Random musings on mobile software development...
Who will guard the guardians?
Sorcery-ltd | 24 May, 2008 14:15
This is a dual purpose post. First I want to highlight the brilliant work of one of my fellow Forum Nokia Champions - Marco Bellino of Symbian Toys fame. His recently released application, Guardian, is really impressive and I strongly recommend downloading it to check it out (and no I'm not getting paid to say so!).
Guardian is a complete security and anti-theft solution for your smartphone. Here are the top features listed on the website:
- Sim Changed notification through Invisible sms
- Password Protection of messaging, gallery, contacts or any other
application
- GPS Localization and Tracking through GoogleMaps
- optimized for Low Memory and Battery consumption
- and MUCH more...
So, if someone steals your phone it can keep your personal data safe from access via the phone (it doesn't protect contents of the memory card being viewed in another device of course). If you cancel your subscription and the theif puts a new SIM into the phone then it will send you an SMS (to another number of your choice) telling you the new phone number without any notification on the device. Why would you want to know this? Well it also has some very impressive remote control functionality. You can send SMS messages to the stolen device and access contacts and messages (or delete them) without the new user having any idea this is happening. You can also get the phone to send you its current location - GPS co-ordinates or Cell ID. In the case of phones with GPS that can get a position fix, you even get a link to Google Maps back showing you exactly where your phone is. The application auto-starts and runs invisibly in the background. If you use it to protect itself then no-one can change the settings either.
At the moment the remote control system is a little "techy" (see the user guide on the website for details) but Marco tells me he plans to improve this in the future with a remote control client application of some kind (maybe a Java ME app, or a web interface, or possibly both).
I think this could be an extremely popular application for celebrities and anyone living in an area where phone theft is a big problem. I could also see it being used by parents on their childrens' devices. They can not only track them when they're out longer than they should be but also spy on what messages they're sending and receiving. All a bit "big brother" (no, not the TV show).
What's the most impressive thing about all of this though? It's all been done without using any restricted or device manufacturer capabilities!
When I first tried it out I was convinced it must need TCB capability, or at the very least AllFiles, and possibly also NetworkControl. Having thought about it a little though, I can see how it's all done without them. This means that an application with this kind of functionality can be Express Signed and even distributed unsigned and then Open Signed by users (i.e. no traceability).
This brings me to the second part of my post - the implications of all this for security and Symbian Signing!
Another less benevolent application having this kind of functionality could be the worst kind of malware. It can go through your contacts and send dowload links to itself to all your friends without you knowing. The messages would come from you so they're quite likely to be trusted. It can then delete all your contacts so you can't warn them or just lock you out of all the applications on your device (no reason to give you the option to enter a valid security code in malware). It can also auto-start when you reboot your phone so your only option is likely to be re-flashing the device, otherwise it's a brick. I expect similar malware could also make repeated call setup attempts and thus disrupt the network. It can also send SMS to premium rate services (and probably also hide the reverse billed type coming back) so you don't notice what's happened until you get your bill (or run out of credit). Additionally all of this functionality could be dormant in an otherwise useful application and only triggered by a message that is silently hidden away. Also, what's to stop someone secretly tracking your location (at your expense) in the same way Guardian could be used by a parent?
If all of this can be acheived without the most sensitive capabilities then what exactly is Symbian Signed protecting end users from and how?
Well, to get the widest distribution the malware would need to be Express Signed at least. In that case a Publisher ID is needed and in theory at least it should then be possible to track down the developer. In reality I doubt that serious malware author couldn't find a loophole to get access to a Publisher ID without revealing their real identity. Or disguise their application as something useful and go through a publishing house that has less stringent ID checking than the trust center.
Another possiblity is that Symbian Signed can revoke the certificate - but is that system actually in use? Are there many (any) phones out there that enable a check?
Guardian doesn't tell you about its capabilities when it's installed (although to be fair the user guide spells it out in full) and Symbian Signed no longer requires an application to do so. It seems to me that this signing program is attempting to take some of the resposibility for security away from the end user. Is that really possible? I'm not so sure.
The other feature of Symbian Signed is policing application quality - more about that in my next post...
I think I might be in the market for a trustworthy Symbian anti-virus, or just a program that checks things like auto-start and the capabilities when I install and lets me make a decision about whether I trust the application (developer) enough to let it do what it wants (I don't really want to have to use Marco's SisXplorer on everything I install).
Discussion on this topic is very much encouraged!
P.S. Actually I believe Guardian is technically a Symbian Signed failure. It currently allows the user to protect the Telephone application and when that's in place you can't make emergency calls without entering the security code - a type approval failure for the phone. I wouldn't suggest anything other than leaving Marco to release an update that fixes this though - in the mean time, just don't use the feature.
General, S60, Symbian C++, Testing |
Next | 
Previous |
Comments (4) | 
Trackbacks (0)
Comments
Not first, just new
Sorcery-ltd | 25/05/2008, 14:02
Hi Lucian,
Thanks for the comment. No, it's not the first such application but it is new. I also think it is the most comprehensive yet in the functionality it includes that could be used for evil purposes and does it all with fairly basic capabilities.
Symbian Signed has never claimed that it prevents malware but, as I understand it, it is supposed to:
a) Improve consumer confidence.
b) Restrict the possible harm done to the phone.
I guess I'm saying that it's likely to do neither. It's still necessary for AllFiles, DRM, TCB to enable the deployment of genuinely secure applications and anti-piracy measures.
Guardian is going to be fairly tricky to remove if the user protects the software installer and application manager with it. I think the quick and easy option is to re-flash. Which is OK as long as Guardian is spotted before the theif has been tracked.
Mark
Guarding the guardian
bharatuppal | 26/05/2008, 13:42
Hi
Yup guardian really is a nice software but just a thought came in my mind when i was trying it,
Now a days i guess majority of the people are aware of this anti theft softwares installed on device and assuming the thief to be smart enough before inserting a new simcard he just checks the mobile phone(offline mode) whether the anti theft software is installed or not and uninstall it on seeing it and then can continue to use the device without any danger.(may be i am thinking a lot but this could be a smart option :) ) then I dont find the use of all the advantages above. :P
Solution:- may be anti theft software should have an option of asking for password before uniinstalling it just like phone guardian.
Guarding the guardian
bharatuppal | 26/05/2008, 13:46
Okie may be the purchased version might have that option as mentioned in the user guide
great then
Who am I?
Mobile and embedded software developer. Loves technology and loves to help people.
Calendar
Recently...
- Python for Series 60 Community Edition!
- New Stuff for Symbian C++ Developers
- S60 Under-engineered?
- Open License Manager?
- Symbian Foundation Implications
- The Good, the Bad and the Ugly
- Symbian Signed - a proposal
- Application Quality & Numpty Physics
- Who will guard the guardians?
- N-Gage - first impressions
Categories
- Browsing [1]
- Business Opportunities/Services [0]
- CDMA [0]
- Connectivity [0]
- Enterprise [0]
- Entertainment [0]
- Event [1]
- Flash [1]
- Games [2]
- General [12]
- Java [0]
- Location Based Services [0]
- Maemo [1]
- Messaging [0]
- Open C [1]
- Python [2]
- S60 [6]
- Series 40 [0]
- Series 80 [0]
- Symbian C++ [6]
- Testing [4]
- Web Run-Time (WRT) [1]
- Widget [0]
Re: Who will guard the guardians?
ltomuta | 25/05/2008, 12:21
It is not the first "guardian" (or "monitor") type of application that manages to prove (or remind) that Symbian Signed does not certify an application against it being a malware/spyware. In fact I don't even think that Symbian Signed makes such a claim, but it is certainly perceived that way.
While I believed for a (short) while that an anti-virus application for Symbian OS 9.x simply does not make sense, now I'm making a priority from finding a good trust worthy solution with a good anti-malware and anti-spyware filters (and no, I am not paid to say so either).
P.S. How long is going to be until somebody will start selling a PDF with instructions on how to remove the "Guardian" from a stolen phone? ;)