Updating Windows Mobile Phones
Nothing we ever create, especially software, is ever perfect. One of the banes of professional systems administrators is the software update process, and the risk trade-offs it entails. Patch with a bad patch and you can crash a system; fail to patch soon enough, and you may fall to a known attack vector. The mobile phone companies have taken an innovative approach to the problem: They ignore it. It makes perfect sense to them. If a hacker bricks your phone, they’ll sell you a new one, with a new two-year lock-in.
I suspect this is frustrating to the authors of phone software, who have their own brand to consider:
Artak Abrahamyan , Technical Support Specialist from i-Mate, responded to my email requesting when they’d be releasing MSFP [Microsoft Security & Feature Pack] updates …Although I requested information about which devices would be receiving updates, he didn’t provide that information. My hope is that it will be for all of the Windows Mobile 5.0 devices that i-Mate has released so far. Looks like we’ll see this in early March. (From “Smartphone thoughts“)
This ‘innovative’ approach to preventing customers from getting at a patch has many upsides in fewer software variants running, higher assurance for the telco, and more time for worm writers to hone their attack code.
I am reasonably confident that my phone has security issues. (I’m not slamming Microsoft here–I’m reasonably confident that all software I’ve ever touched has security issues.) However, I have a phone running Windows Mobile, and so I’m aware of my failure to patch. I’d like to see a mobileupdate.microsoft.com that allowed me to bypass this telco nonsense and get patches.
[Update: While I’m talking about telco security, let me mention the idiots at Cingular, who insist that caller-id is a good way to authenticate me to my voice mail, and refuse to give me a way to add a password. If you don’t understand why that’s a bad idea, “this google search” may enlighten you. Take a look at those ads.]
(Phone box photo by Alex Segre, on Flickr.)
why should they go through the effort of making things work right if people are still buying cell phones without caring about it?