Details of the new security features of Windows Mobile 5 including the very cool remote wipe feature

 Eileen's posted an interesting entry that links to an interesting webcast by Dave Field (Programme Manager from Redmond for the Mobile Devices Product Group) that explains the new features of Windows Mobile 5 (including the "Messaging and Security feature pack") - most of these are security oriented.

One of the most interesting security features is the ability to wipe the data from devices in the case of a security breach. There are two types of device wipe - there's local and remote. The local device wipe feature can be configured to activate following repeated failed device unlock attempts. Local device wipe will work even if there's no network connectivity and therefore is considered to be the primary protection mechanism.

The remote device wipe feature is cool as it works even if the SIM is replaced on the device as it relies upon IP connectivity to initiate the feature. It's worth noting that Remote Wipe does not clear the storage card - this would not be a problem for me as I only store music and photographs/videos on my storage card - my sensitive data is either not on the device at all, protected with Rights Management (hence not currently accessible on the device) or held on the internal memory which can be wiped. Upon activation the Flash memory of the device is formatted and it's over written twice - this is a requirement of FIPS 140-2.

A pre-requisite for the new security features is Microsoft Exchange SP2 (on the Front End server) which is due to go Beta very soon.

"spadcert.exe" can be used to install root certificates on the Smartphone - you can control the provision of the certs from Exchange SP2 and define wether the user can administer the store.

Exchange may seem like a strange place to administer the security settings of your mobile devices - this is the case as the platform (mobile 5) doesn't provide the facility to join a domain and therefore you can't pick up Active Directory Group Policy.

AES 256 bit support is provided via the Crypto API (v2). FIPS 140-2 certification is nearing completion.


Comments (0)

Skip to main content