Microsoft push email security questioned

US analyst report highlights concerns over Windows Mobile and Exchange support for push email, but UK analysts downplay the issue.

A report attacking Microsoft for a lack of security in its mobile push email platform may be unfairly critical, says a UK analyst.

US-based analyst Jack Gold of J. Gold Associates published a report last week which faults Microsoft for the way it implements the push function in its Windows Mobile 5 operating system.

The report, called Microsoft's Direct Push Insecurity, alleges insecurities in the recently upgraded mobile messaging software. The 'flaws' specifically identified in the report relate to the code which updates data wirelessly between Microsoft Exchange and the mobile client. The so-called AirSync code that sits on the client can leave the device's data unencrypted, says Gold.

"The current version of AirSync can only do a file synch of specifically formatted datasets that meet certain Microsoft data requirements," says Gold in the report. "This means that any transfer of data, from Exchange Server to Pocket Outlook, for example, must be done in an unencrypted file state."

Microsoft itself has yet to respond to the criticism, but some analysts are already expressing doubts about how much risk the potential flaw represents.

"I'd say that this is an anomaly that Microsoft needs to address rather than a full blown crisis," says Rob Bamforth of consultancy Quocirca. "Whenever a product gets more complex, then there are bound to be a couple of minor security consequences in the short term. I'd say in general that there's a huge step change in robustness between the old and new versions of Microsoft's mobile platform."

The feedback that Quocirca has been getting from end users on Microsoft and its recent spate of security controversies suggests that the vendor is heading in the right direction, says Bamforth.

"Microsoft has got better at dealing with security issues more quickly," he said. "In any case it's not always easy to pinpoint whether a particular problem is the fault of the wireless technology, the device itself or the transport mechanism. Microsoft's security vulnerabilities are an easy bandwagon to jump on."

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Npower shuts down app after hackers steal user data

Npower shuts down app after hackers steal user data

25 Feb 2021
New monitors for an agile new normal

New monitors for an agile new normal

19 Feb 2021