Bad, really bad
by Volker Weber
Now this is not trustworthy computing: The Windows-powered XDA smartphone stores the SIM-PIN in the registry. This means that after you've entered a SIM-PIN once on the device, you can always retrieve it. The PIN is stored in the first four bytes of a 256 byte binary block stored in
"HKEY_CURRENT_USER\ControlPanel\PhoneExtendFunction\ExtendData". Being part of the registry, this information survives a warm boot.
Comments
Microsoft and security, what a contradiction!
Frank Stangenberg, 2003-02-11