Security flaw in Pocket PC Phone Edition

The June issue of What Mobile magazine reveals a security flaw in the supposedly integrated Phone Edition of the Pocket PC operating system.

Mobile phones offer protection against unauthorized use in the form of a PIN that has to be typed in to make a call. Pocket PC Phone Edition implements this with a check box to turn the PIN on and off. When you select the phone dialer with the PIN enabled the dialer asks you to enter the PIN before it will go any further, if however you then select the browser and start a GPRS browse session it will connect (although it shouldn't). If you then run another instance of the dialer you can make voice calls.

Microsoft's mantra is that "Adding wireless capabilities is fine, but integrating them is better. We'll point out how this integration plays out as we step through the new features of Pocket PC 2002 Phone Edition".

Which is great as a soundbite, but isn't borne out in using the software. If you turn the phone off and then try to connect it doesn't give you a "phone off, do you want to switch on" error, it tries to dial, fails and then suggests you change your network settings.

Sometimes there is a language barrier. The prompt "Edit My Text Messages" seems easy to understand. But it doesn't mean what you think. "My Text" is the name Microsoft gives to the preprogrammed SMS templates, so it really means "Edit text message templates". And what great templates they are. Beside the standard "I'll be late" and "Can't talk now", you also get "I love my Pocket PC" (yeuch!).

The June issue of What Mobile is out now

© What Mobile. All rights reserved.