Steve Lamb's Blog

Security Matters

Blogs

WiFi on my phone --> A whole world of possibilities both good and bad

  • Comments 3
  • Likes

I'm getting on really well with my new phone - the Orange M3100 I mentioned earlier this week. I won't bore you with the details.

One noteworthy point is that the device has support for WiFi - this was a deciding factor in my choice of device. Being able to browse with WPA authenticated access and even remote desktop into my home network is nice. The speed benefit of WiFi over GPRS makes the experience really good. The cost benefit of using WiFi instead of 3G helps too. The device switches traffic to the fastest available network out of WiFi, 3G and GPRS. All sounds good so far...

Being interested in security I've hit a snag that perhaps won't worry most people - there isn't a built in firewall on my phone. I know that there are several 3rd parties who provide personal firewalls for PDAs but the omission of built-in protection is disappointing. This limitation is not specific to the M3100 of course but rather to the platform itself.

The Windows Mobile platform includes a wealth of sophisticated security features including the facility for a remote administrator to erase it's data store if it's lost or stolen.

Given the extensive features for accessing and manipulating personally identifiable information (including email, diary and contacts) I suggest that a personal firewall should be installed BEFORE using WiFi.

Comments
  • Hi Steve,
    Interestingly this came up recently in a meeting with a client (a govt dep).
    They were quite worried that phones have a direct net connection but no firewall. I wonder if this is something that will be addressed in future versions of WM? Maybe you could investigate?
    Cheers
    Nathan

    PS Take a look at the Microsoft Messaging and Mobility User Group. http://www.mmmug.co.uk

  • Having a network connection doesn't necessarily mean you need a firewall, Mr. Lamb! :)

    What does a firewall do? It blocks unsolicited inbound connections. What do inbound connections, well, connect to? Listening ports on a host. Imagine that a host had no listening ports. There's nothing to connect to. Would such a host require a firewall?

    The answer, of course, is no. A firewall there would be useless.

    Windows Mobile is an example of an operating system that has no listening ports. Windows Mobile has no need for a firewall, because Windows Mobile has no open ports waiting for inbound connections. Go ahead, uninstall your security theater, you don't need it. :)

  • A good point well made. D'oh!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment