Feeds

Orange SPV MS smartphone cert security cracked

Weirdly unhard procedure, too...

  • alert
  • submit to reddit

High performance access to file storage

The Orange SPV has achieved the dubious distinction of being the first Microsoft smartphone to have its security cracked. Orange as set the phones up so they will only run Orange-certified applications, but as yet hasn't got much further than promises when it comes to telling people how you develop for it, get apps certified, get development systems and so on.

Which means a lot of deeply unhappy would-be SPV developers - until now. It's not absolutely clear to us who first came up with a crack, but MoDaCo has checked it out, it works and there's a certain amount of happly cackling from that direction.

There seem to be at least two basic procedures to follow. The first, which apparently works on French phones but not on UK ones, is so desperately trivial that there will surely be some name-calling between Orange and Microsoft. Orange wishes its business customers to be protected from rogue code running on their networks, and indeed wishes to protect its own network and users from similar. But, erm, if it's as easy as this:

Back up your phone, then do hard reset. Wait for the pin code entry, but don't enter it, ignore for ten to 15 minutes. Then reboot.

One suspects the system was not entirely designed by rocket scientists, and that anybody who really wants to protect their network from PC-style peril will be demanding a security upgrade, pronto. The defect of the above procedure is that you lose the Orange parameters. Note that The Register isn't in a position to test this, so we're not endorsing it, and can't guarantee there will be no unpleasant side-effects. We'd advise you to check the discussion groups before you do anything, anyway.

Procedure two is more convoluted, but may appeal to Windows hackers pining for a registry to mess around with. The procedure is explained here. Given that the French method seems to take advantage of a bug, the second method, or variants thereof, will likely prove more durable. ®

Related stories:
MS talks smartphone -developer support follows 'soon'
Orange plans SPV bugfixes, and developer info for Q1
Orange, not MS, is SPV smartphone app-breaker in chief

High performance access to file storage

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
Skype pimps pro-level broadcast service
Playing Cat and Mouse with the media
Beat it, freetards! Dyn to shut down no-cost dynamic DNS next month
... but don't worry, charter members, you're still in 'for life'
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.