[ISN] Windows Mobile security software insecure

From: InfoSec News (alerts@private)
Date: Wed Aug 16 2006 - 01:01:20 PDT


http://www.theinquirer.net/default.aspx?article=33684

By Nick Farrell
15 August 2006

SECURITY OUTFIT Airscanner has slammed Windows Mobile security
software as insecure and buggy.

In a paper posted here [1], the report condemns Windows Mobile as
lacking any decent security infrastructure.

For example Pocket PC has no Kerberos authentication, encrypting file
system, or a built-in firewall. ' Looking to third party software is
not particularly useful either as Windows Mobile developers are not
held up to the same scrutiny as those in the desktop arena. Some
software touted as 'encrypted' or 'secure' is neither.

More than 20 different Windows Mobile programs including MS Money and
Password Master 3.5 have been slammed in the report.

The software was found to have issues including broken protection
schemes to poor encryption algorithms. It describes the Window’s
Mobile version as a poor cousin to XP which is comparatively open and
bug free.

The report says that the Windows Mobile platform creates an
environment conducive to poorly designed security software.

If there is a problem on the Windows XP it is possible to see what is
going on in Windows Task Manager, msconfig,' or regedit. Windows
Mobile 5 platform has a task list that only mentions the names of the
open applications that have graphical interfaces, the report says.

"Average Windows Mobile users are relatively blind about what their
device is doing, there are numerous Windows Mobile vendors that store
sensitive information in the registry with flawed encryption schemes,
or even in plaintext," the report says. µ

[1] http://msmobiles.com/news.php/5474.html



_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Aug 16 2006 - 01:12:47 PDT