Windows Mobile 5 can leave data unprotected due to lack of encryption, according to a report by wireless analysts J Gold Associates.
Specifically Gold Associates says the problem is down to AirSync, the derivative of ActiveSync, which transfers data with specific types of formatting, but not encrypted data. This is know as an 'architectural' flaw because data is only unsafe if a hacker manages to get through the password system.
Other mobile email vendors, notably market leader RIM, have always stressed their ability to handle encrypted data.
Fraser Howard, principal virus researcher at SophosLabs said: "This problem seems to be due to the lack of on-device encryption. SSL is used in transit, but once sync'ed the data physically stored on the device is not encrypted. Therefore, only simple cracking of standard user authentication is required on lost or stolen phones.
"Given the nature of device usage, theft and loss is more common than with laptops (which are themselves a problem). Enterprises need the option of encrypting all areas of data storage (offline email, sync'ed docs, xls's etc).
"The problem becomes even worse when you consider removable storage - 1GB cards are much more easily lost or stolen than the device itself. If non-encrypted, someone can simply leaf through the files."
Comments