MEDC 2006: Day 2 - Windows Mobile Security

Filed under: ,
Published Posted Wednesday, May 10, 2006 10:25 PM by Nino

Earlier today I attended Jason Fuller’s “Windows Mobile Application Security” session – a very good walkthrough in regards to dealing with the WM security models(s).   During his talk he announced the release of the Device Security Manager – a tool to use in querying the device security configuration and certificate stores.  Very cool (and useful).  It is supposed to be up on CommNet, but I haven’t seen it yet.  I would guess that it would be on Microsoft Downloads in the next week or two.

Here are some notes:

  • Windows Mobile Security Model is based on "Security through Identity"
    • About establishing authorship of code
    • Establish identity through certificates
  • Permission Tiers
    • Privileged
      • Can do anything
        • Can call any API / write to any registry location / any file system location / install certs
        • FKA "Trusted"
    • Normal
      • Cannot call a small set of APIs
      • Cannot write to protected parts of the registry / write system files / install certificates
      • FKA "Unprivileged" or "untrusted"
    • Blocked
      • Not allowed to run
  • Certificates
    • Used to create a digital signature for your app
    • (private) certificate + unsigned application -->  VS (SignTool.exe) --> Signed application
  • What if you don't control the private certificate?
    • Use Mobile2Market certificates
      • Privileged and Normal
      • Privileged has contract restrictions
      • Every device, except two operators
    • Signing != Logo certification
  • Retail Deployment
    • Publisher cert on USB token + unsigned app ->  sign app w/ Publisher cert --> send to cert authority --> they strip out their cert & resign with M2M cert --> send back to you
  • Certificates
    • Vouch for identity
    • Prevents Tampering
    • Authentication of origin
  • Certificate Store
    • Privileged
    • Normal
    • SPC - Software Publisher Certificate
      • "cert store for CAB files"
      • i.e. what can install (vs 'what can run' from Normal/Priv)
  • Security Configurations
    • Security Off
      • Policies
        • Unsigned apps run? Yes
        • Prompt User? No
        • One-tier (everything runs privileged)
      • Certificates:
        • Doesn't matter
      • Used only for debugging
    • One-Tier Prompt (aka PPC configuration)
      • Policies
        • Unsigned apps run? Yes
        • Prompt User? Yes
        • One-tier
      • Certificates
        • Mobile2Market, OEM, Mobile operator
      • Emulators (MSFT turned off prompts)
      • Pocket PC
      • Pocket PC Phone Edition
        • incl. Treo 700w
      • Verizon smartphone
    • Two-tier
      • Policies
        • Unsigned apps run? Yes
        • Prompt User? Yes
        • Two-tier
      • Certificates:
        • Mobile2Market, OEM, Mobile operator
      • Smartphone
    • Mobile2Market Locketd
      • Policies
        • Unsigned apps run? No
        • Prompt User? N/A
        • Tow-tier
      • Certificates
        • Mobile2Market, OEM, Mobile operator
      • Nextel i930
    • RAPI
      • PPC moved from Allowed to Restricted
        • Limits on what the desktop can do to the device
        • CeRapiInvoke is longer allowed
          • SDK docs describe workaround
    • Plugins
      • If an .exe is running privileged, it cannot load a normal .dll  - i.e. dlls must be privileged
      • Inbox/Messaging
      • ActiveSync - sync providers
    • One certificate per CAB
      • Mostly a problem w/ Orange
    • Device Drivers / System Services
      • Must be signed privileged even on PPC
      • Workarounds
        • ActivateDeviceEx()
        • RegisterService()
        • net net - load driver/server later
Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

Comments

. Thursday, May 11, 2006 9:41 AM
Joachim Farla Blog