Microsoft looking to secure Windows Phone as Apple suffers iOS 5 flaws

By Tom Warren, on 21st Oct 11 1:43 pm with 39 Comments

Microsoft is looking to hire a software design engineer to help the company secure its Windows Phone devices.

The software giant posted an advert inviting engineers to “help make Windows Phones the most secure phones on the market,” on Thursday. The job listing comes in the same week that iOS 5 struggles with two serious flaws that allow users to bypass the lock screen. CNET reported on Wednesday that the iPhone 4S Siri feature allows anyone to use a device to send emails, SMS and make calls even if a passcode is set on the device. Some iPhone 4S users have also reported that they can access the address book, photos and calendar on the device using Siri. Another serious flaw hit Apple’s iPad 2 device running iOS 5 this week. 9to5mac report that anyone with a Smart Cover accessory can break into an iPad 2. 9to5mac confirm that the issue is present in iOS 5 and could also working on earlier versions of iOS 4.3 (see video below for a demo). A similar flaw affected Apple’s iPhone 4 device around a year ago, allowing users to access devices after bypassing the lockscreen.

Microsoft is aiming to create the next generation of security software for Windows Phones. The software maker wants to ship the most secure phone the market has ever seen. Microsoft is currently fighting off enterprise adoption of iPhone, iPad and Android devices thanks to the secure and business oriented nature of Microsoft’s products. Security flaws are a major factor for enterprise and business adoption and a big reason why some businesses opt for third party products like GOOD to provide email, calendar and contacts to “consumer” devices. A large majority of enterprise customers choose RIM’s BlackBerry infrastructure and devices for their employees but Microsoft is clearly attempting to ship a more secure ecosystem with Windows Phone:

“We want your passion for shipping secure devices, technical depth, drive for breaking code and finding security holes. If you’re looking for your next move, or just looking to be involved in the ‘next big thing’ you should be talking to us. We can help bring out the best in you and you help bring out the best in our products.

The Mobile OS Platform group is looking for talented SDETs with a passion for shipping next generation of secure software for mobile phones. As a member of the security team, you will find yourself working on cutting edge fuzzing technology, pentesting, and other security tools to help us ship the most secure phone the market has ever seen. You’re expected to stay at the top of all current exploits and work closely with MSEC to react to all new found exploits. You’ll also have the opportunity to attend known security conferences.”

Thanks to WinRumors reader Simon for the news tip

  • Test1ngi23

    LOL. Apple sucks at security!

    • Grannyville7989

      C’mon, none of that now.

    • J A

      You mean even if its true?

    • Guest

      About as accurate as most of your comments. Which is to say not at all.

  • http://www.andrewseymour.co.uk/ Andrew Seymour

    Nice – Kind of makes me more excited for those Windows 8 tablets. Who knew.

  • http://twitter.com/williamtm/ WilliamTM

    The Siri issue isn’t exactly major. You can disable Siri access in the settings if the phone is locked. Granted, Apple shouldn’t have set allow siri to “On” by default, but the option IS there to disable. I’d rather have it as an option than not have it there at all.

    The iPad issue is more of a problem though…but at a guess, that’ll probably be fixed in the next security update.

    • Anonymous

      Kind of reminds me of their major security flaw in Safari where downloads were set to automatically run by default.  Apple enjoyed not being a security target for a long time, but now they have more exposure.  I’m sure they will patch this quickly though.

    • Frylockns86

      They also now have that new malware that can disable the built in anti malware scanner.

    • Guest

      You guys must be mistaken. Apple OSes are totally secure. They’re based on *nix after all. /s 

  • Doug

    I tried this exploit…you could gather contact info, but you can’t actually open any app completely

    • Entegy

       You could if Contacts.app was the open app when you locked the device.

  • Dougblowers

    microsoft should just buy RIMM

    • J A

      NO! RIM should just close down, as in implode. Its a HUGE loss for anyone who buys that company. What will Microsoft or anyone do with RIM’s ancient OS? Even RIM doesn’t know what to do with itself but go bankrupt as each second passes.

    • Hugues Lefebvre
    • Guest

      Why?

    • Anonymous

      Outside of users, I can’t see what else they have. Some of those users aren’t exactly the brightest either. I know a guy who still has a Blackberry because he thinks its the only phone that gets email.

  • Anonymous

    If MS can add full device encryption, System Center management with the ability to deploy custom apps, true VPN with proper authentication, communication encryption, and proper policy management, enterprises across the world will adopt WP7.5/8 and think hard about considering other platforms having access to their networks. It will probably take Apollo or Apollo +1 to get this done, but if they do it will make IT Security and Policy managers very happy. Apple has no real focus in the enterprise and Google is to immature and doesn’t have the depth of securing services MS has. At the end of the day, it is MS’s game to loose.

    • Anonymous

      the word is lose.  Sorry to be a grammar nazi but puppies die when you use loose incorrectly. and i like puppies.

    • Anonymous

      Thank you. It has been corrected. I understand how you feel about incorrect grammar. I wrote this from my iPad. Curse you autocorrect.

  • http://www.facebook.com/people/Jonathan-Marston/542557737 Jonathan Marston

    You’re just locking it wrong. /s

  • Anonymous

    Tom,

    When I visit your website, I don’t want to see some disgusting face staring at me. I will come back when you remove it.

  • Hildron

    You know WinRumors, you’re really starting to suck. I go on MacRumors all of the time, and they don’t say crap like “Microsoft is suffering from…” etc. etc. If it’s a MS problem, they have that in a separate article, and they don’t put that into the same article. For example, this article has information about Windows Phone security, but you just had to throw in the Apple stuff. You really need to learn to not be such a bunch of idiots. Plus, this security issue isn’t terrible at all. Sure you can get into the OS, but you can’t even launch anything.

    • http://twitter.com/LachlanCMcLeod Lachlan C McLeod

      this is all because microsoft is hiring a new person for security..  at the same time apple is having problems with security..

    • Hildron

      It’s more than just this article that WinRumors did this on. And this security problem isn’t even major.

    • Guest

      Right. All Apple security problems are minor. Go away troll.

    • http://www.facebook.com/people/Pedro-Roque/100000194503830 Pedro Roque

      I love apple trolls… they always give me a laugh

    • Guest

      I don’t know what MacRumors you go to. But the one I read is chock full of immature MS slams.

    • Just Visiting

      I see the Microsoft slams more on AppleInsider than I do on MacRumors; MacRumors is, in my experience, reports more on Android than Microsoft, if at all. 

    • http://www.winrumors.com Tom W

      So the fact you can gain access to the address book and calendar isn’t a security issue? Get real, that’s a major security hole. You can’t launch apps but spotlight search works well, major data leakage.

    • Hildron

      This is something that can easily be fixed. I am sure an update soon will help. Plus, it only happens if the auto wake function is on with a Smart Cover.

    • http://www.facebook.com/people/Jeffrey-Syang/507688178 Jeffrey Syang

      how is this irrelevant??? first this article talks about improving security on wp7 and then the security issue on ios, thus security in both mobile operating systems. To be honest, this kind of security issue is not earth-shattering, but lets face it, any security issue is still an issue. 

      However, the wording in the title is quite neutral. Definition of “suffer”: Be affected by or subject to OR Experience or be subjected to (something bad or unpleasant). Now replace “suffer” in “Apple suffers ios 5 flaw” with any of the definitions; it will become “Apple is affected by/ is subject to/ experiences/ is subjected to ios5 flaw”. Just because “suffer” has a a negative connotation, it does not mean that he used the word wrongly or grudgingly. An example of apple slamming would be “Microsoft looking to secure Windows Phone as Apple is infested by ios5′s Siri security abomination.”

      Finally, I find it amusing when hardcore apple fans laugh about security patches for windows/office/xbox  by saying stuff like “when is the next one going to be? tomorrow?”. And when something like this happens on the mac or ios, they defensively, and possibly happily, say “there will be an update/patch soon.”

    • http://www.facebook.com/people/Pedro-Roque/100000194503830 Pedro Roque

      Typical apple apologist…

    • Anonymous

      Tom uses various Apple products, Win is on his macbook. So no, Winrumors is more about reporting than click baiting. No site is more pathetic than Appleinsider or Macrumors.

  • Anonymous

    If iPhones and iPads are so insecure why is the military using them?

    • http://levelten.org tdmiller productions

      that’s a good question. 

    • Guest

      It may have to do with the fact that the military doesn’t always secure things as well as you think.    http://www.wired.com/dangerroom/2009/12/not-just-drones-militants-can-snoop-on-most-us-warplanes/

    • ZipZapRap

      insecure? I knew it! You’ve just confirmed my suspicions of iProducts and their users.

    • http://www.facebook.com/people/Pedro-Roque/100000194503830 Pedro Roque

      You mean the same military that was involved in the wikileaks debacle? They must be really good on security…

  • http://twitter.com/FelixVanOost Felix van Oost

    Great to see Microsoft taking security seriously now. If they can make the next iteration of WP as secure as a BlackBerry it might entice me to switch sides even more…