Feeds

Security flaw in Pocket PC Phone Edition

PIN Spin

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

The June issue of What Mobile magazine reveals a security flaw in the supposedly integrated Phone Edition of the Pocket PC operating system.

Mobile phones offer protection against unauthorized use in the form of a PIN that has to be typed in to make a call. Pocket PC Phone Edition implements this with a check box to turn the PIN on and off. When you select the phone dialer with the PIN enabled the dialer asks you to enter the PIN before it will go any further, if however you then select the browser and start a GPRS browse session it will connect (although it shouldn't). If you then run another instance of the dialer you can make voice calls.

Microsoft's mantra is that "Adding wireless capabilities is fine, but integrating them is better. We'll point out how this integration plays out as we step through the new features of Pocket PC 2002 Phone Edition".

Which is great as a soundbite, but isn't borne out in using the software. If you turn the phone off and then try to connect it doesn't give you a "phone off, do you want to switch on" error, it tries to dial, fails and then suggests you change your network settings.

Sometimes there is a language barrier. The prompt "Edit My Text Messages" seems easy to understand. But it doesn't mean what you think. "My Text" is the name Microsoft gives to the preprogrammed SMS templates, so it really means "Edit text message templates". And what great templates they are. Beside the standard "I'll be late" and "Can't talk now", you also get "I love my Pocket PC" (yeuch!).

The June issue of What Mobile is out now

© What Mobile. All rights reserved.

Internet Security Threat Report 2014

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
Ofcom tackles complaint over Premier League footie TV rights
Virgin Media: UK fans pay the most for the fewest matches
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.