Microsoft's Push Security Problems

New analyst report suggests that push email system may leave enterprise data vulnerable

Dan Jones, Mobile Editor

October 26, 2006

1 Min Read
Dark Reading logo in a gray background | Dark Reading

A new research report says Microsoft Corp. (Nasdaq: MSFT) may face security issues with the way it implements "push email" for its Windows Mobile 5 operating system.

Analyst Jack Gold of J.Gold Associates has issued a report called "Microsoft's Direct Push Insecurity," which highlights possible security issues with the upgraded mobile messaging software. The potential flaws relate directly to the way the Excahnge SP2 email server update and latest version of Windows 5.0 transfer data.

The report states that the underlying "AirSync" code that is used to wirelessly update data between Exchange and the Pocket Outlook client can leave data on the device itself insecure.

"The current version of ActiveSync (and AirSync) can only do a file synch of specifically formatted datasets that meet certain Microsoft data requirements," says the report. "This means that any transfer of data, from Exchange Server to Pocket Outlook, for example, must be done in an unencrypted file state."

This isn't such a big issue while the file itself is being transferred -- over an SSL link -- but means that a user now has unencrypted files on their device. Microsoft has a password protection system for Outlook. Gold, however, says this isn't enough for potentially sensitive enterprise data.

"We believe that companies considering the use of Microsoft Direct Push Exchange technology should be very cautious," the report concludes.

A spokesman for Redmond tells Unstrung they are formulating a response to Gold's report. We'll update this story when we have answers from Microsoft.

— Dan Jones, Site Editor, Unstrung

About the Author

Dan Jones

Mobile Editor

Dan is to hats what Will.I.Am is to ridiculous eyewear. Fedora, trilby, tam-o-shanter -- all have graced the Jones pate during his career as the go-to purveyor of mobile essentials.

But hey, Dan is so much more than 4G maps and state-of-the-art headgear. Before joining the Light Reading team in 2002 he was an award-winning cult hit on Broadway (with four 'Toni' awards, two 'Emma' gongs and a 'Brian' to his name) with his one-man show, "Dan Sings the Show Tunes."

His perfectly crafted blogs, falling under the "Jonestown" banner, have been compared to the works of Chekhov. But only by Dan.

He lives in Brooklyn with cats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights