****, then. You seem to know your stuff, any ideas about possible weak areas of the OS ?
I'm not one of the hardcore hackers here, I did dig into the network setup app and noticed the possibility of an exploit but once I informed Heathcliff about that he already had his proof of concept finished and was looking into the driver stuff. I'm not hardcore enough to deal with the low level hacking stuff (disamble arm dlls and such). But I do read a lot here at this forum and that's how you pick up on things.
- Bootloader attemps seems to be stuck for now, at least for the phones that have Nokia DLOAD, it's very hard to bypass the certificate required for flashing or to find a exploit that allows for arbitrary code execution. This is really hardcore stuff.
- Network setup attempts are stuck because of the reasons mentioned in my previous post
- There is also some research done by trying to understand the update progress via Zune. This traffic is encrypted but we don't know yet if the keys used for that are static or dynamic (different for each phone). We did found some keys in the Nokia DLOAD bootloader, but we don't know if they are public or private. If public we may only be able to read the content, not to alter (and reencrypt). This proces is in an early stage.
- Just mentioned STK app possibilities (maybe it's possible to run code via an infected sim card if exploits exist in the app ('s driver) that handles these kind of operations). Not even started yet/requires special hardware.
- Other nokia app's that require interop permissions. I think this is unlikely too be successful as these apps do not use configuration files (like Network Setup's 'database') but instead use hardcoded registry keys inside the program. Changing these values would require altering the program=>mismatch in signatuer=>no go.
Nokia and MS clearly did not make our lives easy, but to be fair I actually think this is a good thing too. With a system as secure as this we are also protected from attempts to hack the system for other reasons than we have (software piracy (very bad for a developers point of view!)/malicious software/etc).