RIL Driver Security (Windows Embedded CE 6.0)
1/6/2010
The sample RIL driver is a basic GSM RIL driver. You can add extra functionality to this basic RIL driver, or create a new CDMA RIL driver, based on the needs of your device type. If you are adding new functionality or creating a new RIL driver, you should be aware of the following security considerations in the working of the RIL driver.
The RIL driver is usually configured to use the COM ports for the control and data traffic. It is possible for an unauthorized application to gain access to these COM ports and call harmful driver IOCTLs, and other file Read, Write, Seek functions. This can potentially disable radio communications, cause denial of service (DOS) attacks and eventually disable the device.
Best Practices
Check Trust Level of Applications
Implement security checks in the RIL driver code to check the trust level of a calling application. If the application is untrusted, the driver code should not return a handle from CreateFile function. The RIL driver should not allow untrusted applications access to COM ports.
Ports
Any COM ports exposed by the RIL driver is a potential access point for rogue applications, and care must be taken to check the trust level of any application that tries to access the ports exposed by the RIL driver.