Skip to main content

how to hack a windows phone

In today’s how to we will be discussing on how to hack a Windows Phone 8. Every hacker should know about the internals of a device and operating system before he could attempt to compromise it. So lets try to understand the underlying hardware and OS security before we try to break it.
To begin, we will try to compromise the hardware so that we can gain access to the hardware and then exploit the OS and ultimately take control of it or at least to steal data from it.
Windows Phone employs UEFI Firmware Hardware at the very low level. In addition to that, every hardware which runs Windows Phone 8 OS has to be certified by Microsoft. Now when we say certified, it also means that all the hardware has to be signed and the chips will be burned with the keys from Microsoft. The “Trusted Boot Chain” component will make sure that all the signatures are in place and if they are valid before and during the process. Every program written in the silicon chip has to be signed including the BIOS, drivers etc. On top of these Windows Phone 8 device will also come with a TPM chip which means your encrypted data it is as good your Windows 7 & 8 PC.
UEFI Windows Phone
UEFI Windows Phone

Lets see what are the options we have to break the security of the device.

Hardware

Now that we know all the components / programs are verified for the signature by the “Trusted Boot Chain”, why don’t we try to spoof the boot chain program itself with our own. If we are able to do that then we could easily make the device load our own components instead of the Windows Phone OS exploiting it completely naked.
Though at the first look it is appears to be a very good idea, unfortunately all the hardware chips which can’t or can be overwritten comes with something called an efuse. The moment when you are trying to write something in these chips without a valid signature which will be there only with Microsoft and the device manufacturer, the efuse will trip. Once the efuse trips off, the boot loader will not be able to boot up your device. Congratulations! now you have a phone which is officially no better than a brick.
For a moment even if we assume that you somehow fooled the efuse, the device still wont boot up just because you don’t have a valid key.

Operating System

Windows NT kernel it is. The Redmond guys have made sure that its sturdy enough. Windows NT kernel along with “Code Signing” makes a killer shield that you will not be able to penetrate. If you think you can get the control of the kernel using some code, wait till you read the “Malicious Code” section.
For now lets think about the Windows Phone updates. Windows Phone does do regular updates just like your PC so what if we can trick the windows phone to install my program? Unfortunately the windows phone is programmed to get the updates only from the Microsoft update servers and no other place. Still its no big deal because I can always trick my network to believe some malicious hardware / software as the update server. Sadly, the update will again need the code signing process to pass. You can never break through it unless you are hacking into the Microsoft update server; definitely not a great plan.

Storage

How about the internal storage itself? Why don’t we break the phone take out the internal storage and may be at least try to steal the data? But wait, the storage again uses a 128 bit Bitlocker for encryption. The drive remains encrypted until the boot loader performs the job completely. The TPM chip which comes with the hardware is the one which manages the key for the encryption which means that once the disk is outside the hardware, you will need the 128 bit recovery key to break in the data. The storage behaves the same way as what your bitlocked hard drive behaves.
Brute force opening a encryption is a very well known procedure to break encryption however its impossible when it comes to a 128 bit encryption. So to understand the quantum of complexity, lets assume that you have 10 million computers where every computer can process 100 billion keys per second (higher than 100GHz) and if you put them all together to crack the key, it will take 1013 years to find the key which is longer than the age of universe itself.
If you are thinking of trying the PIN instead, you can always configure your phone to automatically wipe after a amount of incorrect tries.
Some people try to snoop the data from the disk after it is wiped because it is easier that way since it wont have any encryption constraints. Luckily for the user what Windows Phone, it never decrypts the data but it wipes the encrypted data along with the key. You can be pretty sure that not even NSA can retrieve them.

Malicious Code

We have now almost come to the last and the mot favorite resort of a hacker. Most the hackers disassemble the system instructions and try to inject or alter the commands in the memory location. However the app model which windows phone function is always a sandbox, which means the app will have its own area where it can execute store data and perform actions. Windows Phone with the advantage of Code Signing will sign the apps based on the feature set they are allowed to access. E.g.) If a program does not have a valid signature to access the Camera, it wont be able to. This is true for any feature or hardware access in the device. So even for a moment if we assume that you are able to try writing something into the system memory location of the phone, the “Code Signing” will invalidate the program and unload it immediately.

Starting from the phone to your protected mail message, everything is safe in Windows Phone 8. As a matter of fact there are zero hacks till date. If you think you can, then write to me and yeah its an open challenge.
More information on the security of Windows Phone can be found athttp://www.windowsphone.com/en-US/business/security-us
This how to is written based on Windows Phone 8. Actual functionality might differ from device to device. Some features may not be available with pre-Windows Phone 8.

Comments

Popular posts from this blog

How to Hack a Website in Four Easy Steps

Every wondered how Anonymous and other hacktivists manage to steal the data or crash the servers of websites belonging to some of the world biggest organisations? Thanks to freely available online tools, hacking is no long the  preserve of geeks , so we've decided to show you how easy it is to do, in just four easy steps. Step 1: Identify your target While  Anonymous  and other online hacktivists may choose their targets in order to protest against perceived wrong-doing, for a beginner wanting to get the taste of success with their first hack, the best thing to do is to identify a any website which has a vulnerability. Recently a hacker posted a list of 5,000 websites online which were vulnerable to attack. How did he/she identify these websites? Well, the key to creating a list of websites which are likely to be more open to attack, is to carry out a search for what is called a Google Dork. Google Dorking , also known as Google Hacking, enables yo...

How to Hack Facebook Password in 5 Ways

Check out the following post from  fonelovetz blog  on facebook account hacking. This is one of the most popular questions which I'm asked via my email.And today I'm going to solve this problem one it for all.Even though i have already written a few ways of hacking a facebook password.Looks like i got to tidy up the the stuff here.The first thing i want to tell is.You can not hack or crack a facebook password by a click of a button.That's totally impossible and if you find such tools on the internet then please don't waste your time by looking at them! They are all fake.Ok now let me tell you how to hack a facebook account. I'll be telling you 5 of the basic ways in which a beginner hacker would hack.They are: 1.Social Engineering 2.Keylogging 3.Reverting Password / Password Recovery Through Primary Email 4.Facebook Phishing Page/ Softwares 5.Stealers/RATS/Trojans I'll explain each of these one by one in brief.If you want to know more about them just ...

How to Hack Someone's Cell Phone to Steal Their Pictures

Do you ever wonder how all these celebrities continue to have their private photos spread all over the internet? While celebrities' phones and computers are forever vulnerable to attacks, the common folk must also be wary. No matter how careful you think you were went you sent those "candid" photos to your ex, with a little effort and access to public information, your pictures can be snagged, too. Here's how. Cloud Storage Apple's iCloud service provides a hassle free way to store and transfer photos and other media across multiple devices. While the commercial exemplifies the G-rated community of iPhone users, there are a bunch of non-soccer moms that use their iPhones in a more..."free spirited" mindset. With Photo Stream enabled (requires OS X Lion or later, iOS 5 or later), pictures taken on your iPhone go to directly to your computer and/or tablet, all while being stored in the cloud. If you think the cloud is safe, just ask Gizmodo ...

How to Hack Samsung Phone Screen Lock

I have discovered  another  security flaw in Samsung Android phones. It is possible to completely disable the lock screen and get access to any app - even when the phone is "securely" locked with a pattern, PIN, password, or face detection. Unlike another recently released flaw, this doesn't rely quite so heavily on ultra-precise timing. Video . Of course, if you are unable to download a screen unlocker, this security vulnerability still allows you to  dial any phone number and run any app ! HOWTO From the lock screen, hit the emergency call button. Dial a non-existent emergency services number - e.g. 0. Press the green dial icon. Dismiss the error message. Press the phone's back button. The app's screen will be briefly displayed. This is just about long enough to interact with the app. Using this, you can run and interact with any app / widget / settings menu. You can also use this to launch the dialler. From there, you can dial any phone...