Counter Jailbreaks on Windows Phone 8.1

25 08 2014

Windows Phone8/8.1 is normally a very secure OS looking at jailbreaks, though recently some phones were hacked at least to install apps from non-original stores. If you are a company IT-admin you may ask yourself: Even if we do not use the phones jail-breaked, is there a way to prevent this?

Yes, there is and it is even relatively simple. If you are using EAS (Exchange Active Sync) or an MDM system you can either encrypt the file system of the phone or turn off USB connectivity. Please be aware, there is no manual option for this! 
Each of the measures disables the known attack angles and increases security for the phone quite a bit!

:-)

Alexander 





Windows Phone 8 / 8.1 – Encrypted or not encrypted?

13 06 2014

There is quite some confusion going on about the device encryption on Windows Phone 8.1!
Early WP 8 documents were telling that all devices are encrypted automatically, but this is unfortunately not true!
If You buy a Windows Phone 8/8.1 phone, it is not encrypted. The encryption cannot be activated on the device itself, instead it must be activated either via an Exchange Active Sync mailbox policy or an MDM system. The encryption happens automatically, when a user is connecting to Exchange Server or O365 mailbox with a policy set for encryption, or when the device is managed by an MDM system such as Intune/SCCM, MobileIron, etc.. These allow to turn on encryption, as well. 
Do not expect to get a prompt or anything like this, just the policies are applied and then device then is encrypted.
On WP 8.1 phones one can check this via the Storage Sense app. If it shows storage encrypted there, the internal phone storage has been secured.
Attention: The encryption of a device is non-reversible! This is a one way ticket.
Can all Windows 8/8.1 phones be encrypted?
Well I have not checked all of them, but at least for the Nokia Lumia family, encryption is supported throughout all devices, even on low-end devices such as the Lumia 520.

Happy ciphering! :-)

Alexander





Embedded Forum – Internet of Things (IoT)

2 05 2014

A new NIK event for the Embedded Industry focusing on the mega-trend in this sector: The Internet of Things!

I will be giving the kick-off keynote at this information-packed workshop, shedding some light at the benefits, opportunities, drawbacks as well as dangers one should be aware of, using the exciting new technology options.
Well-known experts from industry and education join me to take a deeper dive into IoT-ready communication standards, security mechanisms and share a lot of insight how to create scalable and robust connected systems.
It will be interesting, it will be fun, it will be entertaining!
Do not miss out! :-)

This is a free event and everybody interested is welcome.
Please register for the event at NIK.

Location & Time

Embedded Forum – Internet of Things (IoT)
Dienstag | 20. Mai 2014 | 13:00 – 18:00 | Presseclub Nürnberg
Gewerbemuseumsplatz 2 – 90403 Nürnberg

Important information in cooperation with our partners at the Nuremberg Initiative of Communication .





Unit Testing async MVC Controller methods

14 03 2014

Just had a strange encounter in VS 2013 unit testing. I wrote a unit test for the ASP.NET Identity AccountController, which has some asynchronous methods.
My good old friend Resharper told me to change the method signature to public async void, as I wrote the code to call my controller method using await. The code looked like this:

[TestClass] public class AccountControllerTest {     [TestMethod]
     public async void Register()
     {…
var result = await controller.Register(userModel);

}

}

 

If you run this, it builds well, but nothing happens, even debugging the test is not working. The test is invisible to the test runner!

Strange thing, which, thank good, is not happening too often in Visual Studio.

The only message I got, after fiddling around, was that there are no tests found in my class file.

Even stranger, as my test attributes proof sufficiently, I did all things required to make my test detectable to unit testing, so why is it not carried out???

Did it turn into a phantom? Black magic going on?

No, do not worry, it is not so exciting. As I had to discover, it is the async void keywords!

The background for this is reasonable, because “async void” methods are “fire and forget” ones, which may never come back and this does not really make sense in a test environment, where you need to collect results and assertions from a method. 

What is the correct way to test an aysnc method, then?

You have to use task as return type instead of void, this works well!

[TestClass] public class AccountControllerTest {     [TestMethod]
     public async Task Register()
     {…
var result = await controller.Register(userModel);

}

}

 

Alexander





MVC Web API and ASP.NET Identity – Changing Identity Database Connection

12 03 2014

Sometimes simple things are hard, or at least hard to find.
I have created a Web API and added ASP.NET Identity for user management.

This works well, if one uses the project template, not so well if you want to add ASP.NET Identity at at a later point of time. Therefore just remember it, when creating the project.
However, I did not want to use the preset standard localdb database file  in my application. I was looking where to change the identity database context.
It was obvious that the presets use the “DefaultConnection” connection string in web.config and it works, if you rename the database there, but sometimes I am a bit picky and I wanted to name this special connection differently: “IdentityConnection”.

It really took my a while, because all my searches for DBContext and IdentityDBContext were in vain.
I drilled in deeper and ended up in the Startup.Auth.cs file in the Startup folder of my solution.
Here the user store gets initialized with this line of code:

UserManagerFactory = () 
=> new UserManager<IdentityUser>(new UserStore<IdentityUser>()));

This is the place to change the identity connection string!

One needs to use a different overload of the store’s constructor passing in a new IdentityContext created with the new db connection. Such as this:

UserManagerFactory = () => new UserManager<IdentityUser>
(new UserStore<IdentityUser>(new IdentityDbContext("IdentityConnection")));

And yes, the new “IdentityConnection” connection needs to be configured in Web.Config, of course.

After this, the Identity tables get created in the new database, as specified.

This should not be so hard to find. Maybe the Web API developers have some time to put in a comment in Startup.Auth.cs about db configuration, in the next version.

 

:-)

Alexander





Building State Machines in .NET

22 02 2014

My new online course is out!
If you are creating embedded devices you, of  course, are aware of state machines. They are, or at least should be, an essential infrastructure asset to any solution.
Why?
Well, because state machines build flexibility and extensibility into a system, add structure and are able to scale from device level into backend systems. 
It is one of the most powerful architectural concepts one can use to create solutions that are most enduring and future-proof.

But wait, there is more!
The course adds an event driven communication architecture as well as a service oriented implementation approach to the state machine design, to further remove dependencies and add easy configurability.
Just check it out at my friends at Pluralsight!

Get ready for the Internet of Things and Industry 4.0.

:-)

Alexander





Home Automation Hacking

18 02 2014

although named the “next big thing”, since over twenty years, home automation still is not playing a really important role in our day to day life.
This is quite different, if you look at new professional office buildings, all running on complex automation systems, but somehow the technology never has entered normal housing mainstream.
With a proven track record in this area,  we, at Wechsler Consulting, have decided to start anew at the roots, offering an introductory course leveraging fresh, affordable hardware (Ninja Blocks) that has an easy-to-use user interface as well as simple JavaScript APIs.
With our new course we want to show, how home automation technology can be used to enhance daily comfort and energy efficiency, without getting in the way. There is a lot of potential!

We build on proven professional concepts and architectures that scale well from home into the Internet of Things without sacrificing security and privacy. Get to know the possibilities at  our two day course in Dießen!

:-)

Alexander








Follow

Get every new post delivered to your Inbox.