Researchers use Exchange for smartphone mayhem

http://www.blogcdn.com/www.engadget.com/media/2009/07/android-eats-exchange-nom-rm-eng.jpg

An attacker can steal your contacts, snoop on your email and erase all data from your iPhone or Android device using Microsoft Exchange, a Perth university lecturer has revealed.

Peter Hannay discovered that by pushing policy to phones he could wipe the devices clean and likely steal data and sniff outgoing emails.

“There is nothing technically difficult to this – it's really easy and really lame, and that's a problem,” the Edith Cowan researcher told delegates at the Kiwicon security conference. “We can set a minimum length for device passwords, demand as the server that a 65,500-long character password be set … and set the screen lock to a one second timeout and give one password attempt.”