Details are available on a pdf entitled "Advanced Attacks Against Pocket PC Phones".
In summary, it seems to be possible to remotely execute code on a Windows Mobile device by seding a specially crafted MMS (multimedia message service) message to the target device.
A special word here: according to the documentation this is aimed at devices based on Windows CE 4.2 (corresponding to Windows Mobile 2003 and Windows Mobile 2003 Second Edition). There's no demo of this on Windows Mobile 5.0 (Windows CE 5.0).
The devices used for testing were the HTC Blue Angel (i-mate PDA2k, Dopod 700, O2 XDA IIs, Orange SPV2000, Siemens SX66, Vodafone VPA III) and HP h6315.
And while we are here, the Symantec Security Response Weblog is nice, but they don't have comments or trackbacks, so they don't know (easily) that we commented on their entry.
Other related posts:
Windows Phone and Android apps screen comparison
Windows Phone 8 Portico update: at last here in New Zealand
Windows Phone updates, again
comments powered by Disqus