A teenager is reported to have created prototype malware code for the Windows Phone 8 to steal private user data.
The Trojan, created by 16-year-old Shantanu Gawde, is said to work by posing as a legitimate app which can access a user's data once activated.
Fortunately for Microsoft and Windows Phone 8 users alike, Gawde is an 'ethical hacker' from India's National Security Database program.
Instead of putting it to nefarious uses, he will present the malware code at the upcoming International Malware Convention (MalCon) in New Delhi, India, on November 24.
It is not yet clear whether the malware is able to affect Windows Phone 8 handsets by targeting a specific weakspot in the system, or by duping careless users into installing something dodgy.
Nevertheless, it poses serious questions over the security of the Windows Phone 8 OS – particularly as it shares several similarities with its PC counterpart.
Microsoft has yet to see Gawde's findings and has therefore been unable to comment specifically on the nature of the risk.
However, Microsoft's Trustworthy Computing Director Dave Fornstrum has said the company would "investigate any issues disclose" in the MalCon talk and "take appropriate action to help protect [its] customers".
Although finding vulnerabilities could be potentially damaging to the Windows Phone image, it could also be seen as a blessing in disguise by allowing Microsoft to discover and amend such security issues before hackers have the chance to develop more advanced malware.
Stories of security breaches aren't exactly uncommon in the smartphone arena these days.
In September it was revealed Samsung users could have their handsets wiped by one simple line of 'killer code', which targeted the devices' TouchWiz systems and began an irreversible (and unstoppable) factory reset. The issue was later resolved through a software update.
Gawde has promised to share his findings with antivirus software companies at MalCon. Nevertheless, there will no doubt be many red faces at Redmond over these revelations, particularly given the tender age of the culprit.
Via The Register