If for some reason you're still running Windows 10 Mobile, maybe this new security vulnerability convinces you it's time to move ahead.
A security flaw discovered in Windows 10 Mobile allows a malicious actor to access your photo gallery in the lock screen without unlocking the unit.
Microsoft has acknowledged the issue, but what's worse would be that the company won't unveil a patch, leaving it unfixed.
The great part is the fact that an effective attack technically requires an assailant to have physical access towards the device and Cortana must be enabled to work on the lock screen. Otherwise, an exploit can't work.
"A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders with the locked screen. An assailant who successfully exploited this vulnerability could access the photo library of the affected phone and modify or delete photos without authenticating to the system," Microsoft explains in CVE-2019-1314.
"Microsoft is not planning on fixing this vulnerability in Windows 10 Mobile. Microsoft recommends implementing the workaround to limit access to Cortana."
No attacks to date
The vulnerability is flagged with an "important" severity rating, and Microsoft says it wasn't publicly disclosed and it's not aware of any exploits out in the wild. Furthermore, given physical access is required to the unit, exploitation is less likely, the organization notes.
So what are your options now that Microsoft doesn't want to release a treatment for this problem?
Of course, you should use Microsoft's workaround and disable Cortana either completely or around the lock screen, which obviously means losing one of the key options that come with Windows 10 Mobile in the first place.
Or you can simply move to Android or iOS, the platforms that Microsoft is super-committed to, as Windows 10 Mobile is going to be losing full support in December anyway.
UPDATE: Security research Yuval Ron, who discovered the flaw and reported it to Microsoft, published a demo online (embedded below). Inside a statement for Softpedia, he explains that Microsoft's decision to not patch the flaw is most likely in line with the reduced quantity of users still on Windows 10 Mobile.
"Microsoft's decision to not fix this vulnerability is principally because of the limited number of users. However, it is still surprising given that they should support Windows 10 Mobile until December. The very best recommendation is to disable Cortana on Lock screen," he explained.
:: بازدید از این مطلب : 290
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0