Feeds

Security flaw in Pocket PC Phone Edition

PIN Spin

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

The June issue of What Mobile magazine reveals a security flaw in the supposedly integrated Phone Edition of the Pocket PC operating system.

Mobile phones offer protection against unauthorized use in the form of a PIN that has to be typed in to make a call. Pocket PC Phone Edition implements this with a check box to turn the PIN on and off. When you select the phone dialer with the PIN enabled the dialer asks you to enter the PIN before it will go any further, if however you then select the browser and start a GPRS browse session it will connect (although it shouldn't). If you then run another instance of the dialer you can make voice calls.

Microsoft's mantra is that "Adding wireless capabilities is fine, but integrating them is better. We'll point out how this integration plays out as we step through the new features of Pocket PC 2002 Phone Edition".

Which is great as a soundbite, but isn't borne out in using the software. If you turn the phone off and then try to connect it doesn't give you a "phone off, do you want to switch on" error, it tries to dial, fails and then suggests you change your network settings.

Sometimes there is a language barrier. The prompt "Edit My Text Messages" seems easy to understand. But it doesn't mean what you think. "My Text" is the name Microsoft gives to the preprogrammed SMS templates, so it really means "Edit text message templates". And what great templates they are. Beside the standard "I'll be late" and "Can't talk now", you also get "I love my Pocket PC" (yeuch!).

The June issue of What Mobile is out now

© What Mobile. All rights reserved.

Choosing a cloud hosting partner with confidence

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.