Description: Microsoft is expanding its presence on smartphone OS market. With Windows Phone 8 release we got brand new mobile operating system. Users got new devices and a lot of cool features (like NFC), so developers too. Windows Phone 8 platform allows to create applications with rich functionality, and for some of them security issue is very important. In this presentation we want to summarize Windows Phone 8 security model and talk about applications security. This is important both for developers and security auditors. Also we will demo a tool that allows you to analyze Windows Phone applications. We will also show on real examples how to find vulnerabilities with this tool.
Windows Phone 8 is a new mobile platform and there is not so much information about security issues out there. This presentation will cover Windows Phone 8 security model. We will especially cover applications security. During our research we examined number of Windows Phone applications and learned where developers have to be careful when developing applications and where auditors may find vulnerabilities. Application analysis requires number of tools, from generic tools like disassembler to more specific tools like .NET decompiler. There are few tools targeting Windows Phone 7 platform and applications, offering some features like decompiling, logging method calls and deploying app to Windows Phone emulator. But all of these features are basic and does not offer a lot, and none of these tools support Windows Phone 8 applications. During our work we created a tool that makes application analysis easier. It supports both Windows Phone 7 and 8 applications and offers significant number of features that helps to understand application’s logic and find vulnerabilities. Auditors can use both static and dynamic analysis to achieve this.
This is logical continuation of our talk “Inspection of Windows Phone applications” at BlackHat. This presentation will be focused on Windows Phone 8 and applications security.
For More Information Please Visit : - https://www.hackinparis.com/talks-2013
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.