Windows Mobile Direct Push leaves data vulnerable

Analyst Jack Gold of J. Gold Associates, a wireless security firm, is reporting that Windows Mobile 5.0 may be storing data received over the air with inadequate protection. Although data may be encrypted as it is transmitted, Windows Mobile 5.0 cannot store it in an encrypted format. The data is then only protected by a password, something that many corporate firms may find to be inadequate. The problem lies with AirSync, a derivative of ActiveSync used to transfer data to devices, Gold said. ActiveSync and AirSync can only transfer datasets with specific types of formatting, meaning encrypted data can’t be transferred from Exchange Server to Pocket Outlook.

According to ZDNet, Microsoft is not denying the report but is following up.

Unlike Microsoft, Research and Motion and Good Technology support the encryption of data on their devices.

Read more about this story