12 security levels in Windows Phone 8 using the Lumia 1520 as an example

    With the coming, Habr!



    On the eve of the New Year, for many it has become a good tradition to take stock and draw up ratings based on IT events of the outgoing year. We decided not to follow these trends, but we could not resist making lists.

    So, meet: 12 reasons why the new Lumia 1520 and other Nokia smartphones on Windows Phone 8 are truly protected smartphones.


    1. Nokia Lumia 1520, like other devices on Windows Phone 8, meet Microsoft's strict hardware requirements, i.e. to smartphone components. This greatly reduces the possibility of hacking at the hardware level, and on the other hand, significantly simplifies the work with applications for programmers and end users.

    2.The Lumia 1520 and any other Windows Phone 8 device has a Trusted Platform Module (TPM) version 2.0 chip.
    It is a cryptoprocessor that stores cryptographic keys to protect information and is a fundamental element of the device’s security system.

    3. Nokia Lumia 1520 uses an extensible UEFI Secure Boot firmware interface, which can be called the new BIOS of this decade. Any UEFI Secure Boot layer, including the firmware itself, bootloader, kernel, and kernel extensions, has a cryptographic signature. Thanks to the automatic detection of signatures, the system will not allow you to continue loading if any of the layers has been replaced by an attacker.

    4.Cryptographic encryption of signatures is not limited to UEFI Secure Boot - the entire operating system and each application uses digital signatures to protect the smartphone from external intrusions.

    5. All updates for Nokia Lumia 1520 and for other devices of the line are released only by Nokia and Microsoft. In addition, all the additions and corrections in the services responsible for system security comply with the strict standards of Nokia and the Microsoft Security Response Center.

    6. Nokia Lumia smartphones on Windows Phone 8 allow you to set the lock using alphanumeric and complex passwords.

    7.The internal memory of the Lumia 1520 and other Nokia devices on Windows Phone can be fully encrypted using BitLocker technology. Moreover, the BitLocker key itself is issued by the TPM 2.0 chip only if two conditions are met:
    - the device successfully passes the UEFI Secure Boot secure boot process;
    - the data warehouse itself (physically) is in the device.

    This means that you can only receive encrypted storage data from the device itself. The scenario with connecting the internal memory to another operating system or to another device on Windows Phone 8 is not possible. BitLocker technology helps minimize the possibility of offline penetration, especially if the device is locked using a complex password.

    8.Each application for Windows Phone 8 works in its own isolated “camera” (chamber), including system applications of the OS itself.

    In other words, each application gets access only to those resources that it needs to complete the tasks. The application will not be able to reset the restriction of access rights, nor will it be able to interact with other applications through direct communication or through the clouds. In addition, it will not be able to access the cache of memory, data, or the keyboard of another application.

    How it works? Each application has a certain marker that tells the operating system that the application uses one or another functionality. For example, the Navigator application announces that it is using a location service and Internet access. When installing such an application, the operating system will generate a “camera” based on the announced capabilities. And if suddenly in the process the application tries to access the media library, access will be instantly limited.

    9. The native browser in Nokia Lumia 1520 runs in a virtual “sandbox” (this process is also called sandboxing). Windows Phone 8 by default uses a secure version of Internet Explorer 10 with built-in anti-phishing filters and specially disabled plug-in support.

    The sandboxing principle itself also works for other applications, and a few rules apply. Applications cannot interact with each other. The file system structure is hidden from applications, all input / output operations are limited to Isolated storage. Each application has its own isolated storage, and access to it is limited only by this application.

    10.We should also mention data protection in applications: Windows Phone 8 provides an additional level of encryption thanks to the Data Protection API. Intelligent technology uses the entropy of data on the device to automatically generate new keys. This, in turn, speaks of a standardized system for generating, storing and managing cryptographic keys. Each application gets its own unique key on first launch.

    eleven.However, even the highest level of encryption will not be able to protect the device authorized by the user from the exchange (intentional and not intentional) of data with unverified sources. That's why Rights Management System (IRM) is a critical component of smartphone security systems based on Windows Phone 8. By the way, Windows Phone 8 is the only smartphone platform with an integrated IRM rights management system that can effectively prevent data leaks.

    12. Finally, the data synchronization of Nokia Lumia smartphones on Windows Phone 8 with most cloud services, such as Office 365 and Exchange and SharePoint servers uses SSL 3.0 with AES 128 or 256 encryption.

    Also popular now: