Windows 10 - Security and Privacy

Presented at Nuit du Hack 2016, July 2, 2016, 10:45 a.m. (45 minutes).

We started our research by looking at what were the legal rights of Microsoft about our data. Reading the term of use is often seen as a chore, people accept and pays no attention to it. However, its contents can sometimes be interesting and hide important informations. In this part we speak about what data are collected and danger for us to disclose them. What power has Microsoft on our data?

If there is a privacy issue in Windows, there will be communications. This is why we tought that analyzing network streams was a good idea. We will mainly talk about our setup and what we found while examining those streams.

A brief talk about how an SSL MITM is working for those who don't know. This will explain how we set up our environment to study Windows communications

We decrypted some SSL packets and found that data was not anonymized at all. Each user of a computer got a identifier used in differents tools from Windows 10 (Cortana, online searches etc.) We were not able to decrypt every packet. We don't really know why, it seems that it detected our MITM, bypassed it or did not accept using another certificate

After Windows 10 release some developers wanted to preserve their private life and decided to create a software to block automatically all IPs and DNS from Microsoft. The database of their software must be updated regularly. Some programs allow them more options like uninstall metro applications or updates.

Looking at different kind of existing solutions we choose to spend some time analyzing the most used one (DWSLite). Being open-sourced we went through its code and found some disturbing modifications it is applying to the system.

Rather than blocking all services why not confuse and fool Microsoft about our profile ? Users can then continue to use the service without being registered. The idea is to send a lot of confusing data, so real data are merged among the large number of requests made. We decided to realise a proof on concept on one service : Cortana (it could have been done with another service like the diagnostic one). The software we developped is named CortaSpoof This software continuously sends random expression to Bing server.


Presenters:

  • Thomas AUBIN
    Currently in fourth year in the French engineering school ESIEA specialized in Information systems. I am a student researcher at the CVO (Operational Cryptology and Virology) laboratory. I have done research on Windows systems and in automotive security. I really discovered the world of computer security during my first year at ESIEA from classmates and projects. I want to work in security audit or develop secure application.
  • Paul HERNAULT
    I am a 22 years old french student, at ESIEA - Graduate School of Engineering in Laval (France) which is oriented in IT security.

Links:

Similar Presentations: