Silicon Valley doesn't respect Nokia

Wed, 20 Aug 2008 23:57:50 +0200

In response to the article I found on Forbes.com, Nokia Software Problem, let me collect my remarks on the statements in a single post. The list of statements below simply follows the same order as they appeared in the original article.

"Nokia sells close to half of all smart phones worldwide"
Well, around 70% would be more accurate, but then it couldn't have been said that "close to half".

"N95's only edge was in watching video"
Hmm, let me smile at it. I think GPS, 5 megapixel camera, WiFi, etc. also come in handy every now and then. These things were all new in a Nokia device at the time when N95 was introduced and although Nokia might not have been the first in introducing them, the point is that video was not the only thing users could enjoy.

"Symbian is not dead, but it has a limited amount of time to act to capture developer mind share before it is too late,"
I don't know how many times I wrote this on various forums: developing for a Symbian-based device does NOT mean pure Symbian/C++ development. On the contrary, the range of possibilities is much wider: you can program in Flash (Lite), Java (Mobile), Python (for S60/UIQ), (Open) C, Widgets, .NET, NS Basic, etc. My question is not solely addressed to Apple: is there any other manufacturer in the world who can compete with this at this very moment? Is it the not-closed-but-not-too-open-either Apple who although enables Objective-C development, but nothing else? For example, Java, which is not only available on all other platforms, but also the primary language for 3d-party development on Android? Not as if I had heard too many good things on iPhone developer support, but are they really the ones who will save the world?

"Applications written for the iPhone, by contrast, will run on every iPhone."
Ehh, typically naive, beginner approach. I wouldn't write an article if I were such a beginner, though. How many iPhone models can we talk about at the moment? Two. There's a rumour on Apple introducing iPhone Nano still this year and I bet that that device would introduce variation both in hardware (e.g. screen size) and software. And having spent almost a decade with mobile software development, I can tell you that software development becomes exponentially more complex with the introduction of variations. I think we should get back to this question in 1-2 years time-frame and then we'll see how programs written for old models will work on new ones and vice versa.

"Carriers here have been loath to give Nokia much love over the years"
Yeah, this one is a hit on the nail. I find it very interesting how much North-American carriers favour US phone manufacturers (Palm, Microsoft, Apple) and Canadians (RIM). It is one of the root causes (if not THE) why Nokia has failed to successfully enter North-American market.

As to developing software for mobile platforms, it's worth noting that it's becoming more and more popular to rely on a thin client software responsible mainly for the User Interface, while storing data and implementing heavy business logic on a remote server. So often, the thin client is a browser or an application capable of providing "browser-like" behavior. This is something iPhone, the latest Nokia S60 phones, Windows Mobile are (and the newcomer Android will be) good at. And lots of people say that this architecture is the most suitable solution for cross-(mobile)platform software.

In my opinion, it's too early to talk about the dethronement of Nokia by Apple and RIM. Just count the number of phones sold, how many models various manufacturers have on market, how long has a manufacturer been on market, etc. and we'll have just the right amount of information ... to be silent. The author of the article fails to see that global market is not equal to American market, over-emphasizes the importance of Silicon Valley and can't think of the possibility that these platforms, devices, manufacturers can co-exist with one another.

Otherwise the article was good,

Tote :)
mobile-thoughts.blogspot.com

Another hack for Symbian Platform Security

Sun, 09 Mar 2008 23:35:04 +0100

One of my articles that has gained lots of attention was written about hacking Symbian Platform Security. Although it turned out that reproducing the workaround found by Symbiaali is laborous, requires strong technical knowledge and its wide-spread use is very unlikely, it clearly showed me that people were interested in this topic.

Today I found another post at Symbian Freak that describes just another way to turn Symbian operating system's well-known permission checking feature off. Although I don't agree with the title of the article (good-bye?? S60??), I think at least it's worth a few words.

What is this crack about? How can we cheat Platform Security capability checking so that it does not care if our program really has the capability being checked or not? Well, in a very special way:

Take a development environment for Symbian, like CodeWarrior Pro or Carbide.C++ Pro. Please note that you will need the ability of on-device debugging, that's why CodeWarrior Personal/Carbide.C++ Express is not enough. I'm unsure if Carbide.C++ Developer Edition was enough (this is between Express and Professional), but I doubt that. More on this later.
Prepare everything for on-device debugging (connect phone to PC, install MetroTRK to phone, etc.).
Start any program from within the development environment (aka IDE) in debug mode.
Change some bits in the kernel stack responsible for security enforcement. This is the most critical place, where you can really turn everything upside-down. And since you can do that, I believe it's Carbide.C++ Professional Edition that you need and not Developer - latter is less expensive, but in turn it provides only on-device application debugging in contrast with Pro's system debugging.
Voilà, we're done - we have access basically to anything.

Disadvantages

The crack is temporary, since everything is done in RAM.
Required tools are expensive: CW Pro was available at ~$1.700 (the product is discontinued and cannot be bought officially), Carbide.C++ Pro can be purchased for $1.300.
Break is limited to one device.
Proved to work only on Nokia N80, on other "hotter" devices (like the N95) it does not work or at least nobody has been able to make it work so far.

What kind of damage can a cracker still do?

Explore file system, discover what is stored where and how (as if you had AllFiles and/or TCB capability) and exploit it.
Access to DRM-protected content (as if you had DRM capability). This might be more dangerous as you can download e.g. DRMed music once and sell it multiple times later on.

To sum up this post, this new way of cheating Platform Security is the traditional way of cracking. I'm not surprised that it had been discovered and published, I just wonder why it has taken so long? And finally, I don't think that it would cause major problems in Symbian ecosystem.

What do you think?

Tote

Update: Corrected the name of Carbide.C++ edition to Express. Thanks Lucian!

Gabor Torok's Forum Nokia Blog

Silicon Valley doesn't respect Nokia

Another hack for Symbian Platform Security