Next up is Simo Järvinen, owner of the DRM package:
Meet the Package Owners: Simo
Posted by Craig H on 19 October 2009
Posted in People | Leave a Comment »
Security Strategy Working Group
Posted by Craig H on 15 October 2009
We are forming a working group to decide what the Symbian community’s strategy should be in dealing with security issues on the Symbian Platform. This is an example of Symbian’s commitment to open governance, and membership of this working group is open to any Symbian Foundation member.
There are some interesting challenges, both in the operation of this working group and in the operation of whatever processes the working group decides should be put in place, arising from the tension between the desire for openness in our dealings with the community and the harm that could be caused by disclosing security vulnerabilities to the world before a fix or workaround is available.
Full details of the remit of the working group are on the Symbian Developer wiki. We already have several working group members signed up, and if you are a Symbian Foundation member and would like to participate, please go ahead and join in!
Posted in Open Source, Vulnerabilities | 1 Comment »
Meet the Package Owners: Santosh
Posted by Craig H on 7 October 2009
I thought it would be a good idea to introduce the package owners in the security technology domain; these good people don’t work for the Symbian Foundation, but they do work very hard on the Symbian Platform code, and deserve public recognition for that :-).
We thought we’d try an interview format for these introductions, and Santosh Patil, owner of the OS Security package, bravely volunteered to be the first up.
Posted in People | Leave a Comment »
Worry Less About Malware, More About Losing Your Phone
Posted by Craig H on 25 September 2009
There’s a very good article on the PC World Magazine site about the risks of mobile phone banking. The author, Eric Larkin, rightly suggests that the biggest risk is the physical one of losing your phone and someone finding information on it that could be used for identity fraud.
I don’t have good statistics on the number of mobile phones infected with malware yet, although I am in discussions with the GSM Association Security Group to see if we can publish some; still, I’m personally convinced it’s nowhere near “1 in 63”! Statistics on the theft of phones are easier to come by. In the UK, a 2009 report published by a government department states that 2% of mobile phone owners had their phones stolen in the 12 months covered by the survey – that’s 1 in 50. More people must surely have lost their phones by accidentally leaving them on trains, buses or in taxis, so physical loss of your phone does indeed seem to be the biggest risk.
The lesson? USE THE DEVICE LOCK ON YOUR PHONE! Yes, it’s a little bit of extra inconvenience, but it’s an important protection against identity fraud, which a lot of people are worrying about these days. There are step by step instructions for various devices here.
Posted in Risks | Leave a Comment »
Can You Crack the Code?
Posted by Craig H on 21 August 2009
Partly because it’s summer, partly because I visited Bletchley Park this week, but mostly because I’ve been intrigued by it for years, I’m posting a challenge on an enigma very close to the Symbian offices (most of us here walk past it every day!)
There’s an area of historic housing on Mitre Road and Ufford Street, between our office and Waterloo station. It was built by the Ecclesiastical and Church Estates Commissioners for England around 100 years ago, inspired by the ideas of Victorian housing reformer Octavia Hill (after whom it is now named). The thing that intrigues me is the irregular pattern on the cast iron railings at various points on the boundaries of the estate along Webber Street and Short Street:
Posted in Amusement | 12 Comments »
Mobile Malware "Study": Not News
Posted by Craig H on 31 July 2009
SMobile Systems put out a press release this week, with the headline “One in 63 Smartphones Infected by Mobile Spyware and Malware”. Unfortunately this headline is grossly misleading, and it has therefore been the cause of a lot of inaccurate reports.
It’s striking that SMobile Systems have chosen not to publish any of the supporting data from this “study”. I believe this is because, when the actual data is examined, the accurate conclusion is malware or spyware found in only 31 infected smartphones, most of them obsolete, which would, of course, be of no interest to any news media.
Posted in Malware | 7 Comments »
Signed Malware, Revoked
Posted by Craig H on 16 July 2009
A number of blogs and news sites have picked up on a report from Dancho Danchev last week, identifying some malware that was submitted to, and signed by, the Symbian Signed portal.
As soon as we were notified of that (the following day) we revoked both the content certificate and the publisher certificate used to sign the malware. That means that the Symbian software installer will not now install the malware, providing that revocation checking is turned on. Unfortunately, revocation checking is often turned off by phone manufacturers, because the data traffic could cause problems for people who do not have a data plan as part of their service or who pay for data by volume.
Here’s how to turn on revocation checking, which we strongly recommend if you have a flat-rate data plan:
Posted in Malware | 7 Comments »
We're Off and Running!
Posted by Craig H on 8 July 2009
Today we have reached a significant milestone for us Symbian security people, and for the Symbian Platform in general. The OS Security package source code is now available under the Eclipse Public License (EPL) and it is the very first package to be officially moved from the closed Symbian Foundation License (SFL) to be open sourced under the EPL.
I want to publicly thank everyone who pulled out the stops to make this happen, particularly Santosh Patil and William Roberts who did most of the heavy lifting, but also many others who were involved in the approval process inside and outside Symbian.
Why was this package the first to go through this process? There was a practical reason and a symbolic reason:
Posted in Open Source | 21 Comments »
Making a Difference
Posted by Craig H on 6 July 2009
On Saturday I attended OpenTech 2009, hosted at the University of London Union. I hadn’t been before, but I was particularly intrigued by this year’s theme: Working on Stuff that Matters. The attendees were a motley collection of social activists, technology advocates and alternative lifestylers, but I think our common cause was the desire to make a positive difference in the world in some way. That really resonated with me, as that same desire was a crucial element in my decision to join the Symbian Foundation earlier this year.
I want to briefly (yes, I know I’m really bad at that ;-)) mention some of the ways that I’ve been thinking about in which we (the community) could take advantage of the unique and powerful opportunity that the Symbian Platform offers, to make that positive difference. You may or may not agree with my ideas, but the fundamental thing I want to do is to throw open the challenge. I’m going to focus on security as that’s where my expertise is, but if any other good ideas come up I’ll be happy to move them over to the main Symbian blog for further exposure.
Posted in Open Source | 1 Comment »
Femtocells and Security
Posted by Craig H on 25 June 2009
The Femtocells World Summit is in London this week; I haven’t attended, but I have seen articles about it that have me wondering whether there are interesting security issues emerging.
First, what’s a femtocell? Essentially, it’s a short-range, miniaturised version of a mobile phone mast. However, instead of being directly plumbed in to the phone network, calls made through a femtocell are routed over broadband Internet connections so they can be used in areas where the normal phone network coverage is poor or non-existent.
Posted in Network Protocols, Privacy | 8 Comments »
Franklin Heath Ltd 