Yesterday we warned about a possible threat to basic Windows Mobile security. Turns out things are pretty serious across most GSM-type phones. ZDNet breaks it down:

An attacker could exploit the hole to make calls, steal data, send text messages, and do more or less anything a person can do on their iPhone, researchers Charlie Miller and Collin Mulliner claimed at the Black Hat security conference in Las Vegas.

That's certainly not good. And it's not limited to just the iPhone.

Meanwhile, a bug in the code written by HTC that controls the user interface on Windows Mobile devices could also be exploited via the SMS messages to create a situation where there are no buttons to push, so the phone cannot be used, said Miller.

Yep, that's bad. The good news is that Miller and Mulliner say it would take a couple of weeks for someone to compile the code needed for such an attack, and they're working with carriers and manufacturers to patch the exploit.

So are we worried? Not too much. It sounds serious, certainly. But we're not going be pulling our batteries while we sleep. If it's that bad, the carriers and manufacturers will patch it.

We hope.

More at The iPhone Blog and Technologizer

So a well known Mac hacker earlier this month claimed to have found an SMS exploit that would let an attacker take over iPhones with a series a text messages. Details of the flaw will be released Thursday at the Blackhat security convention in Las Vegas.

And not content to panic just the cool kids' table, Windows Mobile is now thrown into the loop. [via neowin]

Miller also claims he has found a bug in Microsoft's Windows Mobile devices that that allows complete remote control of the device. Miller discovered the bug last Monday and it's currently un-patched by Microsoft. It's not clear whether Miller plans to unveil full details of the Windows Mobile bug tomorrow or limited details until Microsoft has been made aware.

So there you have it. We're at FUD Level Orange on this one. Certainly a serious security flaw on an iPhone could be patched relatively quickly, but patching a Windows Mobile device, well, it's not like there's some automagical button that'll suck down updates from the mothership. On the other hand, we're not going to panic before panic's due. Stay tuned.

In the forums some users have found a neat little exploit to see other devices on the Sprint network. But is it something to worry about?

Probably not.

The trick is to use Resco Explorer --> Menu --> File --> Network --> Map Drive

After waiting a few moments if you hit the [+] sign to expand the list, you may see a bunch of device IDs. Interestingly, these appear to be all Sprint devices as WiFi is not enabled at the time and my Treo 800w is on Sprint.

So what is going on here?

Click to read an explanation plus some more screenies...

Read the rest of this entry »