Redefining the PC

Why Microsoft's Surface phone could be MUCH more than a mere 'phone'

Surface Pwn 5

Surface Pro 5, Project NEON details leaked on LinkedIn?

XP-YESSSSSSS

Dell's already awesome XPS 15 gets even better in 2017

Surface table meets Windows 10

Yes, we did put Windows 10 on the original Surface table ... and it rocks

Cream o' the crop

Before buying a Microsoft laptop, check out our pick for the absolute best

Simple and secure, just the way I like it

We think Windows 10 Cloud is a great idea, here's why

uber micro

Halo Wars 2 has something for everyone. Here's our full review.

Oldie but goldie

We reviewed Microsoft's decade-old Surface table

Creators Update comin' at ya

These are the coolest new features in the next big Xbox One update (video)

Buyer's guide

The Razer Blade 14 is the best laptop Razer has to offer

Windows 10 app gems

10 terrific Windows 10 apps you should be using

Tower of power

Here's what we think of Dell's XPS Tower Special Edition

Quite a deal

Grab the complete C# coding bootcamp for $41!

Your go-to laptop guide

Introducing our ultimate laptop buyer's guide

Listen here

Attn Android and iPhone users: What you need to know about Windows phone

Old is new?

The original Surface Pro still holds its own in the 2-in-1 world

Xbox Greenlight?

No, internet, Microsoft isn't opening Xbox to all UWP games

Falling in love

HP Envy 34 review: An ultrawide curved all-in-one after my heart

2015 machine in 2017?

Surface 3 still holds its own in 2017

Let Kodi cut your cord

You should be using Kodi for Windows 10

< >
Welcome to the Windows Central Forums Create Your Account or Ask a Question Answers in 5 minutes - no registration required!
Results 1 to 6 of 6
Like Tree1Likes
  • 1 Post By Rafcayey
  • 1 Post By that guy with the face
  1. that guy with the face's Avatar
    Member

    Posts
    6 Posts
    Global Posts
    7 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
       #1  
    I've seen it listed as a feature, but I'm not sure how to implement it. Is it as easy as turning on a lock screen password like in IOS, or is there more to it? I've searched everywhere and can't find any details. Are there hardware level encryption chips in WP8 devices (920 in my case) or is it software based? What encryption algorithm is in place? Strength?
  2. Rafcayey's Avatar
    Member

    Posts
    1 Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #2  
    I found this about encryption. hope this helps.

    Windows Phone Security | Windows Phone (United States)
  3. that guy with the face's Avatar
    Member

    Posts
    6 Posts
    Global Posts
    7 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
       #3  
    Here is the important part of the PDF regarding encryption:

    Device encryption
    To help keep everything from documents to passwords safe, Windows Phone 8 includes a device encryption feature.
    6
    Device encryption in Windows Phone 8 utilizes BitLocker technology to encrypt all internal data storage on the phone with AES 128. Encryption is enabled by either EAS policy (RequireDeviceEncryption) or device management policy, and once enabled, BitLocker conversion automatically begins encrypting the internal storage. The encryption key is protected by the Trust Platform Module (TPM) which is bound to UEFI Trusted Boot to ensure the encryption key will only be released to trusted boot components.
    With both PIN-lock and BitLocker enabled, the combination of data encryption and device lock would make it extremely difficult for an attacker to recover sensitive information from a device.


    ALSO:

    Although the Windows Phone 8 operating system and user data partitions are encrypted, files on SD cards that are inserted in the phone are not encrypted.


    So it appears that you need to connect the WP8 device to your Exchange ActiveSync network, AND toggle "RequireDeviceEncryption" for your details to be secured. I'm not sure what they're talking about RE: device management policy, because unless it's another facet of EAS, it is just a set of rules you set in place within your company like don't take pictures inside the lab. So there isn't whole device encryption for the average user, and only having a 4 digit pin is easily crackable via computer or simply looking at fingerprints. Why there's no option for a keyboard to make more secure passwords is also lost on me. Another caveat to encryption is that it does not secure files on removable SD cards. I always liked that feature on Android, even though my 920 doesn't have one. This is all a bit concerning and has made me less trusting of my 920 in the months I've had it. I've resorted to using my iPad as my primary device, and only using my 920 for phone calls and to check WPCentral because the apps awesome. One last off topic thing/rant keeping me from using my phone is the Bing search button. I love it when I need it, but the other dozen times a day or more I hit it (or look at it, or breathe near it, or think "I hope I don't hit the Bing button while I'm 30 minutes in to recording an hour concert") literally frazzles my nerves.
  4. manicottiK's Avatar
    Member

    Posts
    659 Posts
    Global Posts
    660 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #4  
    Yes, activating whole device encryption is something done by your Exchange server or "mobile device management" administration -- it is not a user-selectable option. Those administrators can also set the screen timeout, pin length, and pin type (numeric only or full range of characters from the regular keyboard).

    One of the unusual things about WP8 is that the SD card is read-only. This means that apps can read data from the card, but not copy things to it or modify what's there. Because it can't be written to, it can't be encrypted (which would need to read the existing data, encrypt it, and write it back). Because the card can't be encrypted, the Exchange Active Sync policy that requires card encryption fails on WP8 devices.

    For you, assuming that you use Exchange, you can try to convince your admin to create a security policy for you (and other WP8 users) that turns on full device encryption while not requiring removable storage encryption. The work involved is fairly minimal. The risk to the business (let's pretend that it's one governed by strict data leakage laws, like medicine or finance) is that you'd have two devices, one WP8 and another that does have removable storage. Since the Exchange security policy is set per user rather than per device type, the new policy that you had set up could allow unencrypted data to leak out of the organization via the SD card on the non-WP8 device.

    Microsoft can address this in different ways. It could have phone models that lack an SD slot "lie" to the server, saying that the card is encrypted and justifying it on the basis of there being no actual risk since there is no actual card. It could have all models "lie" to the server, saying that the card is encrypted when it isn't, justifying it on the basis of not creating a risk for data to "leak" from the phone to the outside world. It could create a new policy that says "force encryption on writeable removable card" and advise administrators to switch to that. I would go on, but won't.
  5. that guy with the face's Avatar
    Member

    Posts
    6 Posts
    Global Posts
    7 Global Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
       #5  
    I'm more concerned about the every day user. I'm disappointed that Microsoft doesn't allow non exchange users the ability to set more secure passwords I.E. with a full keyboard, and doesn't automatically encrypt user data (when you set up a pin code).
    johnteeples likes this.
  6. Bogdan Verbenets's Avatar
    Member

    Posts
    2 Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    #6  
    How do I know if my phone is encrypted or not without knowing the policy details? Is there a screen anywhere in the settings that can show this? Or maybe an artifact by which I can infer this?

Similar Threads

  1. Why WP8 not coming to WP7 devices makes sense.
    By paulheu in forum Windows Phone 8
    Replies: 33
    Last Post: 06-27-2012, 05:42 PM
  2. Replies: 30
    Last Post: 06-11-2012, 11:29 PM
  3. Is HP Thinking About A WP8 Device?
    By fatclue_98 in forum Upcoming & Rumored Windows Phones
    Replies: 35
    Last Post: 06-07-2012, 11:29 AM
  4. WP8 for current devices
    By Dormage in forum Windows Phone 7
    Replies: 9
    Last Post: 05-27-2012, 02:38 PM
  5. Speculations about Wp8/Apollo devices?
    By Ky772 in forum Windows Phone 7
    Replies: 6
    Last Post: 03-28-2012, 12:38 PM

Posting Permissions