Mobile // Mobile Devices
Commentary
5/6/2011
00:16 AM
Ed Hansberry
Ed Hansberry
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Microsoft Patches Windows Phone Against Comodo Hack

Users who jailbroke their phones to get early access to Microsoft's NoDo update are finding they can't get the latest patch, intended to protect against the fraudulent SSL certificates issued by Comodo.

Microsoft is rolling out updates to devices and platforms, including Windows Phone 7, affected by the fraudulent SSL certificates issued by Comodo. It is nice to see Microsoft both willing and able to get updates out to its phone platform in a timely manner. After the delays of the February 2011 update and the March NoDo update, people were beginning to wonder.

Just this week Microsoft started rolling out NoDo to the HTC Surround on AT&T and to customers of Optus in Australia. Telestra customers are in the "scheduling" phase which means they should get the update in a few days. NoDo was released in March, so for some this is coming six weeks late.

As a result of being forced to wait by some carriers that didn't take their customers' desire for copy and paste seriously, some people took a shortcut. There was a hack (by the same people that gave us Chevron7) that would download the update directly from Microsoft, bypassing the carrier entirely. Microsoft warned that this wasn't a smart thing to do. The consequences of this rogue update process may leave the phone in an unpredictable state and prevent further updates. Turns out Microsoft was right.

The Comodo issue involved mail.google.com, login.live.com, login.skype.com, www.google.com, and five other popular sites. While Comodo has added the bad certificates to its certificate revocation list, Microsoft decided to patch Windows Phone 7 as well as most of its supported desktop platforms. Windows Mobile 6.x, the Kin, and all Zune devices are affected as well, but no word yet on whether or not they will get updated.

As Microsoft began releasing the new update, dubbed 7392, it discovered that phones that had the Chevron7/NoDo hack wouldn't take the update. Their response? "We told you so" about sums it up. Honestly, I see no other reasonable response for Microsoft to make. Why should they spend any resources customizing an update to work on a device that has been hacked and configured in an unexpected way?

That said, the creators of Chevron7 developed another fix to undo the mess they made and Microsoft worked with them to verify it put the devices back the way they were so 7392, and presumably future updates, would take.

Let us know if you have a Windows Phone 7 device and when 7392 starts rolling out for you.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.