WannaCry Cyber Attack and its impact on WinCE
You most likely have heard about the recent WannaCry cyber attack. With IoT, there are more and more connected embedded devices, so security is a big concern. After WannaCry, requests about security peaked, especially among Windows CE/Windows Embedded Compact users. First of all, the good news: WannaCry is targeting x86 Windows-based PCs, the SW can’t run on WinCE/Windows Embedded Compact for Arm, so for this specific issue, there is no concern for devices running WinCE on any of our Colibri and Apalis System on modules(SoMs). Further on, we ran some network tests against our standard images which did not show a vulnerability.
We can’t grant that SMB implementation of Windows CE is not affected by some vulnerabilities. We don’t have the source code of that part.
My suggestion is to disable SMB anyway if it’s not needed by your application, and that applies to any other service you may have active which is not needed, since that will reduce the attack footprint and even reduce resource usage. Have a look at the Access Security on WinCEon our developer website to get some more information about disabling network services and potential risks on our devices.
But again, attackers would need to target Arm WinCE device specifically and Windows-based malware will not impact you.