A security firm has found a pair of security bugs in Microsoft's Windows Mobile which, if exploited, could crash phones and other devices running the software.
The vulnerabilities lie in Windows Mobile Internet Explorer and Windows Mobile Pictures and Video, Trend Micro, a Tokyo-based security vendor, said in a pair of security alerts. Viewing a rigged Web page or malicious JPEG image file on a Windows Mobile device will cause it to fail, according to Trend Micro.
"Both of these vulnerabilities are potential denial-of-service factors," Todd Thiemann, director of device security marketing at Trend Micro, said in an interview Tuesday. "What we're seeing over time is an uptick in the threats against smart phones, particularly those running Symbian and Windows Mobile."
Trend Micro has told Microsoft about the problems and has not publicly shared the vulnerability details. "The sky isn't falling. Nobody out there is aware of this," Thiemann said. The company doesn't expect any imminent attacks exploiting the problems, he said.
Microsoft is aware of the issues and is investigating them, a company representative said Wednesday. If needed, the software maker will provide an update to hardware makers for distribution to people who use the Windows Mobile devices, it said. The problems affect Windows Mobile 2003 and Windows Mobile 5.0, according to Trend Micro.
While the number of threats to phones today is low, security experts and analysts agree that situation is likely to change with the advent of smart phones running common operating systems. Security companies, including Trend Micro, are hawking software to shield phones against possible attacks.
"Microsoft's initial investigation shows that this is not a new vulnerability but a duplicate of an already known public issue," the Microsoft representative said.
The newest problem allows an attacker to hijack systems running Word 2003, Symantec said in an alert Tuesday. The company has advised people to make sure their security software is up to date and urges caution when opening Word documents.
Before anyone accuses me of being the completely anti-Microsoft person that some think be to be (seeing as how they can't take any MS criticism), let me tell you that I am indeed a Windows Mobile user.
There is a problem that many Windows Mobile users, including myself, know all too well. Even if Microsoft releases patches for Windows Mobile, device makers are often slow to release working updates to the users. I own a Dell Axim 50v, and it took until just a short time ago before there were any updates for Windows Mobile 5.0 on the device! Sure, there were plenty of known bugs, but no patches available.
The fault for not getting fixes lies largely on the device manufacturers, and with the growing number of security problems on mobile devices it is clear that they need to step up. Microsoft may be responsible for the existence and patching of the bugs, but someone needs to make updates available for the specific devices!
Dell thanks me as a customer by freezing my $350 Axim X30 at 2004. It runs IE version 4. Many sites do not render properly, if it all. A smaller but growing number crash the browser completely. My only option is to fork out money to buy Opera Mini.
If you own a device that runs embedded Windows then you are completely at the mercy of the vendor. Most times they will only support the device for about a year, until the next model comes out. They have no desire for you to keep using the deveice for several years. They want you to throw it out and buy their latest, most expensive model.
My little MPx-220 likes to lock up on its own - it doesn't need any help. But how would you get updates anyway? It's not like MS makes them available. They require a reflash of the ROM in your phone, so you have to wait for the manufacturer to provide one, which on my outdated phone they probably won't.
I just came in here to say the same thing. What makes a pocket PC/mobile PC crash? Loading applications on it and starting them. Love the "report an error" pop-up on my screen. It's there so much it's starting to burn in the display.
In an unusual position on this, I have to defend Microsoft.
Small, flash based systems are not quite so easy to update as desktops or servers. If you look at the specifications of different PDAs and Smartphones, I think you will see that they are all very different and all contain some sort of manufacturer tweaks.
If Microsoft were to provide your classic "Patch Tuesday" type updates, they could very easily cause problems with these tweaked devices. This puts them at a distinct disadvantage over companies like Apple who will control both with the iPhone. That kind of control will allow Apple to release updates as they wish.
Be done with all this Widoze BLOAT!!! MS couldn't program their way out of a paper bag. The real secure OS is coming to an AT&T or Apple store near you soon. Enjoy the freedom.
I would consider getting an iPhone if it wasn't touch screen only and had a keyboard. It may look cool but the usability is crap. Its useless if you aren't looking straight at the screen.
Freedom from AT&T? I laughed so hard I just fell out of my chair. Fortunately my fall was broken by the AT&T notice telling me that their service fees are going up 30% or more. Let's see, Caller ID is now $7.99, Call Forwarding $3.99. Man I love this freedom. The only thing better would be getting charged to RECEIVE my monthly bill. Oh, how about a fee to process my payment too. That would be great!
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
There is a problem that many Windows Mobile users, including myself, know all too well. Even if Microsoft releases patches for Windows Mobile, device makers are often slow to release working updates to the users. I own a Dell Axim 50v, and it took until just a short time ago before there were any updates for Windows Mobile 5.0 on the device! Sure, there were plenty of known bugs, but no patches available.
The fault for not getting fixes lies largely on the device manufacturers, and with the growing number of security problems on mobile devices it is clear that they need to step up. Microsoft may be responsible for the existence and patching of the bugs, but someone needs to make updates available for the specific devices!
HW Via ??.
I'll get an iPhone (and don't say anything about no office apps,
Word on a smartphone is PAINFUL!!!
If you own a device that runs embedded Windows then you are completely at the mercy of the vendor. Most times they will only support the device for about a year, until the next model comes out. They have no desire for you to keep using the deveice for several years. They want you to throw it out and buy their latest, most expensive model.
Small, flash based systems are not quite so easy to update as
desktops or servers. If you look at the specifications of different
PDAs and Smartphones, I think you will see that they are all very
different and all contain some sort of manufacturer tweaks.
If Microsoft were to provide your classic "Patch Tuesday" type
updates, they could very easily cause problems with these
tweaked devices. This puts them at a distinct disadvantage over
companies like Apple who will control both with the iPhone.
That kind of control will allow Apple to release updates as they
wish.
way out of a paper bag. The real secure OS is coming to an AT&T
or Apple store near you soon. Enjoy the freedom.
Sorry, I actually have to live and work in the present, not sitting around hoping Apple will catch up
Walt