When your mobile phone starts transmitting huge amounts of data without your knowledge and consent, you might get really mad. This is what happened to some Windows Phone 7 users recently.
There has been a growing turmoil among Windows Phone 7 users recently because some of them (or a small percentage, as Microsoft puts it) have been affected by a really nasty bug in their mobile phones. Their mobile phones got too smart and start transmitting data on their own when there was a WiFi connection available.
How Was the Issue Spotted?
In early January some Windows Phone 7 owners got notifications from their mobile operators that they were approaching their monthly WiFi allowance. Some of these users were transmitting 30 to 50MB of data a day, which was pretty shocking because their standard use of their mobile device didn't include heavy downloads or any activity that would boost their traffic usage so much.
Soon posts in forums appeared and this made more Windows Phone 7 users aware of the problem and they also checked if their units were affected. In a sense, if WiFi bandwidth wasn't that expensive, probably not many people would have noticed how much of it their mobiles had consumed.
After so many people started complaining, it became obvious that these are not isolated cases and Microsoft started investigating the issue. Microsoft identified the culprit as an undisclosed third-party service and said that they are working on solving the problem.
The Bug – a Huge Mobile Security Gap
The problem with the unauthorized data transmits isn't only that users will get fat bills. What is more interesting is which application/service was sending the data and what kind of data it was. Just imagine what a disaster it would be if this service/app was sending a user's sensitive data!
Keeping in mind the high MB volumes, it is unlikely that all this is sensitive data, but still the very thought of it is striking.
A more serious issue that could stem from the unauthorized transmit is related to mobile security. Windows Phone 7 has a low market share and because of this the impact on WiFi networks is minor but if it were a more popular platform, it is not impossible to see a DDoS attack orchestrated via mobile phones.