In this post and series we will dive into the process and methods used to test the security of Windows Phone 8 (WP8) app. Let’s say you are tasked with performing a security assessment, ethical hack, vulnerability assessment, or a penetration test of a WP8 app, where do you begin? This is where!
Security in WP8 Platform
WP8 being Windows NT kernel based allows for multiple benefits from a end user security perspective. These security controls do not help a tester but do help make the device more secure and attractive to enterprise users and decision makers.
- 128-bit BitLocker for full disk encryption
- NTFS file system
- Sandboxed apps – no access to other apps
- SafeBoot: Secure boot with Unified Extensible Firmware Interface (EUFI)
- This makes it difficult for software without correct digital signature to be loaded on your Windows Phone. Something jailbreakers will need to bypass. More on the jailbreaking later.
- TPM 2.0 standard, requires unique keys to be burned into the chip during production
- All Windows Phone 8 binaries must have legit digital signatures from Microsoft to run
No Jailbreak for WP8 Yet
WP8 is a closed operating system and therefore does not allow access to memory, inspecting the local file system and storage, or transferring certain files to and from the device. Traditionally, a jailbreak is required to obtain this type of access to the platform. Unfortunately there is no jailbreak for WP8 which limits us substantially at the moment. However, there are ways we can test the app without a jailbreak as you will see in this series. To see and manipulate the app’s local storage we must obtain the XAP file from the developers. This should be a requirement in your contract to successfully and thoroughly test a WP8 app. Even if you do not have the XAP file, you will be able to perform some testing so don’t let that stop you.
What would a jailbreak for WP8 look like? Well it would need to do the following:
- Exploit a vulnerability
- Escalate privilege to run code as SYSTEM
- Bypass SecureBoot
- Disable application code signing
- Create a trusted app store certificate
In the first part of WP8 application security we learned about the WP8 platform and the security controls that Microsoft has implemented. We learned there is no jailbreak currently available and will have to be creative in ways to test the applications.