Windows Mobile

Mainly two versions of Windows Mobile for smartphones are in
circulation currently:
– Windows Mobile 5.0 released in 2005 and based on Windows CE 5.1
– Windows Mobile 6.0 released in early 2007 and based on Windows CE version 5.2
The Windows Mobile 6.1 version is planned for April 2009 and is also based on
Windows CE 5.2. From a safe point of view, Windows Mobile knows some risks and
attacks close to the systems seen previously. Windows default security
Mobile is pretty weak (more details later):
– Possibility of executing binaries silently;
– self-execution from removable media enabled by default;
– no separation of privileges.
The Windows Mobile smartphone synchronization software is ActiveSync,
today in its version 4.5. Since ActiveSync 4.0, it has become impossible to
synchronize your mobile directly via the network. This functionality had indeed weaknesses [10] in terms of safety: besides the fact that the data were
sent unencrypted over the network, no authentication request
was done during synchronization, even with a locked smartphone. These
two weaknesses allowed the theft of information. First, it was possible
to perform a Man In The Middle attack between the smartphone and the post
synchronization. The protocol also does not have an identification system,
the attacker could then retrieve the information by having himself installed
ActiveSync. Secondly, it was possible to retrieve synchronization information
by querying an ActiveSync service and pretending to be a
valid customer. This technique did not require a Man In type pre-attack
The Middle, but forced to find the identifier of a smartphone that has already been
synchronized to the ActiveSync being queried. The identifier, encoded on 31 bits, could be
obtained by brute force attacks.