• Follow us on Twitter
  • Subscribe to our RSS Feed
  • Search Site

  • Home
  • About
  • Contact

You are here: Jorge Orchilles / Tag: Microsoft

Tag Archive for: Microsoft

WP8 App Security – Part 1 WP8 Platform

30 Dec 2013 / 3 Comments / in Mobile, Security, WP8/by Jorge Orchilles

In this post and series we will dive into the process and methods used to test the security of Windows Phone 8 (WP8) app. Let’s say you are tasked with performing a security assessment, ethical hack, vulnerability assessment, or a penetration test of a WP8 app, where do you begin? This is where!

WP8 Platform

Before testing any app, one must first understand how the underlying platform works. Microsoft rebranded Windows Mobile to Windows Phone for version 7. The latest version is Windows Phone 8 (WP8). WP8 runs ARM hardware architecture, similar to iOS, Android, and Blackberry. WP8 migrated to the Windows NT kernel instead of Windows CE which WP7 used. WP8 also uses the Windows Phone Runtime application architecture, not identical to WinRT, to allow developers convergence between Windows 8 and WP8. Applications for WP8 may be coded in .NET (C# or VB.NET) and C++ but not JavaScript.

Security in WP8 Platform

WP8 being Windows NT kernel based allows for multiple benefits from a end user security perspective. These security controls do not help a tester but do help make the device more secure and attractive to enterprise users and decision makers.

  • 128-bit BitLocker for full disk encryption
  • NTFS file system
  • Sandboxed apps – no access to other apps
  • SafeBoot: Secure boot with Unified Extensible Firmware Interface (EUFI)
    • This makes it difficult for software without correct  digital signature to be loaded on your Windows Phone. Something jailbreakers will need to bypass. More on the jailbreaking later.
    • TPM 2.0 standard, requires unique keys to be burned into the chip during production
  • All Windows Phone 8 binaries must have legit digital signatures from Microsoft to run

No Jailbreak for WP8 Yet

WP8 is a closed operating system and therefore does not allow access to memory, inspecting the local file system and storage, or transferring certain files to and from the device. Traditionally, a jailbreak is required to obtain this type of access to the platform. Unfortunately there is no jailbreak for WP8 which limits us substantially at the moment. However, there are ways we can test the app without a jailbreak as you will see in this series. To see and manipulate the app’s local storage we must obtain the XAP file from the developers. This should be a requirement in your contract to successfully and thoroughly test a WP8 app. Even if you do not have the XAP file, you will be able to perform some testing so don’t let that stop you.

What would a jailbreak for WP8 look like? Well it would need to do the following:

  • Exploit a vulnerability
  • Escalate privilege to run code as SYSTEM
  • Bypass SecureBoot
  • Disable application code signing
  • Create a trusted app store certificate

Resources

  • Microsoft Windows Phone 8 Security Overview
  • XDA Developers
  • OWASP Mobile

Conclusion

In the first part of WP8 application security we learned about the WP8 platform and the security controls that Microsoft has implemented. We learned there is no jailbreak currently available and will have to be creative in ways to test the applications.

Internet Explorer 9 Released

Permalink
16 Mar 2011 / 0 Comments / in IT/by Jorge Orchilles

I hope no one is still running Internet Explorer 6; if you are Microsoft has a countdown and awareness campaign to get you and your grandmother to upgrade. For those that are fairly up to date, be informed you are not because Microsoft released Internet Explorer 9 today. If you are feeling risky and are running Windows Vista or Windows 7 you can download Internet Explorer 9 from Microsoft’s official download site (not the millions of Google results for it’s download location). There are issues with certain sites so ensure you test this before deploying in production:

Microsoft also set up a domain dedicated to the new browser: www.beautyoftheweb.com. Unfortunately, that site isn’t hosted under the microsoft.com domain, nor does it have an SSL certificate to confirm that it belongs to Microsoft. Using this site to distribute the browser goes against the advice of downloading software only from known vendor websites. Copycat malicious sites claiming to distribute IE 9 will probably appear shortly, if they aren’t around yet.

Internet Explorer 9 includes a number of security improvements that make the upgrade worth your consideration. These include application reputation capabilities that are part of the SmartScreen feature thathelps protect the user against socially-engineered malware. The browser also supports the notion of Pinned Sites, which implements “secure launch” capabilities to safeguard users’ sessions with important websites. Internet Explorer 9 also improves its resistance to exploits by embracing support for DEP/NX, ASLR and SafeSEH memory protection capabilities. The new browser also improves the messages its users see when they download files and programs; the messages are designed to make it easier for the users to assess the risk of opening such files.


 

Till next time,

Jorge Orchilles

 

Page 2 of 212

Categories

  • IT
  • Mobile
  • Security
  • Videos
  • WP8

Latest Videos

  • BackTrack 4 R2 – Technical Workshop for South Florida ISSAFebruary 21, 2011, 10:52 pm
  • Virtual Machine Escape by NSA (video)February 16, 2011, 5:06 pm
  • Windows 7 Security VideoSeptember 21, 2009, 9:35 pm
Popular
  • Windows 7 and VMWare vSphere Client 4July 30, 2009, 5:03 am
  • SSL Renegotiation Denial of ServiceMarch 13, 2011, 9:40 am
  • BackTrack 4 R2 – Technical Workshop for South Florida...February 21, 2011, 10:52 pm
  • Windows 7 Security VideoSeptember 21, 2009, 9:35 pm
Recent
  • Missing Security Features in Windows Phone 8January 7, 2014, 11:14 am
  • WP8 App Security – Part 5 Capturing HTTP and HTTPS TrafficJanuary 3, 2014, 9:08 am
  • WP8 App Security – Part 4 Information GatheringJanuary 2, 2014, 12:34 pm
  • WP8 App Security – Part 3 XAP FileDecember 31, 2013, 11:29 am
Comments
  • […] testing a mobile app, a tester often wants to...January 3, 9:08 am by Jorge Orchilles | Missing Security Features in Windows Phone 8
  • […] three posts in this series were an introduction...December 31, 11:29 am by Jorge Orchilles | WP8 App Security – Part 4 Information Gathering
  • […] first three posts in this series were an introduction...December 30, 5:19 pm by Jorge Orchilles | WP8 App Security – Part 4 Information Gathering
  • […] first three posts in this series were an introduction...December 30, 2:52 pm by Jorge Orchilles | WP8 App Security – Part 4 Information Gathering
Tags
2008 3479 Action Center Apple AppLocker AT&T BackTrack BitLocker Blackhat Browser Chrome Denial of Service Emerging Threats Facebook Firefox HTTPS IE 8 IE9 Internet Explorer Keynote Management Microsoft Nessus nmap Passwords Penetration Testing Presentation Privacy R2 Security Service Pack 1 SP1 SSL SSL Renegotiation Talks U-Verse UAC Video Virtualization Vulnerability Assessment Windows 7 Windows Phone 8 Windows Server WP8 XP Mode

Archives

  • January 2014
  • December 2013
  • November 2013
  • August 2011
  • April 2011
  • March 2011
  • February 2011
  • October 2010
  • September 2010
  • August 2010
  • April 2010
  • March 2010
  • January 2010
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • February 2009
739Follower

Search

© Copyright - Jorge Orchilles - Design by: hellodmcs
  • scroll to top
  • Follow us on Twitter
  • Subscribe to our RSS Feed