the-record – conversation with a US defence contractor at a recent conference. That company is planning to shed BlackBerry for Windows Phone, entirely based on some of the factors discussed above.
Could Windows Phone be the new secure platform of choice for the enterprise in 2015? Stranger things have happened, although BlackBerry’s new security tie-up with Samsung could muddy the waters ever further.