Security Review of Samsung's Windows Phone 7

Windows Phone 7 is Microsoft’s new mobile operating system. While it looks eerily similar to Apple’s iphone, Samsung is producing the new smart phone. The display on the Windows Phone 7 is very appealing with its colorful “tile-based interface” (Chen). There are four different software stores where you can purchase third party applications, games, and music. There is also a separate store selling applications specifically made by Samsung (Chen). The tile interface also blends contact lists with a user’s facebook account. Therefore, when a user calls another individual, their personal information such as address, email, picture and phone number appear on the interface (Chen). The e-mail service also has a similar setup. The user enters their login information, and the inbox tile appears on the home screen. Next, all the user has to do is tap the inbox tile and all of their messages are available. Also, the user doesn’t have to re-enter their password (Chen). While the Window’s Phone 7 is very appealing and technologically advanced, I feel some of these features can put the user’s personal information at risk.

I believe that the security goals for the phone should be to protect all of the personal information stored on the device. Email and contact information on the phone is readily accessible; therefore, protecting each application with a password should be a top priority. Password protection will also protect the integrity of the information, preventing unauthorized users from make changes to accounts that shouldn’t be adjusted. In terms of availability of the information, the user should be able to access all stored data. A password will allow user accessibility to the account, without being too strict or not protective enough.

If I was an attacker, I think stealing the phone would be the easiest way to infiltrate the user’s personal information. Because the inbox tile is accessible with the touch of a finger, all the attacker has to do is click. The attacker now has access to personal messages, bank statements, credit card numbers, and other confidential information that might be stored in email messages. Some applications available on the phone come from third parties. An attacker can infiltrate the device by creating a malicious program. When the user downloads it, the malicious program might be able to gain access to their information and even deny the user entrance to their personal accounts. I think the easy accessibility to personal information, such as email and contact lists; make the phone extremely vulnerable to attackers.

It is crucial that the creators of this phone take the necessary steps to manage the security risks of Windows Phone 7. The company needs to find a way to mitigate the risks, without making the information on the phone difficult to access for the authorized user. I think the best way to protect the information, while maintaining the availability of data is to use login Ids and passwords every time the phone is turned on and whenever the user attempts to check email. I would also avoid the risk of having personal contact information stolen by eliminating the call feature that displays such details. I find this feature unnecessary, as it only increases the chances that personal contact information can be compromised.

While the Windows Phone 7 is extremely unique and provides new and exciting applications for users, I believe these phones are security risks. They contain the user’s confidential information through email and contact lists. The risk that this information is compromised cannot be avoided. Therefore, I believe it is necessary to use Ids and password to protect all portals to such data.

Chen , Brian . "Samsung's Windows Phone 7 Packs Intuitive, Visual Punch ." Wired Magazine 20 October 2010: n. pag. Web. 27 Oct 2010.