Site icon IT World Canada

Understanding Cybersecurity on Smartphones (UCS-Sph) Part 2

This second article of the Understanding Cybersecurity on Smartphones (UCS-Sph) series delves into Microsoft’s Windows Phone, a mobile OS that has undergone significant changes over the years. The Windows Phone was first known as Windows Mobile in its early days, until Microsoft recognized the need to adapt and innovate in response to the competitive landscape of the smartphone market. After the changes introduced by Apple (iOS) and Google (Android) in 2007, Microsoft decided to take a new direction and created Windows Phone as a response. This article delves into the history, evolution, and unique features of Microsoft’s Windows Phone, from its early beginnings as Windows Mobile to its updates and innovations as Windows Phone.

Contents

  1. Learning Basics: Windows OS History.
  2. Getting into Cybersecurity: Windows Vulnerabilities and Risks.
  3. Adversarial techniques.
  4. Dissecting Malware: Types of Windows OS Malware.
  5. Mitigating Windows Attacks: The current solutions.
  6. Utilizing Windows Mobile Services: The trend now..
  7. What is Next:

 

1.    Learning Basics: Windows OS History

The development of Microsoft’s mobile OS is a fascinating story of technological evolution and market competition. What factors led to the creation of Windows Phone, and how did it differ from its predecessor, Windows Mobile? How did Microsoft respond to the rise of Apple’s iOS and Google’s Android, and what impact did this have on the development of Windows Phone? These are just a few of the questions that arise when we consider the dynamic history of the mobile OS. Let’s look at Figure 1‘s timeline of significant Windows Mobile releases and events from 1999 to 2019 to get some answers to these queries.

Figure 1: Windows OS timeline from 1999 until 2019

 

Windows Mobile launched in 1999 as the Pocket PC 2000, which operated on Pocket PC PDAs. However, Windows Mobile’s origin story goes back to Windows CE, released in 1996 [1]. The evolution of Microsoft’s mobile OS has gone through several name changes and updates over the years. In the early to mid-2000s, Windows Mobile 2003, Windows Mobile 2003 SE, and Windows Mobile 5.0 were its foundation. In the late 2000s, Windows Mobile 6.0, 6.1, and 6.5 were introduced, and Windows Phone 7 and 7.5 (Mango) followed in the early 2010s. The OS was renamed Windows 10 Mobile in 2015, after the release of Windows Phone 8 and 8.1 in 2012 and 2013, respectively. However, Microsoft’s entry into the mobile phone industry ended in 2017 when it stated that mainstream support for Windows Phone 8.1 and Windows 10 Mobile would expire in 2019 [2].

The mobile OS underwent various improvements and changes to its user interface, features, and functionality to keep up with the rapidly evolving mobile landscape. The new interface, for example, was designed to be more modern, user-friendly, and optimized for touchscreens, as touchscreen technology was becoming more prevalent in smartphones. Windows 10 Mobile was also released to deliver a consistent experience across all Windows devices, such as PCs, tablets, and smartphones. However, despite these efforts, Windows Mobile failed to gain a significant market share and eventually faced stiff competition from other mobile operating systems, such as iOS and Android [3].

Several factors contributed to the decline and eventual termination of Windows Phone. Some of the key reasons are as follows:

Instead of focusing on building and maintaining its own mobile OS, Microsoft shifted its attention to creating applications and services for other mobile OSes, such as Android and iOS. Additionally, Microsoft is now focusing on offering enterprise mobility solutions through tools, such as Microsoft Endpoint Manager and Microsoft 365, which enable businesses to manage and secure their mobile devices, applications, and data. This move suggests that Microsoft is still invested in the mobile space, but is choosing to approach it from a different angle that better aligns with its current strengths and market realities [6].

Figure 2: Windows Phone Architecture [c4-5]
Although the Windows Phone architecture is similar to that of the Windows OS for desktop computers, some differences arise as a result of the particular hardware and software requirements of the mobile platform. As shown in Figure 2, the architecture of Windows Phone is a sophisticated system of components that work together to provide a seamless user experience. At the heart of this architecture are several crucial elements that are instrumental in ensuring the stability and performance of the platform. These elements include the Task Host, which manages the processing of background tasks; the Core Application, which provides a range of services to developers; and the Platform Services, which allow the applications to interact with the underlying hardware. The Base OS Services also provide a range of low-level services critical to the platform’s proper functioning. The following list provides an explanation of each component:

The Windows Phone was primarily written using C++ and C#. Higher-level apps and user interfaces were created using C#, while lower-level system components were created using C++. The platform also used other programming languages for web-based applications, including JavaScript and HTML5.

For instance, Windows Phone 7 is written in .NET managed code, which handles error-prone tasks. It supports two popular programming platforms, Silverlight and XNA, and development is done in Visual Studio. Programs are packaged into XAP files, which are Silverlight application packages. In conclusion, C++ and C# were combined to create Windows Phone, with support for JavaScript and HTML, among other languages [7].

2.    Getting into Cybersecurity: Windows Vulnerabilities and Risks

One of the key features of Windows Phone is its security measures. Like Apple’s iOS, Windows Mobile OS takes a proactive approach to security by vetting and approving each piece of software uploaded to the Windows Store. This ensures that harmful programs cannot be downloaded onto the device, providing a safer and more secure user experience. In contrast to Android OS, Windows Mobile does not require special antivirus or anti-malware software, further simplifying the user experience.

The Microsoft Windows OS was the safest mobile OS for enterprises (from 2006 until 2009) before it was discontinued in 2010. In contrast, Android continues to be the mobile device paradise for cybercriminals. Look at Table 1 for Windows OS vulnerabilities trends with the following categories of vulnerabilities:

Table 1: Windows Mobile OS vulnerabilities trends from 2006 to 2009[1]

 

Year Types of Vulnerabilities Total Number of
Vulnerabilities
DOS CE OF MC SQLI XSS DT AB IG PE
2006               1
2007                 4
2008                   1
2009                 1
DOS: Denial of Service

CE: Code Execution

OF: Overflow
MC: Memory Corruption

SQLI: SQL Injection

XSS: Cross-site Scripting
DT: Directory Traversal
AB: Authentication BypassIG: Information Gain
PE: Privilege Escalation

 

3.    Adversarial techniques

Compared to Android and Apple iOS, Windows Phone has become less popular among users. Few techniques used for adversarial purposes against the Windows Phone OSs have been detected. Since the exact security mechanisms used for Windows OSs (PC) are employed to protect against emerging security threats for Windows Phone OSs [8], similar adversarial techniques are commonly used to compromise the Windows Phone OSes. So many third-party apps are widely available for Windows PCs and Phones, making it possible for adversaries to employ Windows malware to compromise smartphones. Any interaction between a Windows PC and a Windows phone (e.g., software updating and file transferring) opens a door for an adversary. In Table 2 some of the adversarial techniques that are used to compromise a Windows Phone are listed.

Table 2: Adversarial Techniques for Windows Phone [8]

Attack Phase Adversarial Technique Description Sample Malware
Propagation Removable Media Exploiting or copying malware to a Windows Phone connected to a Windows PC via USB. DualToy [9],
Tracking a device’s physical location through standard OS APIs via malicious/spyware applications on the compromised device.
Activation Privilege Escalation Exploiting the software vulnerabilities, including a programming error in an application, service, OS’s software, or kernel, to elevate privileges and execute an adversary-controlled code. FinFisher [10] and Wingbird [11]
Carrier Web Protocols Avoiding detection/network filtering by blending the malicious traffic in with existing traffic (e.g., HTTP/S) or mobile messaging services (e.g., Google Cloud Messaging (GCM) or Firebase Cloud Messaging (FCM)) Dark Caracal

(Adds a registry key to the Windows folder or abuses Word documents macros) [12]

Persistence Hijack Execution Flow Abusing Windows’ KernelCallbackTable is a process to hijack its execution flow to run the malicious payloads. FinFisher [10] and Wingbird [11]

 

4.    Dissecting Malware: Types of Windows Phone OS Malware

The emergence of mobile technology has brought with it a new set of security challenges, and Windows Phone OS is no exception. Malware designed for Windows phones can cause significant harm to users and their data. To understand the different types of Windows Phone malware, a taxonomy can be established based on the method of attack, as shown in Figure 3.

This taxonomy categorizes Windows Phone malware into four categories: Trojanized Gaming Applications, Code Execution, Man-in-the-middle Attacks, and Cross-Platform Viruses. In this taxonomy, each category represents a distinct method that malware authors can use to compromise Windows Phone OS devices. By understanding the attack methods, users and security professionals can take steps to protect their devices against these types of malware.

Figure 3: Taxonomy of Windows Phone OS malware

5.    Mitigating Windows Attacks: The current solutions

Analyzing security threats (man-made or machine-made) is needed to identify and mitigate security attacks against mobile OSes. Modern information security solutions (e.g., machine-learning-based approaches) rely on identifying anomalies that can identify false positive results, creating a sense of mistrust toward the system and thus requiring human effort to investigate cases. Effective artificial intelligence solutions can be used to improve situational awareness and implement effective protection measures [21]. A variety of artificial intelligence-based cybersecurity solutions are already introduced and reused for end devices (e.g., mobile devices, including Windows Phones), as follows:

IBM Maas360 provides a cloud-based Unified Endpoint Management (UEM) solution to manage and secure endpoints and end users, including applications, content, and data. MaaS360 can be utilized on all major mobile computing platforms, such as iOS, Android, and Windows Phones [21]. IBM MaaS360 Enterprise Mobility Management (EMM) tool is a mobile device management (MDM) tool introduced for Windows Phone devices. It has various features, including managing applications, devices, browsers, and email. It also provides some other unique solutions, such as mobile expense management, secure sharing of documents, and mobile threats management [23].

In this solution, deep learning algorithms are employed to identify structures used in malicious software. Deep Instinct can detect and prevent the execution of malicious software at all levels of the organization. To comprehensively analyze an attack, find how it has taken, and what kind of endeavors adversaries had, Deep Instinct has an On-Time Review and Remediate layer functionality, which provides visibility into the threats [21].

SparkCognition, an artificial intelligence system, has launched its DeepArmor solution to cybersecurity, which uses machine learning to identify unknown data and detect cyber threats. DeepArmor aims at fixing the vulnerability of the endpoint networks, such as laptops, mobile devices, and sensors [25].

QRadar Security Platform, designed by IBM for information security analysis, reveals hidden threats and automates the authentication process of threats. This system provides automated threat investigations and uses Artificial Intelligence to detect high-level risks. QRadar implements local data mining of information security attacks by collecting relevant network data [21]. IBM QRadar Advisor with Watson provides automated research for threats and actors [27].

6.    Utilizing Windows Mobile Services: The trend now

Unfortunately, Windows Phone has been discontinued by Microsoft since 2019, and there are no new trends in Windows Phone app development. Instead, Microsoft’s current focus on mobile devices is on creating applications and services for other operating systems like Android and iOS, and offering enterprise mobility solutions through tools like Microsoft Endpoint Manager and Microsoft 365. The following are some of the trends in Microsoft Mobile Services:

7.    What is Next:

Windows Phone OS was a mobile OS developed by Microsoft Corporation to compete with other mobile platforms, such as iOS and Android. However, despite being praised for its unique and innovative design, it struggled to gain significant market share, eventually fading away. Throughout its development and existence, Windows Phone OS faced several security challenges, including malware attacks and vulnerabilities, prompting researchers to study various aspects of its security.  Despite the decline of Windows Phone OS, the lessons learned from its development and security challenges remain relevant to the mobile industry. As mobile technology evolves, staying updated with the latest security trends and best practices to mitigate potential risks and threats is essential. In conclusion, Windows Phone OS may no longer be a player in the mobile market. Still, its history and security challenges provide valuable insights into the future of mobile security.

The next article in this series, “Understanding Cybersecurity on Smartphones (UCSSPh): Symbian, Tizen, Sailfish, Ubuntu, KaiOS, Sirin and Harmony,” will focus on the other seven public mobile OSs.

References:

[1] “Windows Mobile OS: A Brief History” by Sagar Khillar, Interesting Engineering, July 9, 2020.

[2] “A Brief History of Windows Mobile OS” by Russell Holly, Android Central, January 30, 2016.

[3] “A Visual History of Windows Mobile” by Daniel Rubino, Windows Central, April 29, 2015.

[4] IDC. (2016). Smartphone OS Market Share, 2015 Q4. Retrieved from https://www.idc.com/promo/smartphone-market-share/os

[5] Mohammad, Duaa R., Sajedah Al-Momani, Yahya M. Tashtoush, and Mohammad Alsmirat. “A comparative analysis of quality assurance automated testing tools for Windows mobile applications.” In 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pp. 0414-0419, 2019.

[6] Jansen, W. (2021). Microsoft 365 for Business and Enterprise. Springer International Publishing.

[7] Grønli, T. M., Hansen, J., Ghinea, G., & Younas, M. (2014, May). Mobile application platform heterogeneity: Android vs. Windows Phone v.s iOS vs. Firefox OS. In 2014 IEEE 28th International Conference on Advanced Information Networking and Applications (pp. 635-641). IEEE.

[8] Ahvanooey MT, Li Q, Rabbani M, Rajput AR. A survey on smartphone security: software vulnerabilities, malware, and attacks. arXiv preprint arXiv:2001.09406. 2020

[9] Claud Xiao, DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices, 2016.

[10] Allievi, A.,Flori, E. FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. 2018. https://www.microsoft.com/en-us/security/blog/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/

[11] Microsoft. Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. 2017. https://www.microsoft.com/en-us/security/blog/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/?source=mmpc

[12] Lookout, Dark Caracal: Cyber-espionage at a Global Scale, 2018, https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf

[13] NortonLifeLock. (2021). NortonLifeLock Cyber Safety Insights Report.

[14] Microsoft. (2015, July 23). Dialer.BZ: Premium phone scam trojan on Windows phones. Microsoft Security.

[15] BBC News. (2017). WannaCry ransomware cyber-attacks slow but fears remain. Retrieved from https://www.bbc.com/news/technology-39901382

[16] Luo, Y., Zhu, H., Wang, Z., & Liu, P. (2016). Kemoge: Understanding Mobile Ad Fraud in Action. Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC).

[17] Akamai. (2020). State of the Internet / Security: Phishing for Finance.

[18] “Acecard banking trojan now targeting Windows Phone users,” SC Magazine, 2015.

[19] KrebsOnSecurity. (2016). KrebsOnSecurity Hit With Record DDoS. Retrieved from https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/

[20] “Windows Phone SMS malware threat discovered in Russia” by Anthony Cuthbertson (2016)

[21] Vähäkainu, Petri, and Martti Lehto. “Use of Artificial Intelligence in a Cybersecurity Environment.” In Artificial Intelligence and Cybersecurity: Theory and Applications, pp. 3-27. 2022.

[22] IBM, IBM MaaS360 Mobile Device Management (SaaS), visited in 2023 https://www.ibm.com/docs/en/maas360

[23] IBM, Windows Phone 8 device MDM, visited in 2023 https://www.ibm.com/docs/en/maas360?topic=windows-enrolling-your-phone-8-device-mdm

[24] Deep instinct, https://www.deepinstinct.com/

[25] Zhang, YuLong, ZiJie Dai, LongFei Zhang, ZhengYi Wang, Li Chen, and YuZhen Zhou. “Application of Artificial Intelligence in Military: From Projects View.” In 2020 6th International Conference on Big Data and Information Analytics (BigDIA), pp. 113-116. 2020.

[26] IBM Security QRadar Suite, IBM, https://www.ibm.com/qradar?utm_content=SRCWW&p1=Search&p4=43700074872917601&p5=e&gclid=CjwKCAjw1MajBhAcEiwAagW9MRLPpIdZxX5v4Cref8OJHY9QwQ35RD6wxdScMcFG4D4tMsWk7e5gpBoCNLIQAvD_BwE&gclsrc=aw.ds

[27] Sadowski G, Kavanagh K, Bussa T. Critical Capabilities for Security Information and Event Management. Gartner Group Research Note. 2020.

 

[1] Data collected from https://www.cvedetails.com/product/9709/Microsoft-Windows-Mobile.html?vendor_id=26

Exit mobile version