Dec 28 Airscanner Reveals Possible Security Vulnerability With Spb Kiosk
Found in:Mobile News,
Security firm Airscanner has disclosed details of two possible vulnerabilities on Spb Kiosk Engine. The software is used by enterprise clients to lockdown Windows Mobile Pocket PC devices. The Spb Kiosk Engine allows users to run custom applications in kiosk mode. In this mode, the target applications are the only ones that can be used on a specific Pocket PC device.
In one of the advisories, Airscanner warns users that despite the device lockdown, it is still possible to execute programs via 'features' of the running application (eg. Pocket Word will execute programs via hyperlink). In addition, autorun is still enabled on the devices, which allows anyone with a SD Card or CF card to execute their own code on the device.
Administrators should disable autorun on the device by placing an autorun.exe file in the \windows directory with read-only options.
Another vulnerability is related to how the software stores an administrator's password on the device.
Advisories can be found here and here.
Bookmark | Permalink
Comments onAirscanner Reveals Possible Security Vulnerability With Spb Kiosk
advertise with us
» News Board
Mailing Listreceive the latest mobile related news and
Latest WM5 PocketPC, Smartphone, Palm and Symbian news about devices, technology, software and freeware
Pocket PC Software | Pocket PC Freeware | Palm Software | Palm Freeware | Symbian Software | Symbian Freeware | Smartphone Software | Smartphone Freeware | Hardware
MobileTopSoft.com, Copyright © Mobile Network 2005 - 2007. All Rights Reserved
ssd