I'm no security expert, but a number of blogs are reporting on a recent security warning about ActiveSync 4.x and Windows XP machines. The gist of the issue, according to the security researcher who found the problem:
"... a hacker can walk up to a Windows XP PC with ActiveSync 4.x
installed, plug in a Windows Mobile device, and have direct TCP/IP
access to the computer. This works even if the computer is locked or
logged out.
Such attacks are possible because of a communication component called RNDIS (remote network driver interface specification), introduced with ActiveSync 4.x... The RNDIS component gives ActiveSync the ability to transfer its
syncing related data via IP packets within the USB connection...
The
problem is that in order for the ActiveSync operation to perform
authentication of the session, the RNDIS connection must first
establish an IP connection. Once the IP addresses are
assigned and TCP/IP data can flow, the syncing process starts. In other
words, a Windows Mobile device connected to a system with ActiveSync
4.x running will have direct TCP/IP access through an uncontrolled and
unprotected network interface."
What do you more security-savvy members think of this?