The Windows 10 April 2018 update has arrived! Get the new Dell XPS 15, starting at $999.99
07-14-2016 08:50 AM
43 12
tools
  1. PGrey's Avatar
    Exactly and then on top of that MS signs the application. And even if you publish something malicious it is contained in its own virtual environment and within a randomly generated memory location. So the worst you could do is get someone's contacts if they allow you permissions. Anything the app tries to do outside of the scope of what the user allowed won't work. Plus users can restrict it even further in privacy settings.
    That's if you're user-mode based. If you're a user-mode app that installs a driver, say a so-called Bluetooth filter driver, then your breadth of penetration can increase greatly.
    I haven't studied the BT driver-model in W10m, so that may not be the best example, just an example.
    While I realize this is an unlikely (and hopefully never an issue), I'm not convinced that it's really quite as tight as one would assume.

    I agree, the new SecureBoot mechanisms (which can be compromised) make this far less likely, which is good stuff, but impossible, no.
    Difficult and VERY unlikely with the attack surface/base on Windows phone, VERY unlikely, fortunately.

    There was a movement afoot to sandbox all the drivers, way back, but to my knowledge this is still mostly just a great idea, with a LOT of complications involved in implementation.
    Most drivers, as they stand today, are not virtualized in any way, and have full run, if they become "trusted".
    07-12-2016 11:15 AM
  2. a5cent's Avatar
    Okay, then explain *exactly* how malicious code is prevented from being published in the store?
    I can publish a utility, and obtain a driver cert, and as long as it matches my "company", and meets certain guidelines, I'm allowed to publish.
    In this thread we're talking about malware in the context of PHONES. Nothing else. To me it sounds like you have some Windows dev experience and expect your knowledge to translate to the WP OS, which is rarely the case.


    First off, can you provide a link describing how you get a driver cert for a phone app you published to the app store?


    In the context of phones this sounds very fishy to me.
    Last edited by a5cent; 07-12-2016 at 12:54 PM.
    Kevin Rush likes this.
    07-12-2016 12:40 PM
  3. anthonyng's Avatar
    Nobody bothered due to small or near non-existent market share.
    I used to say that about macs and ios years back. People with their infected computeres kept asking me is it better than windows? There's no viruses right?

    Bottom line it's true.
    07-12-2016 01:11 PM
  4. PGrey's Avatar
    In this thread we're talking about malware in the context of PHONES. Nothing else. To me it sounds like you have some Windows dev experience and expect your knowledge to translate to the WP OS, which is rarely the case.


    First off, can you provide a link describing how you get a driver cert for a phone app you published to the app store?


    In the context of phones this sounds very fishy to me.
    Sure, this link talks about getting it signed for multiple platforms, including phone:
    https://msdn.microsoft.com/windows/h...versal-drivers

    I didn't sign up for an account, I don't have any current dev setups anyway, or even VS 2015. This is clearly the next step.
    You're correct, I have previous dev. experience, which is definitely dated, in particular with regards to the new boot process.

    I don't doubt this is hard/tricky, much more so on the phone, but do I see a complete block, well, I'm not so sure.
    I don't think it's really all that interesting of a discussion anyway, beyond the academic side, given the lack of install base.
    What is important though, I think, is to not dismiss this outright. If you search around on the new boot loader process, you can find lots of articles poking similar holes in it. Granted, they're mostly desktop (as per above), but some talk about the mobile possibility as well.

    I actually did some test work earlier in Windows cycles, to try and prevent this type of issue, making sure certain interfaces were valid, and robust, which sort of eliminates another big chunk of "potential" in this category, but not completely. It was always a vexing problem to discuss.

    I don't like it when people just say "you're a big liar", without backing things up, per one of the previous posters. That to me is just uncalled for, and unprofessional, in a forum, but I guess everyone is entitled to their "opinion".

    I'm a HUGE fan of the UWP idea, a proponent since the VERY early Windows phone days, back around 2010, in 7.0, when it was first being vetted.
    It's cool to see it taking off, now, sure wish it had happened 6-12 months back...
    a5cent likes this.
    07-12-2016 02:01 PM
  5. PGrey's Avatar
    I used to say that about macs and ios years back. People with their infected computeres kept asking me is it better than windows? There's no viruses right?

    Bottom line it's true.
    Yep iOS is far LESS vulnerable, partlt because of the modular kernel design, and partly because of the almost-completely-closed-very-tightly-controlled system. This doesn't make it impenetrable to things like buffer overruns, and communication driver holes, however, just far less vulnerable.

    Yeah, there were never any Mac viruses...

    Someone brought up the router DNS issue, where a buffer exploit was used. I don't believe this was as widespread as you hear, but it definitely makes you think about what's really a "safe" device.
    07-12-2016 02:26 PM
  6. Pete's Avatar
    As interesting as this driver discussion is, the actual capabilities of the universal driver API framework hasn't been covered. I'm willing to bet that the sandboxing that covers app development also umbrellas driver development in only allowing functionality within constrained boundaries.

    I suspect that whatever thoughts you've raised have also been explored by many others. If there were a vulnerability, we'd know about it by now.
    Kevin Rush and a5cent like this.
    07-12-2016 02:46 PM
  7. PGrey's Avatar
    I don't believe sandboxing of (most anyway, some things like video are "different") drivers has really ever taken place.
    It's expensive, and insanely complex, given the interoperability issues. If you have a pointer, I'm definitely interested...

    The exploits are just too expensive (both in terms of time and money) to use, unless the balance were different somehow. I believe this was part of making the process just that much more difficult, it made it harder for "Widgets Inc." to publish whatever they wanted, in kernel space.
    07-12-2016 04:21 PM
  8. Pete's Avatar
    I don't believe sandboxing of (most anyway, some things like video are "different") drivers has really ever taken place.
    It's expensive, and insanely complex, given the interoperability issues. If you have a pointer, I'm definitely interested...
    Taken from the page you linked to above

    A Universal Windows driver calls only device driver interfaces (DDIs) that are part of UWP. These DDIs are marked as Universal on the corresponding MSDN reference pages.
    This implicitly creates a sandbox wall around the capabilities of Universal Drivers and doesn't give unfettered access to the kernel in the same way as you could with the traditional Win 7 (and earlier) API framework. Back then, I could have all sorts of fun simply with VBScript.

    I don't think that the only hurdle to create malicious code on Windows Phone is that of effort, I believe that there's more fundamental barriers in place that prevent this from happening.

    You might want to look around on the XDA forums, which are more developmentally orientated than this community and will give you the hard facts.
    a5cent, Krystianpants and mtf1380 like this.
    07-13-2016 01:34 AM
  9. a5cent's Avatar
    ^ Pete summed up my own suspicions very well.
    I'm certain that the hypothesized driver exploit isn't doable on WP8.1. Primarily because that sort of access isn't available. Unfortunately, I don't know enough about W10M to make the same assertion for the UWP.

    If I was judge, I'd say the hypothesized driver exploit is still too fishy to be accepted as evidence by the court. ☺
    Anyway, I'm happy to see more technically minded people around here, whether I (know enough to) agree with them or not 😁.
    07-13-2016 06:17 AM
  10. Krystianpants's Avatar
    That's if you're user-mode based. If you're a user-mode app that installs a driver, say a so-called Bluetooth filter driver, then your breadth of penetration can increase greatly.
    I haven't studied the BT driver-model in W10m, so that may not be the best example, just an example.
    While I realize this is an unlikely (and hopefully never an issue), I'm not convinced that it's really quite as tight as one would assume.

    I agree, the new SecureBoot mechanisms (which can be compromised) make this far less likely, which is good stuff, but impossible, no.
    Difficult and VERY unlikely with the attack surface/base on Windows phone, VERY unlikely, fortunately.

    There was a movement afoot to sandbox all the drivers, way back, but to my knowledge this is still mostly just a great idea, with a LOT of complications involved in implementation.
    Most drivers, as they stand today, are not virtualized in any way, and have full run, if they become "trusted".
    To update firmware which hosts a lot of the driver instructions for those stacks would require you to have a signing key from MS. If that key ever got out in public then it would be a problem. Luckily it can be revoked and have a new one generated. And sure it can be bypassed if you're skilled but you need access to the hardware directly.
    On top of that a TPM is used which has a cryptoprocessor dedicated to that specific device. It can verify hardware/software integrity. It's still vulnerable no doubt. Both android/ios devices have been rooted. It's only a matter of time before the same happens to windows mobile. It's not an easy process though and takes a large amount of skill. And of course you need to have the device with you. But point is that while your phone is not rooted it will maintain security. Even android phones are not subject to a lot of different exploits unless they are rooted. Sometimes they are sure, but that's the nature of android unfortunately. It's easier to attack a fully open sourced OS and it also relies on open source libraries that aren't necessarily tightened down heavily.

    Anyways, as it stands today you can't really have much done to your phone from a store app. So if you stick with that you likely won't have many issues. MS is pretty hard on security in order to have businesses invest into windows mobile.

    And as far as you getting a drivers cert. It doesn't work that way. MS deals with all the drivers themselves and package them as part of the full mobile package that is installed. Regular companies don't have access to install drivers in their apps. They have a layer of access to the OS which is the API. That allows them to do what they need and is hardened down so that they don't get anymore access than that. This UWP api is also resulting in complaints from some people in the industry due to its hardened down nature. Gamers in particular are scared of not being able to mod properly as you can't do anything like with w32 which would allow you to inject things into executable code and alter how things work. MS is instead trying to build the API to allow for a modding type framework. So UWP api is still a work in progress likely till redstone 2. It will always be enhanced as new features come out, but it is far from being on par with w32.
    07-13-2016 09:41 AM
  11. PGrey's Avatar
    Taken from the page you linked to above



    This implicitly creates a sandbox wall around the capabilities of Universal Drivers and doesn't give unfettered access to the kernel in the same way as you could with the traditional Win 7 (and earlier) API framework. Back then, I could have all sorts of fun simply with VBScript.

    I don't think that the only hurdle to create malicious code on Windows Phone is that of effort, I believe that there's more fundamental barriers in place that prevent this from happening.

    You might want to look around on the XDA forums, which are more developmentally orientated than this community and will give you the hard facts.
    Actually, the Universal DDI include things like PhystoVirt and the whole works, I did a little browsing. They also include IoCtl build-outs, the whole works.
    While the Universal DDI doesn't include "the world" in DDIs, it does include plenty that are free-ranging APIs, i.e. not limited to a virtual address space.
    I still think the biggest hurdles are the process to get signed (this is expensive and complex now, always was, and all the loopholes are closed now), and the fact you have to write a fully-functioning driver, and even then, you have a really low target surface, for Windows phone.

    No question, this was MUCH simpler back in the <=Win7 days, when, like you say, you could scribble something together relatively easy, and create your own test-cert, which just required a user saying they were okay with install.
    The new boot mechanisms and such have added robustness here too, and combined with the above points, it seems really unlikely this would ever happen.

    I agree though, XDA is probably a better place to have a discussion about this. I was simply responding to several who said "can't happen", and it got a bit out-of-hand, my old "you can build it, if you have the resources" mentality kicked in...
    07-13-2016 12:21 PM
  12. PGrey's Avatar
    To update firmware which hosts a lot of the driver instructions for those stacks would require you to have a signing key from MS. If that key ever got out in public then it would be a problem. Luckily it can be revoked and have a new one generated. And sure it can be bypassed if you're skilled but you need access to the hardware directly.
    On top of that a TPM is used which has a cryptoprocessor dedicated to that specific device. It can verify hardware/software integrity. It's still vulnerable no doubt. Both android/ios devices have been rooted. It's only a matter of time before the same happens to windows mobile. It's not an easy process though and takes a large amount of skill. And of course you need to have the device with you. But point is that while your phone is not rooted it will maintain security. Even android phones are not subject to a lot of different exploits unless they are rooted. Sometimes they are sure, but that's the nature of android unfortunately. It's easier to attack a fully open sourced OS and it also relies on open source libraries that aren't necessarily tightened down heavily.

    Anyways, as it stands today you can't really have much done to your phone from a store app. So if you stick with that you likely won't have many issues. MS is pretty hard on security in order to have businesses invest into windows mobile.

    And as far as you getting a drivers cert. It doesn't work that way. MS deals with all the drivers themselves and package them as part of the full mobile package that is installed. Regular companies don't have access to install drivers in their apps. They have a layer of access to the OS which is the API. That allows them to do what they need and is hardened down so that they don't get anymore access than that. This UWP api is also resulting in complaints from some people in the industry due to its hardened down nature. Gamers in particular are scared of not being able to mod properly as you can't do anything like with w32 which would allow you to inject things into executable code and alter how things work. MS is instead trying to build the API to allow for a modding type framework. So UWP api is still a work in progress likely till redstone 2. It will always be enhanced as new features come out, but it is far from being on par with w32.
    Yeah, the TPM business makes this harder, without a doubt. From my reading though, OEMs have an option to disable it, if they want, and it's dynamically disable-able as well.

    On the certs, unless something has change, you can get a co-signed cert, which is trusted by MS, or at least you used to be able to, maybe that part's changed, I'm not 100% on top of all the current driver models/rules.
    This was to make it possible for people to distribute their own packages, via their OEM/IHV release points, and that kind of thing.
    I see utilities that are outside of the Store, for the phone, and I wonder, if they can also install a driver this way, maybe it's not possible.
    I fully admit to not being a mobile developer, and certainly not current on W10m, in terms of driver trust models and the like.

    This page here describes how to get your package all set up for install on mobile though, and does appear to be current:
    https://msdn.microsoft.com/windows/h...DkdnB8NuxaTA)()
    Distribution for install is trickier, unless they're side-loading, covered here:
    https://msdn.microsoft.com/en-us/win...r-package-win8

    UWP is definitely getting restricted, but that's not the same as Universal DDI interfaces, the ones you'd use for a driver that was portable to any OS. The Universal DDI set is NOT restricted to a given virtual address space, at all, if you go look at some of the old DDIs we used to use, when writing test drivers (I was curious, so I looked up a few common ones, avoiding downloading the whole WDK).

    I 100% agree, the barriers are MUCH higher, the complexity is way up there, there's the boot protection and other components in-place as well.
    Is this good, you bet, I really don't want my phone getting compromised.
    Is it iron-clad, well, maybe, but my old, dated, developer-sense is saying that is just really difficult now, perhaps difficult enough that it's not viable, which is almost as good as the former.

    I probably carried this discussion too far, but when people started saying things like "you're just wrong" with no basis, I got a little fired up, and dug into the latest docs a bit, to see how accurate my old constructs were. Turns out, they're not that far off, but new additions have been added, and that we're "mostly safe", IMHO.

    -pete
    07-13-2016 12:36 PM
  13. PGrey's Avatar
    ^ Pete summed up my own suspicions very well.
    I'm certain that the hypothesized driver exploit isn't doable on WP8.1. Primarily because that sort of access isn't available. Unfortunately, I don't know enough about W10M to make the same assertion for the UWP.

    If I was judge, I'd say the hypothesized driver exploit is still too fishy to be accepted as evidence by the court. ☺
    Anyway, I'm happy to see more technically minded people around here, whether I (know enough to) agree with them or not .
    Could be "too fishy" the lynch-pin is *if* you could get your driver signed/installed on phone devices. It sure looks to me like it's VERY difficult on phone devices, but nothing I read said "you can't add your NDIS filter driver" to a phone, if it has merit, as part of an app. Say if I wanted to build a cell data-limiter, which people on various cellular forums are often clamoring for, to prevent their kids from nuking their cell limits (me, I just talk to mine, and have the ultimate, "we can always just turn off data if you prefer" clause, but whatever).

    I enjoy the technical side of this, as it was my roots, in the Win group, but I'm long out of the loop (all tech PM now, with maybe an enlistment of the code my group is working on, at-best), haven't written any real code, certainly not an kernel-level code for a really, really long time now. But, a lot of the kernel and constructs are the much the same, with adjustments/tweaks, having "grown up" from the WinNT days. Dave Cutler and his "crew" were a insanely smart bunch, and a lot of those old interfaces persist, to some degree.
    07-13-2016 12:44 PM
  14. Mad Cabbie's Avatar
    Anyone got a length of rope and a chair?? ;-)
    07-13-2016 01:34 PM
  15. PGrey's Avatar
    Anyone got a length of rope and a chair?? ;-)
    Yeah, I already said I knew the conversation had gotten a bit long-winded, no need...
    Probably if a couple of posters hadn't said "you're just wrong" with no backup data, I would've not gone off the deep-end.

    I'll go back to quietly awaiting my firmware update now, and fiddling with my phone accordingly, and not incite "malware" posters ;-]

    -pete
    07-13-2016 02:12 PM
  16. Pete's Avatar
    Yeah, I already said I knew the conversation had gotten a bit long-winded, no need...
    Probably if a couple of posters hadn't said "you're just wrong" with no backup data, I would've not gone off the deep-end.
    Actually, you've provided us with an extremely well-reasoned and informed discussion, and it's been refreshing to see and participate here.
    a5cent and mtf1380 like this.
    07-13-2016 03:05 PM
  17. Danobe's Avatar
    Yeah, I already said I knew the conversation had gotten a bit long-winded, no need...
    Probably if a couple of posters hadn't said "you're just wrong" with no backup data, I would've not gone off the deep-end.

    I'll go back to quietly awaiting my firmware update now, and fiddling with my phone accordingly, and not incite "malware" posters ;-]

    -pete
    I think he was referring to "lynch-pin". It's usually spelled "linchpin" :)
    07-14-2016 06:45 AM
  18. digitaldd's Avatar
    I have to say that this thread is the kind of Windows 10 mobile thread i have been seeking for a while.
    07-14-2016 08:50 AM
43 12

Similar Threads

  1. ONE DAY ONLY Surface 3 LTE Bundle on QVC $700
    By RumoredNow in forum Expired & Archived Deals
    Replies: 3
    Last Post: 07-13-2016, 04:38 PM
  2. Will the mobile branches ever merge?
    By Schnuffi in forum Windows 10 Mobile
    Replies: 10
    Last Post: 07-12-2016, 02:46 AM
  3. Lumia icon t-mobile no pictures in messages
    By wp8-1 in forum Ask a Question
    Replies: 7
    Last Post: 07-11-2016, 10:11 PM
  4. Microsoft 950 extreme battery drain on new phone, what could the problem be?
    By Windows Central Question in forum Microsoft Lumia 950
    Replies: 3
    Last Post: 07-10-2016, 09:00 AM
  5. Why isn't my Windows 10 store not working?
    By Windows Central Question in forum Windows 10
    Replies: 1
    Last Post: 07-10-2016, 02:04 AM
LINK TO POST COPIED TO CLIPBOARD