My window to the world

Remote Code Execution on Windows Mobile

By Mauricio Freitas, in , posted: 8-Aug-2006 21:27

Hmmm. Wouldn't you know this? According to the Symantec Security Response Weblog Collin Mulliner demonstrated a remote code execution flaw via MMS on Windows CE during the last DefCon.
 
Details are available on a pdf entitled "Advanced Attacks Against Pocket PC Phones".

In summary, it seems to be possible to remotely execute code on a Windows Mobile device by seding a specially crafted MMS (multimedia message service) message to the target device.

A special word here: according to the documentation this is aimed at devices based on Windows CE 4.2 (corresponding to Windows Mobile 2003 and Windows Mobile 2003 Second Edition). There's no demo of this on Windows Mobile 5.0 (Windows CE 5.0).

The devices used for testing were the HTC Blue Angel (i-mate PDA2k, Dopod 700, O2 XDA IIs, Orange SPV2000, Siemens SX66,  Vodafone VPA III) and HP h6315.

And while we are here, the Symantec Security Response Weblog is nice, but they don't have comments or trackbacks, so they don't know (easily) that we commented on their entry.


Other related posts:
Windows Phone and Android apps screen comparison
Windows Phone 8 Portico update: at last here in New Zealand
Windows Phone updates, again






comments powered by Disqus

freitasm's profile

Mauricio Freitas
Wellington
New Zealand


I live in New Zealand and my interests include mobile devices, good books, movies and food of course! 

I'm the Geekzone admin. On Geekzone we publish news, reviews and articles on technology topics. The site also has some busy forums. Also worth visiting is TravelTalk NZ, a community for travelers!

Subscribe now to my blog RSS feed or the Geekzone RSS feed.

If you want to contact me, please use this page or email me freitasm@geekzone.co.nz. Note this email is not for technical support. I don't give technical support. You can use our Geekzone Forums for community discussions on technical issues.

Here's is my full disclosure post.

A couple of blog posts you should read:


Social networks presence

View Mauricio Freitas's profile on LinkedIn


My Blog by tags...

Blog...
Entrepreneurship...
Media...
Personal...
State of Browsers...
Technology...
Viral Marketing...
Web Performance Optimization...
Windows...
Windows Phone...

Other recent posts in my blog

Google crawling Geekzone HTTPS...
Geekzone gone full HTTPS...
Microsoft Ignite New Zealand, ...
If the headlines indicate the ...
Geekzone data analytics with P...
State of browsers Geekzone Mar...
2Cheap Cars discussion...
Now with more fibre...
Unlimited is not unlimited: Vo...
How bad is Vodafone cable at t...

New posts on Geekzone