Windows Phone 7 Security Implications
Microsoft's new mobile operating system, Windows Phone 7, is here. Released amidst much fanfare, it has garnered praise for its innovative interface - but what about security? Microsoft obviously intends for the phone to appeal to the business market and easily integrate into corporate networks. Does it meet the stringent security requirements of enterprise networks?
Windows Phone 7 devices present the same security issues as most of today's mobile devices. As smart phones become more ubiquitous, attackers are beginning to target them both as a means to access data stored on the phones themselves and as a vector for gaining access to the business network and/or introducing viruses and malware onto it. The phones must be protected from both over-the-network intrusion (which can include over the 3G/4G network, over wi-fi networks, and even over short range Bluetooth connections) and from direct access to data on the device if it is lost or stolen or otherwise falls into the wrong hands.
One problem that's more unique to WP7 is that, while there are many third party security apps for the old Windows Mobile, iPhone, Android and Blackberry - smart phone operating systems that have been around for a while - WP7 is so new that there has not yet been time for the development of a third party security ecosystem for the platform. That means, for early adopters, the security that Microsoft has built into WP7 is even more important.
The upside of all apps being required to go through the Windows Marketplace is that they have been tested and digitally signed, and you can be assured that they aren't tampered with before being delivered to you. This, of course, is the same model used by Apple's App Store. "Side loading" of applications from outside the Marketplace is not allowed, thus eliminating or at least greatly reducing the potential for installing insecure apps that will put your phone and the networks to which it connects at risk.
Developers use the Silverlight platform for writing applications for Windows Phone 7 devices. Windows Phone 7 includes many features such as video hardware acceleration, multi-touch, location awareness, motion sensor (accelerometer), camera and microphone, etc., that could be misused by malicious code. Luckily, Silverlight is designed with security in mind. The sandbox concept is used to provide an environment where applications have limited privileges and don't have access to the file system, other applications and system resources that could be exploited.
Every application runs in its own individual sandbox. When the phone features need to be accessed for an application to work, developers can't call them directly but must use APIs that are called launchers and choosers. Launchers invoke built in applications that don't return any data to the application that calls them. Choosers invoke built in applications that do return data to the calling application. You can read more about launchers and choosers here.
The new mobile version of Internet Explorer is also isolated from the applications, and it can't launch code from web sites, minimizing the risk of web-based malware.
Storage isolation is something that was already part of Silverlight. Each app also has its very own local storage area on the phone that's fully isolated from the data stored by other apps. The app stores its settings and user data in this "walled off" area, and apps are not allowed to save data to any other file system location.
While storage isolation theoretically protects the data stored by a WP7 app from access by any other app (including malware), security should always be multi-layered and any sensitive data that you store on the phone should be encrypted. The Windows Phone 7 operating system supports a multitude of cryptographic methods, including AES, SHA1 and SHA256, HMACSHA1 and HMACSHA256 and more. Unfortunately, the OS doesn't include automatic built in key management or a way to securely store your passwords. That means you should not store your passwords on the phone, but instead will need to enter them each time you encrypt or decrypt data.
This blog post (targeted at developers) explains how to encrypt data on a Windows Phone 7 device.
Of course, another way to protect data is to store it not on the phone itself but on a secure server that you can access from the phone. However, this exposes the data to security threats while it's in transit. Thus it's also important to secure data while it's in transit. Windows Phone 7 secures data in transit using SSL, both when you transmit data across the web using the phone version of Internet Explorer and calling web services from within a Silverlight app. 128 bit or 256 bit encryption is used, depending on the connection to the server.
Silverlight security tools
In addition to the security mechanisms that are built into the Windows Phone 7 OS, developers can use the Silverlight security tools that are provided by Microsoft to build secure applications. These include the System.Security namespaces that control .NET security system and permissions. These .NET namespaces include:
- System.Security.Principal: Defines a principal object that represents the security context code runs under.
- System.Security.Permissions: classes provide policy-based access controls over operations and resources.
- System.Security.Cryptography: provides cryptographic services, such as hashing, random number generation, message authentication and encrypting and decrypting of data.
You can learn more about securing Silverlight based applications here .
Exchange ActiveSync security
Windows Phone 7's integration with Exchange is a major reason for businesses to consider adopting it. WP7 includes Exchange ActiveSync (EAS) version 14.0, which allows administrators to control security aspects of the Windows Phone 7 devices on their networks by applying security policies. For example:
- You can require that users set up a PIN that must be entered to synchronize mail, contacts and calendar with the Exchange server.
- You can set a policy that causes the PIN to expire after a specified period.
- You can set a policy prohibiting reusing the same PIN, or using a simple PIN, such as 1111.
- You can specify the minimum number of characters for PINs.
- You can set a policy that determines how long the idle timeout period is, after which the phone will automatically lock.
- You can set the number of incorrect PINs that can be entered in a row, after which the phone will wipe its data and reset itself to default factory settings.
In addition to the automatic wipe, the Exchange admin or the user him/herself can wipe the device remotely using the Outlook Web App.
In addition to synchronization of Exchange data via ActiveSync, users can synchronize their media files (music, photos and video) via the Zune software installed on their PCs. Microsoft considers this to be a security feature because the Zune application doesn't provide access to the file system (as Windows Mobile Device Center does for Windows Mobile phones).
However, this is also a major annoyance to former WinMo users who want to be able to browse the phone's file system in Windows Explorer and drag and drop files as they are used to being able to do, and within days after WP7 was launched, instructions were available on the web for performing a registry edit on your computer that will allow you to mount the phone so it appears as a portable mass storage device (as an Android phone does) when you connect it to your PC via USB. You can find those instructions here .
Lack of support for removable storage
Another major annoyance for WinMo and Android fans that Microsoft is positioning as a security feature is WP7's lack of support for removable storage cards. Some of the devices do use microSD cards; however, WP7 "locks" the card to the phone with a 128 bit key so that the contents of the card can't be accessed if you remove the card from the phone. Thus the card cannot be used in another phone or in a PC or multi-media reader.
Windows Phone 7 has been designed for both consumers and business users and thus has to walk a fine line between usability and security. Microsoft has included a number of built in security features and has made it fairly easy for developers to build additional security into the apps they design for WP7 using Silverlight's security tools. There is currently no support for alpha-numeric password protection or for full device encryption of stored data, but this is version 1 and it's expected that security features, along with other features, will be added in future versions. Meanwhile, users will find some of the "security features" to be hindrances to productivity and/or usability, and some of these can be fairly easily defeated by a knowledgeable user. Nonetheless, Microsoft has made a good start on creating a phone that's simple enough for consumers and secure enough for business.