14 DAY TRIAL // Mobile phone developers have found an easy way to replace a legitimate app on Windows Phone with a rogue one that inherits the data access permissions.
The method is as simple as transferring the installation data of the malicious app into the program directory of the target.
Starting version 8.1 of Microsoft’s mobile operating system, users have the possibility to sideload apps from an SD card, which is essential for this hack, discovered by an XDA-Developers forum member posting under the online moniker “djamol.”
He says that the first step is to create the same manifest for the rogue app as for the legitimate one, and then have them installed on the device.
Next follows the simple procedure of replacing the files in the program directory (Install, NI, TempInstall, TempNI, XBF and others) of the valid software with the content from the custom package.
After all this, the rogue app should start with the same permissions as the targeted package. The developer tested the hack on a Lumia device.
A registry tool signed by Djamol has also been developed, the forum post reveals. This would allow writing registry values with the inherited permissions.
The discovery of this glitch may crack the door open for malicious activity aiming at Windows Phone users, as rogue code can be developed to target trusted applications with access to data coveted by the cybercriminals.