Consider Error Reporting Security (Compact 7)
3/12/2014
Windows Embedded Compact Error Reporting dump files are not protected from any application, even when they use privileged environment functionality. Hence, Error Reporting presents potential security risks, including the following:
- Dump file contents can potentially contain user information that is private.
- Dump files can contain critical system information about the device, including identification information, memory contents, and security information.
We suggest the following guidelines to help reduce the security risks when you use Error Reporting:
- Obtain user consent for upload. Advise end users of possible dump file content risks, and obtain user consent before uploading reports. If your device does not have a graphical UI, you can still enable Error Reporting. However, if your device cannot obtain end-user consent during initial product setup, do not upload error reports.
- Use authentication. Use authentication techniques, including a password to unlock the device, before permitting access to the device if the device contains personal or sensitive information.
- Be aware of registry settings that impact security. If a value has security implications, you will find a Security Note in the registry settings documentation.