Home & Office

Microsoft doesn't deny Windows Mobile flaw

Accusation that Windows Mobile lacks on-device encryption isn't contradicted by Microsoft
Written by David Meyer, Contributor

Microsoft has refused to deny that the most recent version of Windows Mobile leaves data poorly secured on handsets.

A report from analyst Jack Gold, as reported on Tuesday by Techworld, argued that enterprise users would be turned off by Windows Mobile 5.0's inability to encrypt data that has been pushed to the device over the air.

Gold pointed out that, while data is SSL-encrypted when in transit, the mobile platform could not receive it in an encrypted format and would have to secure it with no more than password protection.

ZDNet UK contacted Microsoft UK to confirm whether this was the case, and ask what Microsoft intended to do about it to reassure their customers. "Security is a top concern for Microsoft, our partners and our customers," said a Microsoft spokesperson. "Windows Mobile was designed with enterprise-class security in mind and offers what customers asked for: more direct control over their intellectual property."

The spokesperson went on to reiterate that "the entire data stream between a Windows Mobile device and Microsoft Exchange Server is encrypted using SSL data encryption".

"Using the same architecture that connects PCs to a Microsoft Exchange Server, companies can trust the relationship between Windows Mobile devices and an Exchange Server to help control vital information with data protection [certificate-based authentication to all Exchange data, support for S/MIME, FIPS-140-2 data-encryption certification], password protection and, going beyond what the PC offers today, remote and local wipe in case the device is lost or stolen."

This does not answer the question of whether data is held in encrypted form on the Windows Mobile device — something that devices such as RIM's BlackBerry do through embedded encryption technology. The BlackBerry is approved for use with confidential data by the UK Government and NATO.

Asked whether Microsoft would be seeking a retraction over the Gold report and the ensuing coverage, the spokesperson said only that it was "safe to assume we're following this up".

Editorial standards