Platform | Windows Mobile | Android |
Vulnerable | Windows Mobile 6 Professional | Android 2.1 |
Windows Mobile 6 Standard | Android 2.2 | |
Windows Mobile 6.1 Professional | ||
Windows Mobile 6.1 Standard | ||
Fixed (upon disclosure) | Windows Mobile 6.5 | Android 2.3 |
After carrying out several tests in mobile phones sold in Japan by different operators, I can state that the following handsets are vulnerable, up to September 2011.
Platform | Product name | Operator name | Status |
Windows Mobile | HTC TOUCH™ DUAL | DoCoMo HT1100 | Discontinued |
HTC TOUCH™ DIAMOND | DoCoMo HT-02A | Discontinued | |
HTC TOUCH™ PRO | DoCoMo HT-01A | Discontinued | |
HTC TyTN II™ | EMobile S11HT | On sale | |
HTC TOUCH™ DUAL | EMobile S12HT | On sale | |
HTC S740 | EMobile S22HT | On sale | |
Android | HTC ARIA | EMobile S31HT | On sale |
HTC DESIRE | Softbank X06HT | On sale | |
HTC DESIRE | Softbank X06HTII | On sale | |
HTC DESIRE HD | Softbank 001HT | On sale | |
HTC EVO WiMAX | Au KDDI ISW11HT | On sale |
Regarding the security hotfix for Windows Mobile, HTC discontinued the support downloads for Windows Mobile 6 and Windows Mobile 6.1 handsets time ago. Unfortunately, the operator EMobile did not install the hotfix when it was available and as far as I could test products on sale are vulnerable. Users have no way to protect their handsets against the vulnerability.
Regarding the security hotfix for Android, HTC has not announced any security update related to the vulnerability for the affected versions, Android 2.1 and Android 2.2. The advisory was, however, reported to the company in 2011/02 (then disclosed in 2011/07) and the security flaw was fixed for Android 2.3. Users of HTC / Android products should update to Android 2.3 to protect their handsets.