Gartner Says Microsoft's New Mobile Email System Is Not Secure

A pair of analysts who work for market research firm Gartner say that the email system for Windows Mobile 5.0 that was unveiled last week isn't secure enough to be used safely by large companies without the addition of third-party software.

In a research note on the Gartner web site, the analysts, Dion Wiggins and Nick Ingelbrecht, say this system doesn't do enough to protect secret information if a device is lost or stolen.

Although the software allows administrators to remotely wipe all the information on a device, this doesn't include all the files stored on an SD or CompactFlash card.

"Wiping the devices' memory is of limited use, since data on removable media is not erased and remains exposed. Because mobile devices have limited Storage capacity, most users store data on media, such as memory cards, that can simply be removed from one device and read in another," the research note says.

In the analysts' opinion, to be truly secure all the data on the device -- including memory cards -- must be encrypted, and this isn't a standard feature of Windows Mobile 5.0 or the new email software.

The analysts' clearly found this somewhat surprising, as the necessary cryptography application programming interfaces (APIs) are already built into the operating system.

"Microsoft has missed an opportunity to show leadership in mobile security and have the market declare that the company has made Windows Mobile 5.0 secure," Wiggins and Ingelbrecht said. "We believe it should have provided an integrated management and security framework for the platform. Microsoft continues to rely on third-party vendors to plug its mobile-security shortcomings."

Thanks to iPAQ HQ for the tip.

Related Links

• Microsoft Unveils Push Email for Windows Mobile 5.0
• Windows Mobile's Upcoming Email System Isn't Exactly Push