Windows Phone 7
Researcher: Alex Plaskett
Date Started: Nov 10, 2011
The use of smart phones has become part of daily life for many of us. With everyone essentially carrying a computer in their pocket in the form of a smart phone there is a large amount of sensitive information being stored on a device with a high amount of connectivity. Windows Phone 7 is Microsoft’s offering to the smart phone market which is currently gaining in popularity.
This research project focuses on the security of the Windows Phone 7 ecosystem with the initial focus being on the security of the underlying platform and applications that run on top of it. The aim of the project is to assess the security of Windows Phone 7 devices to determine the level of risk that is exposed by the use of these devices and to offer guidance on how it can be minimised or mitigated.
Advisories
HTC Windows Phone 7 - Arbitrary Read/Write of Kernel Memory
Nov 10, 2011
A device driver (HTCUtility.dll) was found on HTC Windows Phone 7 phones which would allow an attacker to read/write arbitrary kernel memory through the use of a specific DeviceIoControl request. No security policies were found to restrict access to this device from the low privileged chamber if the required capability (ID_CAP_INTEROPSERVICES) was provisioned.
Samsung Omnia 7 - RapiConfig.exe Directory Traversal
Nov 10, 2011
An executable was identified which could be used to perform device provisioning functionality in the context of the TCB user from the least privileged chamber (LPC) if the required capability (ID_CAP_INTEROPSERVICES) was provisioned.