Feeds

Orange SPV MS smartphone cert security cracked

Weirdly unhard procedure, too...

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

The Orange SPV has achieved the dubious distinction of being the first Microsoft smartphone to have its security cracked. Orange as set the phones up so they will only run Orange-certified applications, but as yet hasn't got much further than promises when it comes to telling people how you develop for it, get apps certified, get development systems and so on.

Which means a lot of deeply unhappy would-be SPV developers - until now. It's not absolutely clear to us who first came up with a crack, but MoDaCo has checked it out, it works and there's a certain amount of happly cackling from that direction.

There seem to be at least two basic procedures to follow. The first, which apparently works on French phones but not on UK ones, is so desperately trivial that there will surely be some name-calling between Orange and Microsoft. Orange wishes its business customers to be protected from rogue code running on their networks, and indeed wishes to protect its own network and users from similar. But, erm, if it's as easy as this:

Back up your phone, then do hard reset. Wait for the pin code entry, but don't enter it, ignore for ten to 15 minutes. Then reboot.

One suspects the system was not entirely designed by rocket scientists, and that anybody who really wants to protect their network from PC-style peril will be demanding a security upgrade, pronto. The defect of the above procedure is that you lose the Orange parameters. Note that The Register isn't in a position to test this, so we're not endorsing it, and can't guarantee there will be no unpleasant side-effects. We'd advise you to check the discussion groups before you do anything, anyway.

Procedure two is more convoluted, but may appeal to Windows hackers pining for a registry to mess around with. The procedure is explained here. Given that the French method seems to take advantage of a bug, the second method, or variants thereof, will likely prove more durable. ®

Related stories:
MS talks smartphone -developer support follows 'soon'
Orange plans SPV bugfixes, and developer info for Q1
Orange, not MS, is SPV smartphone app-breaker in chief

Intelligent flash storage arrays

More from The Register

next story
FCC, Google cast eye over millimetre wireless
The smaller the wave, the bigger 5G's chances of success
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.