Learn, hack!

URL

https://media.blackhat.com/bh-us-12/Briefings/Oi/BH_US_12_Oi_Windows_Phone_WP.pdf

File name

BH_US_12_Oi_Windows_Phone_WP.pdf

File size

297.3 KB

MD5

38e74b0b4f249d8ee50260006f2471ac

SHA1

5ff506082406fd8315560645761ea32383463a14

Windows Phone 7 is a modern mobile operating system developed by Microsoft. This operating system -- based on Windows CE 6 -- protects the system and the user by modern sandbox and secure application model. These security models are veiled and were difficult to uncover but we succeeded to analyze and inspect not well-known Windows Phone 7 security internals by comprehensive reverse engineering. This operating system is properly implemented which makes exploitation and privilege escalation extremely difficult. However, it does not mean exploitation is impossible. Even the sandbox can be breached on some latest Windows Phone 7.5 devices. The first topic is Windows Phone 7 security analysis. In this presentation, I will talk how we analyzed the system and how Windows Phone 7 looks secure/unsecure along with examples. The second topic is customizations by thirt-party vendors. Windows Phone 7-based devices by some vendors have special interfaces for system applications. Some interfaces however makes subverting sandbox easier because of various design/implementation issues such as directory traversal and improper privileged operations. I will talk about this kind of vulnerability along with its countermeasure.