Stolen HTC phone with Windows Mobile 6.5 wiped remotely

Last week at the Mobile World Congress, many vendors launched their new Windows Phones and one amongst them was HTC which launched two new models - HTC Touch Pro2 and HTC Touch Diamond2. A HTC prototype Windows Phone loaded with Windows Mobile 6.5 was pick-pocketed from an executive's pocket during an evening function at the Mobile World Congress.

The stolen Windows Phone is believed to be either a HTC Touch Pro2 or HTC Touch Diamond2 and was given by Microsoft to Telstra's CEO Sol Trujillo to try and test the new Windows Mobile OS. Sol handed it to an unnamed executive who was then pick-pocketed.

APC Magazine has confirmed from its sources close to Microsoft that the entire operating system and all the user data on the handset were remotely erased from the phone as soon as the theft was reported.

It is not sure whether this theft was aimed at Sol's private data or getting hands on with the new beta version of Windows Mobile 6.5 and the new HTC Windows Phone. However, Windows Mobile users should be happy that a remote cleanup of the OS did save the day (if the pickpocket had not taken any backup in the meantime)

It always becomes necessary to back up our phone data and be prepared for situations like this. Its a good coincidence that Microsoft also released My Phone, a service to sync text messages, photos, video, contacts and more to the Web, at the Mobile World Congress.

Report a problem with article
Previous Story

Windows 7 Upgrade Program shifts to June 28

Next Story

The Pirate Bay trial, '80% of our torrents are legal'

40 Comments

Commenting is disabled on this article.

I sincerely hope that this "remote wipe" function is just some security software they had installed as a security measure because it was a sensitive device with confidential stuff on it, and that they can't just remote wipe my phone (or do god knows what else with it) remotely.

The article is fud. If you join the phone to an exchange server and you have the lockdown policy in effect then if the phone is stolen there area couple of options. Option A. The moron who stole it will attempt to guess the unlock code, fail and wipe the device.Option B you can push out a remote wipe in which it will wipe the data by forcing a hard reset. There is no such thing as wiping the OS that is in rom.

In production phones, no. At least you'd hope note. But as this was likely a prototype of some sort, whos to know what security measures they would take.

People, Microsoft wouldnt waste their time building a program like this when theres about 100 better consumer features which they could update. There are several pieces of software similar to this:

http://www.bak2u.com/phonebakpdaphone.php

Which would achieve what is described here. It is highly likely for a prototype phone or a phone with senstitive data that this software could have easily been loaded on as such a backup method.

it was first reported that the phone was stolen, then microsoft (they have all the wm 6.5 phones under 'control') reported they hadn't received reports of any phone missing, now it's back to being stolen again? it's just a phone! i dont care!

That's because it's not your phone. It contained an unreleased proprietary OS and possibly confidential HTC data.

The only problem I would have with a remote wipe, would be if your phone carrier thinks it "appropriate" to wipe your phone, if you are .210 seconds late on paying your bill.
If a remote wipe were available, it should be the owner who could do it, NOT the carrier without approval of the wireless phone owner.

Correct, the kill switch is built into Exchange ActiveSync. Remote Wipe is available on Windows Mobile and iPhone when syncing to Exchange 2007. (And 2003 but not very user friendly.)

The remote wipe is a function of Exchange, carriers can't do it just because you don't pay the bill. It needs a connection to the exchange server which you control.
I've done it with a phone here. Got a demo phone whcih I synced to our exchange server, phone broke and I couldn;'t turn it back on to wipe it, so I set it to remote wipe next time it connected to our exchange server and it worked a treat.
AFAIK it you can't do the whole OS with it unless MS have their own thing. Mine would only do contacts/calendar/mail etc that is synced with exchange.

what i am pulling from reading this has nothing to do with someone stealing the Phone but rather that Microsoft and the Phone maker have a way to remotely damage/erase/corrupt/tamper with your mobile phone and the information stored within it. .... I do not like that idea... then again Apple has been doing it so sure why not have everyone else join the party.

Remote Wipe is a standard feature of Microsoft Exchange 2007 (it can be done with 2003 but not as easily) -- the people who had access to remote wipe his data would be the IT admins at Telstra not Microsoft. There is no kill switch in Windows Mobile except for the ones Microsoft built for IT admins in this exact situation.

It's actually so easy to do, the user has the ability to do it from their Outlook Web Access control panel.

(that is from MY mailbox)

Exactly Marshalus!

You would have to pair your phone with a remote wipe capable Exchange Server and then you (or your network admin) can initiate the remote wipe.

In Outlook Web Access running on an Exchange 2007 server you can initiate the wipe yourslef or an admin can do it from the management console...

That puts the control in your hands and your company's hands not Microsoft's or anyone elses. A HUGE difference from the stuff Apple was trying as Apple had that power...

Don't want anyone capable of remote whiping your phone? Don't pair it with an Exchange server :P

True, but it does work with any Exchange ActiveSync device, not just Windows Mobile. I have actually remote wiped my iPhone just to test it, it's going to be really really handy if I ever manage to lose my phone. It's almost instant and it's a full reset of the device, not just e-mail. I even had to go back through the iTunes activation process to get the phone to work again.

That said... Microsoft may have some other type of remote kill if they were able to nuke the OS on testing devices. To my knowledge there is nothing that will fully blow away the OS on the phone.

One interesting implication of this feature is that using Google Sync with a Windows Mobile phone will grant Google the ability to wipe your phone remotely. I've not yet tried the service, but if they provision any security policies at the first sync, they can do this without any confirmation (otherwise, you'll at least get a wipe/don't wipe prompt).

Ah well eitherway, theres plenty of 6.5 roms floating around now and theres roms incorporating the new touchflo which is a vast improvement on the current touchflo3d. And on the otherhand I guess the news showacases some of the more extraordinary WinMo apps, like this one and others which lockdown the phone remotely for situations like this. Although id rip the sim out and shutdown wifi initially if I ever stole a phone...so how effective they actually are

If this was industrial espionage, it (probably) wouldn't make much difference wiping it, they could probably retrieve the data.

Does no-one else think that this sounds like a massive publicity stunt? Every news site has absolutely lapped it up with (free) front page coverage and it essentially advertises 2 things for microsoft

"good coincidence that Microsoft also releas..." - this sounds like MS ad.
Also one serious question is why the hell MS has access to the phone remotely?

They don't , Something like MASPware GuardMobile must have already been pre-installed on the device before it was stolen allowing it to be hard reset remotely and relaying the phones location ...

I can wipe all my company iPhones from my Exchange Server. Most (probably all) devices that sync with Exchange can be remotely wiped. There's a reason why Exchange is teh shiznit.

mixpix said,
Exchange has had this ability for a while now. It's nothing new.

Exchange only wipes the users specific data. It sounds like Microsoft was able to wipe the entire phone, OS and all.

My guess is that its too late.

A look over on the [< snipped > - CalumJR] firstly show several 6.5 ROMS. Unknown as to them as some was already leaked before the above forementioned theft.

The clincher in my eyes thou is the new TouchFLO software on the new Touch2 phones. It has already been leaked and is currently being ported for the standard Diamonds.

Either it was leaked internally from HTC due to it not being officially out on any phones yet, or it is from the stolen one.

The only real, and obvious, way to tell is to wait. If it leaks, then chances are the remote wipe wasn't effective or the thief immediately backed up the OS.

wow thats convenient if you lose your phone. my no.1 worry is that all your personal stuff gets leaked on the web but i guess this would stop that from happening.

SojIrOu said,
wow thats convenient if you lose your phone. my no.1 worry is that all your personal stuff gets leaked on the web but i guess this would stop that from happening.

If there's something on your phone that Microsoft doesn't like it might mysteriously have gone missing one day.