blogs.tieto.com
Helmut Krämer

Windows RT / Windows Phone 8 – security deep dive

by Helmut Krämer, July 17, 2012
(288)
  • Tweet (http://twitter NULL.com/share)
  • Tweet (http://twitter NULL.com/share)

Today let’s have a look into Windows RT/Windows Phone 8 security options.

Hard Facts “Enterprise Features Windows RT / Windows Phone 8″

  • Device encryption: To help keep everything from documents to passwords safe, Windows Phone 8 includes built-in technology to encrypt the entire device, including the operating system and data files.
  • Better security: Windows Phone 8 supports the United Extensible Firmware Interface (UEFI) secure boot protocol and features improved app “sandboxing,” so the phone is better protected from malware with multiple layers of security.
  • Remote management: With Windows Phone 8, IT departments can manage apps and phones remotely, with tools similar to ones they now employ for Windows PCs.
  • Company Hub and apps: Companies can create their own Windows Phone 8 Hub for custom employee apps and other critical business info.

Lets have a look to some of the ”Facts”:

Secure boot is” a UEFI-based feature to “prevent unauthorized firmware, operating systems, or UEFI drivers from running at boot time”. So it ´prevents installing malware on your phone.
Secure Boot implementation is provided by SoC (System-on-a-Chip).

  • Platform secure boot helps ensures integrity of pre-UEFI boot loaders
  • UEFI secure boot helps ensure integrity of UEFI applications and Windows OS

  (http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/secureboot3 NULL.png)

 

Code Signing

All Windows Phone 8 binaries must have digital signatures by Mircrosoft to run. That’s different from Windows Phone 7 where only Microsoft and marketplace apps had digitial signatures. Let’s have a look to the Windows Phone 7 and Windows Phone 8 security model:

  (http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/win7secmodel2 NULL.png)

(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/win8secmodel NULL.png)

 

Device Encryption

  • WP8 uses Windows disk encryption technology for device encryption
  • for disk encryption secure boot is required
  • Encryption is available on all phones and tuned on during first boot.
  • All internal storage is encrypted, but SD card not encrypted!

 

Here some other interesting slides which can be very useful for you:

(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/security NULL.png)

  (http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/MDM NULL.png)

  (http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/information NULL.png)

(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/remediate NULL.png)

Well, there are a lot of security features. I hope all features are really availiable after launching the devices that we really could say “Secure Mobile Device”.  Here’s the TechEd 2012 link with the video and the slides (http://channel9 NULL.msdn NULL.com/events/TechEd/Europe/2012/WPH304).

 My new nice gimmick – it works really very well!

  (http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/552561_2930216754655_676454324_n2 NULL.jpg)

In my next post let’s have a look at Marketplace and the Enterprise APP Enrollment and then let’s start coding…

This entry was posted in English and tagged , , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

One Comment

  1. oakley オークリー (http://www NULL.k-jinken NULL.ne NULL.jp/book21 NULL.htm)
    Posted May 23, 2013 at 19:34 | Permalink

    Heya i am for the first time here. I came across this board and I find It truly useful & it helped me out a lot. I hope to give something back and aid others like you helped me.

    Reply

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>