Feeds

Security flaw in Pocket PC Phone Edition

PIN Spin

  • alert
  • submit to reddit

The Power of One Infographic

The June issue of What Mobile magazine reveals a security flaw in the supposedly integrated Phone Edition of the Pocket PC operating system.

Mobile phones offer protection against unauthorized use in the form of a PIN that has to be typed in to make a call. Pocket PC Phone Edition implements this with a check box to turn the PIN on and off. When you select the phone dialer with the PIN enabled the dialer asks you to enter the PIN before it will go any further, if however you then select the browser and start a GPRS browse session it will connect (although it shouldn't). If you then run another instance of the dialer you can make voice calls.

Microsoft's mantra is that "Adding wireless capabilities is fine, but integrating them is better. We'll point out how this integration plays out as we step through the new features of Pocket PC 2002 Phone Edition".

Which is great as a soundbite, but isn't borne out in using the software. If you turn the phone off and then try to connect it doesn't give you a "phone off, do you want to switch on" error, it tries to dial, fails and then suggests you change your network settings.

Sometimes there is a language barrier. The prompt "Edit My Text Messages" seems easy to understand. But it doesn't mean what you think. "My Text" is the name Microsoft gives to the preprogrammed SMS templates, so it really means "Edit text message templates". And what great templates they are. Beside the standard "I'll be late" and "Can't talk now", you also get "I love my Pocket PC" (yeuch!).

The June issue of What Mobile is out now

© What Mobile. All rights reserved.

The Power of One Infographic

More from The Register

next story
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
Microsoft unsheathes cheap Android-killer: Behold, the Lumia 530
Say it with us: I'm King of the Landfill-ill-ill-ill
All those new '5G standards'? Here's the science they rely on
Radio professor tells us how wireless will get faster in the real world
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
Oh girl, you jus' didn't: Level 3 slaps Verizon in Netflix throttle blowup
Just hook us up to more 10Gbps ports, backbone biz yells in tit-for-tat spat
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.