Amit Kankani's Forum Nokia Blog - Symbian Open Source... and hacking !!!

re: Of course they are fixing the security holes

2008-07-24T13:26:08Z

when Symbian announced its plat sec model, all thought it was very secure, and no one expected it to be hacked this soon ! I hope similar assumptions are not made when fixing these bugs now and also they (Symbian / Nokia) keep in mind that this time fix would not be broken when Symbian goes open source too..

however I personally like the lines: "more eyeballs looking at the code to find and fix security holes"... and hope the eyeballs looking at fixing are as imaginative and innovative as the hackers are :)

I agree both are different ! but...

2008-07-24T13:00:44Z

Platsec and App crack are 2 different things...
but a hole in platsec can make cracking applications a lot easier...

though the 2 are totally different, you can see applications which have been cracked and it all happened because of plat sec hacking. (see ngage for instance.. sorry will not give the exact link, but if you read the blog above you will get the hint where to look). I have installed ngage and some games, all cracked, but all required me to first hack my phone... i tried and it worked, however, i uninstalled it, as you never know if actually there is a malware sitting and doing something you don't want !!! specially with your personal data, like when connecting to internet, if the application sitting behind uploads your content, etc without your knowledge.

I agree we haven't seen malwares out yet, but this is the begining of this era ! and i hope there are measures to control it too !

As per open source and hacking ! i am NOW in a confused state, whether it will help hackers in anyway ! I was more positive in the begining, but neutral at the moment !

PlatSec hacking & App cracking.

2008-07-24T12:46:42Z

PlatSec hacking is more about getting control of the phone than it is about application cracking.
PlatSec hacking just gives the user the power to decide what goes in the device and control many more aspects of the device.
Application crackers has never waited for platform security to be defeated. They have been active even when platsec was still unhacked.
So lets not mix platsec hacking and application cracking.
Also the view that once Symbian goes open source there will be a slew of malware,is just a bit too bleak.
I personally think that all this "smartphone malware" is blown too much out of proportion.Till now I have not
seen a single self installing and self propagating malware on Symbian.
--Mayur.

Of course they are fixing the security holes

2008-07-24T11:13:35Z

When a security flaw is discovered companies don't generally make official announcements to draw attention to them! They fix the problem in the next release. For a desktop OS where almost everyone gets updates you might announce the availability of the fix but I suspect that Nokia/Symbian will just silently slip the fix into future firmware upgrades.

Once the platform goes open source there is the potential for hackers to go through the code and look for weaknesses to exploit but that isn't the sort of thing most hackers are interested in doing, it's too dull! At the same time there are more eyeballs looking at the code to find and fix security holes.

Mark

symbian should address this with most priority !

2008-07-24T07:25:20Z

what I am trying to say is that, with current state, the Symbian phones can be hacked.... platform security can be disabled, capabilities can be disabled... today however, once can hack his own phone, I am sure, sooner or later, one would be able to hack other's phone ..

so in these scenario, programs can do what they are not supposed to, or what they wouldn't have been allowed to do, if plat sec was in place...

what I wanted to point out in this blog is that, Symbian / Nokia have not announced any thing till date to fight against these hacking.

Futher to add to the fire, Sybian is going open source, i.e. some secrets which were still hidden would also be out ! so will it not make hacking still easier...? kernel will not be changed, but some ways of getting around can be found (some ways are already found with Source still hidded, more could be easily found with Open Source)...

in normal scenario, agreed, open source doesn't mean easily hackable, but then what can we interpret with the meaning of "Already Hacked and now also becoming Open Source"?

Note: as a developer even I am interested in Symbian going open source, but at the same time I would like Symbian to address these issues as well which is challenging their security...

2008-07-23T21:10:44Z

So you're saying that open source systems are easier to hack than closed source ones? Obscurity is not security. A system is not secure because you can't see the source code. Many argue that open source platforms are more secure than closed ones.

An open platform doesn't mean that the devices running it are open. See eg. Motorola's Linux phones. The fact that a phone is running Linux (or a future open source Symbian) doesn't mean that the device manufacturer will automatically allow users to compile and install their own kernels.