Mobile devices are omnipresent in our lives in various forms: GPS, mobile phones, PDAs, etc. The Smartphone is the convergence of most of them. There are many embedded operating systems on the mobile market. Windows Mobile, developed by Microsoft, is quite a popular one [1]. Consequently, it appears essential to analyse how Microsoft's mobile operating system works to understand risks and threats, and anticipate methods that could be used to attack a device and keep a door open for the attacker without the user knowing it. Mechanisms for the Desktop version of Windows that may compromise the system or install backdoors are publicly available and have been well known for several years. The embedded O.S. seems very similar on the surface since most APIs that exist in Windows Desktop versions are also present in Microsoft's embedded system. This makes it easier to adapt software from the Desktop world. However, the layers underneath are very different. This may be the main reason why attackers have not yet moved to the embedded world. The material architecture underneath is ARM, which is RISC-based (Reduced Instruction Set Computer), as opposed to x86 used on PCs. The constraints of the embedded world have made the memory management work very differently internally than in the PC world. System calls are also implemented in a different manner. In order to understand the risks, several points should be analysed. The different services on a Smartphone need to be well understood (Phone, SMS, GPS, SD-card, etc). The network environment must be considered closely in order to list all the possible attack vectors (phone, Bluetooth, WLAN, ActiveSync, etc). The system's internal mechanisms will be explained. This will allow us to understand how the system may be compromised (keylogger, SMS interception, rootkits, ransomwares, etc). The security mechanisms implemented by Microsoft will be analysed with respect to the risks. In addition, more and more antivirus companies propose solutions to protect devices, so it is only logical to want to know what they really protect against. We will give details on the stealth mechanisms, remote control capabilities, ways to make the rootkit persistent, and services that a malicious hacker could use on Windows Mobile devices. This talk will focus on the services that an attacker could potentially control for malicious purposes and the different rootkit methods that may be used to hide these actions from the phone's user.