Windows Mobile 5 can leave data unprotected due to lack of encryption, according to a report by wireless analysts J Gold Associates.
Specifically Gold Associates says the problem is down to AirSync, the derivative of ActiveSync, which transfers data with
specific types of formatting, but not encrypted data. This is know as an 'architectural' flaw because data is only unsafe if a hacker manages to get through the password system.
Other mobile email vendors, notably market leader RIM, have always stressed their ability to handle encrypted data.
Fraser Howard, principal virus researcher at SophosLabs said: "This
problem seems to be due to the lack of on-device encryption. SSL is
used in transit, but once sync'ed the data physically stored on the
device is not encrypted. Therefore, only simple cracking of standard
user authentication is required on lost or stolen phones.
"Given
the nature of device usage, theft and loss is more common than with
laptops (which are themselves a problem). Enterprises need the option
of encrypting all areas of data storage (offline email, sync'ed docs,
xls's etc).
"The problem becomes even worse when you consider
removable storage - 1GB cards are much more easily lost or stolen than
the device itself. If non-encrypted, someone can simply leaf through
the files."
Recent Comments