For strange reasons, Windows Mobile 6.x never was too much of a target for virii – its open design made the platform more vulnerable than Symbian. Windows Phone 7 runs only managed applications, but is it really so much safer?
At the Vienniese DeepSEC conference, a talk will be held on attacking Windows Phone 7 via the OEM extensions. The organizing comittee describes the talk to be held by Alex Plaskett as following:
The talk will aim to provide an introduction into the Windows Phone 7 (WP7) security model to allow security professionals and application developers understand the unique platform security features offered. Currently very little public information is available about Windows Phone 7 OS security preventing adequate determination of the risk exposed by WP7 devices.
The ever increasing challenges and stages of exploitation an attacker has to overcome to achieve full compromise will be discussed. The talk will outline the implementation of these security features and will demonstrate weaknesses and vulnerabilities an attacker could use to bypass the multiple levels of platform security.
A number of OEM manufacturer weaknesses, “features?” will be discussed and a demonstration of how these “features” can be abused in conjunction with conventional exploits to achieve full compromise of the phone will be performed. The talk will demonstrate how OEM phone manufacturers can weaken the security posture of an otherwise strong granular security model and also demonstrate how targeted attacks can be made which leverage this OEM “functionality” to compromise sensitive information.
Find out more via the URL below:
https://deepsec.net/
P.S: I will also be there with a little talk on mobile security in general…
Related posts:
Content, RSS
Twitter