How secure is Windows Phone 8.1? Very!

Published by at

Deep in the bowels of Microsoft's web site, we came across a white paper on Windows Phone 8.1's (and Windows's) security, linked and quoted below. In these days of malware, phishing and hacks (especially on Android*), it's somewhat reassuring to know that quite a bit of care has been taken to keep Windows Phone users safe and secure.

* As someone who also uses an Android device, I wouldn't worry too much, usual safe practices, like only downloading from the official Google Play Store, checking developer names and reputuations, not clicking on links in unsolicited messages, will all help keep you pretty safe.

The Microsoft white paper can be found (and downloaded for free) here. It's quite long and very technical!

A brief extract, here's one of the main passages concerning Windows Phone security:

The modern threats that organizations face require more than software solutions. Trust and security must be anchored in standards-based security hardware. Windows Phone is built on top of just such a foundation, which enables the protection of the Windows Phone operating system, the apps, and the data stored on the device. The trustworthy hardware components that Windows Phone supports include:

  • UEFI. Help protect your devices from firmware master boot record rootkits (or bootkits) by using UEFI. This replacement for a traditional BIOS helps ensure that only trusted software is booted on the device and prevents malware from being booted on the device.
  • TPM. Perform cryptographic calculations and help protect the public key certificates by using this security processor. You can use the TPM to enhance authentication and identity control by using TPM with virtual smart cards for MFA.

Malware resistance

It is imperative that all devices be resistant to malware, but its even more important for mobile devices like smartphones. Windows Phone devices are frequently used in public, unsecured places, and thieves and security attackers look at smartphones as easy prey. Windows Phone includes features that help make these devices highly resistant to malware. Each is discussed in later sections.

Boot process

Windows Phone uses some of the same technologies that Windows 8.1 uses to secure the boot processspecifically, UEFI and its Secure Boot component. Secure Boot is a feature of UEFI that helps protect devices against malware or other tampering during the boot process.

When a Windows Phone device starts, the firmware starts the boot loader only if the boot loaders digital signature has maintained integrity and the boot loader is signed by a trusted authority that is registered in the UEFI database. In the case of all Windows Phone devices, the Windows Phone boot loader signature is trusted.

For Windows 8.1 operating systems, you can disable Secure Boot. Windows Phone and Windows RT devices are designed to run only their respective operating systems, so Secure Boot cannot be turned off and users cannot load a different operating system.

Trusted Boot

As mentioned in the UEFI section above, UEFI Secure Boot verifies that the boot loader is trusted, and then Trusted Boot protects the rest of the startup process by verifying that all Windows boot components have integrity and can be trusted. The boot loader verifies the digital signature of the Windows Phone kernel before loading it. The Windows Phone kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers and startup files.

If a file has been modified (for example, if malware has modified the file to launch malicious code), Trusted Boot protects all of the Windows components and prevents any components that have been tampered with from starting.

System and app integrity

After Trusted Boot has completed the startup process, Windows Phone loads the system components and any apps that are loaded automatically at startup. The system components and apps must be properly signed before Windows Phone will load and start them. If a malicious user or code has tampered with the system component or app files, the corresponding component or app will not be loaded and started.

Unsigned apps are unable to run on Windows Phone, because an app must be signed to be in the Windows Store or be signed with the organizations enterprise development signature. Because all system components and apps must be signed, it is extremely difficult for attackers to run malicious code on a device.

Microsoft security development life cycle

Windows Phone 8.1 is the culmination of many years of effort from Microsoft. With each release, Windows operating systems improve their defense-in-depth implementation for security. The strategy is derived from the Microsoft Security Development Lifecycle (SDL), which ensures that our research and development teams create software that is secure by design and can eliminate or at least mitigate potential security risks. The use of the SDL has paid big dividends in the case of Windows Phone and has created an environment that contains far less malware than peers such as Apple iOS and Google Android. 

Quite a claim there, at the end, but reading through the white paper, you do get a sense that great care has been taken to lock down Windows Phone. This is a policy which geeks occasionally come up against when trying to do something 'interesting' on the platform, but the benefit for the wider userbase is substantial.

Concepts such as 'rooting', 'escalated privileges' and 'custom firmware' are, quite simply, alien to Windows Phone. Again, annoying to über-geeks, but reassuring to the vast, silent majority. And, thanks to the white paper, you now know how it all works.

Source / Credit: Microsoft