Jason Langridge's WebLog - MR Mobile! : Security

Windows Mobile 6.1 gets Common Criteria Certification!

jasonlan — Wed, 24 Sep 2008 21:11:47 GMT

I got some great news yesterday that Windows Mobile 6.1 has just gained Common Criteria Certification!

If you aren't familiar with Common Criteria then Wikipedia helps :)

The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security.

Common Criteria is based upon a framework in which computer system users can specify their security requirements, vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard manner

Our team headed up by Jon Wall has been working really hard on this so it's great to see that it has now been announced!

Microsoft Windows Mobile 6.1 completed evaluation to Common Criteria EAL 2 augmented with Flaw Remediation (ALC_FLR.1) in the AISEP on 7 August 2008.

The Windows Mobile 6.1 evaluation builds on and extends the core security features of the Microsoft Windows Mobile 6 evaluation at EAL 2+.

Further details about the scope of the evaluation can be found HERE

Apple iPhone Security Hole

jasonlan — Wed, 27 Aug 2008 23:17:00 GMT

Wired Magazine have just discovered and shared a rather large security hole in the Apple iPhone.

This essentially allows you to bypass the PIN security and gain access to the features of the device including the un-encrypted information stored on the device.

To do this

1. Tap emergency call.

2. Double tap the home button.

This drops you into the iPhones "favorites" section. From here you can make calls or send e-mail, and with a few steps you can browse to the Address Book and then on to Mail, Safari or the SMS application.

You can read more details and a suggested workaround on the Wired Blog

Blackberry PDF Security Issue

jasonlan — Sat, 19 Jul 2008 09:56:00 GMT

ZDNet has details of a recent Blackberry Security Vulnerability that allows an attacker to compromise the PDF attachment viewer service and allow that attacker using a specially crafted email to cause memory corruption or even execute code remotely on the attachment server...

You can get more details from RIM HERE