Collin Mulliner gave an updated version of his presentation at 23C3 in Berlin titled ‘Advanced Attacks Against PocketPC Phones’ (we originally blogged about it in August). As I previously mentioned, one of the vulnerabilities he discussed had, to my knowledge, still not been patched. Well Collin confirmed this in his presentation and also released a working exploit for the vulnerability to liven things...
Ciao! Back in May, at the Microsoft Embedded Developer Conference in Las Vegas, Microsoft provided a number of presentations on Windows CE 6. The following is a summary of the improvements in Windows CE 6, which either directly or indirectly impact upon the security. The points below are taken from the slide decks of the presentations and are distilled down with some commentary added. It should be noted that it is not currently clear when or if Windows CE 6 will be adopted by the Windows Mobile Group. This entry follows up on the blog regarding Windows CE/Mobile 5, which I posted earlier this week.
From the talk Windows CE 6 Overview by David Kelly & Tim Kiesow of Microsoft, I have taken the following points away:
It supports safe SEH for security compliance (/GS)
Bonjour! Carrying on from my previous blog post, here is some more information on Windows CE/Mobile 5 security.
Shatter
Windows CE and Mobile, like its desktop cousin, can suffer “shatter attacks” across processes. This includes processes running at different levels of trust (please see my previous blog post and the section on One-tier versus Two-tier). For those of you unfamiliar with what shatter attacks are, there is a Microsoft TechNet bulletin that addresses the original assertion that the shatter attack condition can exist.
