A teenage hacker prodigy in India claims to have developed a prototype of malware that will run on smartphones running Microsoft's new Windows Phone 8 operating system - the first known instance of Windows Phone 8 malware.
The researcher responsible for the prototype, Shantanu Gawde, is known as India's "youngest ethical hacker". He says he will unveil the malware prototype at the Malcon security conference in New Delhi, India, later this month.
Gawde's presentation will "demonstrate approaches and techniques for infecting... Windows Phone" including "how to steal contacts, upload pictures and steal private data of users, gain access to text messages etc."
However, little is known about the malware. For example, whether it relies on an exploit of an underlying vulnerability in Windows Phone 8 or masquerades as a malicious mobile application.
Dave Forstrum, director at Trustworthy Computing, Microsoft, commented:
"Microsoft is aware of the upcoming presentation but further details have not been shared with us. As always, we will investigate any issues disclosed in the talk, and will take appropriate action to help protect our customers."
At 16, Gawde is the world's youngest Microsoft Certified Application Developer (MCAD), having earned that designation at the age of just seven. In 2011, he presented a malware application that used Microsoft's Kinect gesture recognition technology at the same conference.
The Windows Phone 8 mobile operating system was released on October 29. It marks a major re-make of the Windows Phone 7 OS and includes higher screen resolution and support for multi-core processors, as well as Near Field Communications (NFC), a wireless technology that is integral to evolving mobile payments solutions.
The new OS also boasts some additional security features, including secure boot and native 128-bit Bitlocker encryption.
Microsoft also claims that the apps available in its mobile application store are "certified" - and vetted for malicious code and other security issues.
Follow @paulfroberts
Follow @NakedSecurity
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
Oh, so he works for MS. Well that's a relief.
Having a MS certification does not mean somebody works for MS.
ethical and hacker should never be in the same sentence!
...
Wow, you obviously know nothing of hacking... Lol, your comment is laughable.
An "ethical" hacker will find the security holes that a "black hat" hacker will eventually find, then notify those who can fix the holes so they can release a patch.
If their own employees can hack their own systems, that pretty much means anyone can.
So his claim to prodigy fame is that he wrote some malicious code in 2011 and has managed to write some more in 2012?
Wouldn't he be more of a prodigy if he had written some genuinely useful code in 2011 and followed it up with something even more useful in 2012?
Absolutely agree with you!!!!