44con - Windows Phone 7

[nmonkee]

If you guys are interested in hacking Windows Phone 7, you may be interested in a security conference called #44con that will be running in September.

There is going to be an awesome talk by Alex Plaskett of MWR on Windows Phone 7 security.

In the interests of full disclosure, I work with Alex at MWR and MWR are also sponsoring the event; however even if I didn't and we weren't - I'd still be shouting about it and wouldn't miss it!

Check it out - the technical track is pretty awesome.

Just google 44con

 

[MrNetrix]

Hacking as in running homebrew XNA/Silverlight, homebrew native COM DLLs, or homebrew native executables?

 

[nmonkee]

Windows Pwn 7 OEM - Owned Every Mobile?

This is the synopsis of the talk:

Windows Pwn 7 OEM - Owned Every Mobile?

Thinking about buying a Windows Phone 7 Phone? You need to see this. The talk will aim to provide an introduction into the Windows Phone 7 (WP7) security model to allow security professionals and application developers understand the unique platform security features offered. Currently very little public information is available about Windows Phone 7 OS security preventing adequate determination of the risk exposed by WP7 devices.

The ever increasing challenges and stages of exploitation an attacker has to overcome to achieve full compromise will be discussed. The talk will outline the implementation of these security features and will demonstrate weaknesses and vulnerabilities an attacker could use to bypass the multiple levels of platform security.

A number of OEM manufacturer weaknesses, "features?" will be discussed and a demonstration of how these "features" can be abused in conjunction with conventional exploits to achieve full compromise of the phone will be performed. The talk will demonstrate how OEM phone manufacturers can weaken the security posture of an otherwise strong granular security model and also demonstrate how targeted attacks can be made which leverage this OEM .functionality. to compromise sensitive information.

Biography

Alex is a security consultant at MWR InfoSecurity and has a passion for bug hunting and exploit Development. Alex has previously identified a number of serious vulnerabilities in IBM software (Lotus Domino, WebSphere MQ) and is currently interested in embedded systems security.

 

[sensboston]

A number of OEM manufacturer weaknesses
<skipped>

This guy, Alex, seems like already read all XDA WP7 hack forums

 

[MrNetrix]

This is the synopsis of the talk:Biography

...

Sounds juicy. I am will be anticipating the talk.

 

[rudelm]

Hm just found out about Alex talks at 44con and Bluehat 2011. Any chance that his slides could be published? Or was anyone of you there and could summarize it a little bit? I am curious to know if he mentioned something brand new or if its something known to the OEM DLL files everybody is using thanks to the XDA forum

 

[e.v.o]

If anyone is interested in the slides:
http://labs.mwrinfosecurity.com/files/Publications/mwri_wp7-bluehat-technical_2011-11-08.pdf

Here are 2 vulns:
http://labs.mwrinfosecurity.com/advisories/samsung_omnia_directory_traversal/
http://labs.mwrinfosecurity.com/advisories/htc_kernel_read_write_vulnerability/

Maybe it's interesting for someone..

 

[rudelm]

Thx, I've seen the slides a few days ago. Pretty deep stuff. However, he still needed to combine several exploits to get TCB access. I guess thats somewhat the same thing Heathcliff tried for his Root Tools Further research in OEM vulnerabilities could prove interesting, especially after the recent HTC update that was combined with the Mango Update 7720.