Feeds

Security flaw in Pocket PC Phone Edition

PIN Spin

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

The June issue of What Mobile magazine reveals a security flaw in the supposedly integrated Phone Edition of the Pocket PC operating system.

Mobile phones offer protection against unauthorized use in the form of a PIN that has to be typed in to make a call. Pocket PC Phone Edition implements this with a check box to turn the PIN on and off. When you select the phone dialer with the PIN enabled the dialer asks you to enter the PIN before it will go any further, if however you then select the browser and start a GPRS browse session it will connect (although it shouldn't). If you then run another instance of the dialer you can make voice calls.

Microsoft's mantra is that "Adding wireless capabilities is fine, but integrating them is better. We'll point out how this integration plays out as we step through the new features of Pocket PC 2002 Phone Edition".

Which is great as a soundbite, but isn't borne out in using the software. If you turn the phone off and then try to connect it doesn't give you a "phone off, do you want to switch on" error, it tries to dial, fails and then suggests you change your network settings.

Sometimes there is a language barrier. The prompt "Edit My Text Messages" seems easy to understand. But it doesn't mean what you think. "My Text" is the name Microsoft gives to the preprogrammed SMS templates, so it really means "Edit text message templates". And what great templates they are. Beside the standard "I'll be late" and "Can't talk now", you also get "I love my Pocket PC" (yeuch!).

The June issue of What Mobile is out now

© What Mobile. All rights reserved.

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.