Quantcast

Security Flaw Found in Smartphone Software

Microsoft and Orange are working on a patch for a flaw that could allow rogue code to run on certain phones.

Joris Evers, IDG News Service

  • 0 Yes
  • 0 No

Microsoft and mobile phone operator Orange are working to patch a security bug that affects the first mobile phone to use Microsoft's Windows Powered Smartphone software, Orange said Thursday.

The SPV phone, launched in October and sold by Orange in several European countries, can run downloadable applications. It was designed to only run certified applications, in order to protect customers against rogue code. However, details on how to disable this security feature have become public, allowing the installation of applications that have not been certified, Orange said in a statement Thursday.

Culprits are SPV users and software developers who were upset with the block on running third-party applications. They came up with a way to undo that protection and posted instructions in online discussion forums on software development for smart phones like the SPV.

Microsoft and Orange have investigated the issue and will provide a security update as soon as possible to solve it, Orange said. Users will be able to download this update through the Orange Update application on their SPV, the Paris mobile operator said.

Low Risk

The procedure to unlock a phone involves manually editing two files on the phone using a PC and the synchronization software, according to one set of instructions found online. Because changes have to be made directly on the phone to be able to bypass the security, Orange said it does not see the issue "as posing any risk to the security" of SPV users.

Orange calls on developers who want to create applications for the SPV to go through the certification process. The company will launch a Web site for SPV developers at the end of February, according to the statement.

The SPV runs Microsoft's Windows Powered Smartphone software and is a mobile phone with PDA features. The software is based on Microsoft's Windows CE 3.0 operating system and includes a Web browser, e-mail and instant messaging clients, an address book, and a media player.

  • Recommend this story?
  • 0 Yes
    0 No
 

Deal Breakers

Special Offers for PC World Users

People who read this also read:

  • 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
  • A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.

Sponsored Links