When hacking is purely done in private, is it still hacking?

Published by at

Steve Litchfield dismisses the latest Symbian hacking scare story....

Oh, the blogosphere does like a good scare story, and combining the previously impregnable Symbian OS 9 and S60 3rd Edition in the same sentence as the word 'hacked' is bound to raise a few eyebrows and generate some page hits. After all, 'Windows Mobile hacked' doesn't really have the same ring of surprise.

'Hacked' - visions of web sites falling over, visions of altered versions of legitimate applications, flooding the world with malevolent code and so on...

But it's important to put the efforts of the uber-hackers over at Symbian Freak* into perspective. And when I say uber-hackers, I mean UBER. We're talking wires everywhere, multiple software development kits, lengthy lists of hack instructions, illicit tools, the works. And the procedure that they came up to implement the hack with isn't much simpler, with steps that should rightly make any sane person run a mile. Of course, it's possible that easier-to-use utilities may appear in the future, to achieve the same effect with less effort, but it's absolutely vital to point out that these 'hacks' are expressly only for single, connected devices. And currently they only work until the phone is turned off, after which the hack procedure has to be done again.

* Using the official Software Development kit and its associated debugging tools, together with some detective work and [doutbless] a little guessing, some users have worked out a way to patch the internal disk of a device in order to allow temporary but unrestricted access to the normally hidden and locked away \sys folder, the place where the operating system and its control files live.

In other words, the hacks in question are very much a private thing. One uber-geek rising to the challenge of bypassing the security in Symbian OS on his or her own device, presumably with a view to carrying out further hacks, altering the OS even further and generally having 'fun'.

So visions of these hacks leading to malware for general release that can bypass the standard protection for the average user are grossly misplaced. In terms of exposure to the Internet, to the world of S60 software, to incoming emails and Bluetooth messages, the fiddling around of some geeks in the privacy of their own bedrooms using their own personal smartphones for experimentation are of no relevance whatsoever - your smartphone is still 100% secure. And you still don't need to panic into buying firewalls, anti-virus, etc - they're simply not needed.... [steady on Steve, you've done this rant already! - Rafe]

Of course, a hacked S60 smartphone could, in theory, host a malevolent application which might, shock horror, send out something nasty to another phone user (who would still be protected in the usual way, don't worry) - but even this scenario is very, very unlikely. Any user technical enough to both want to and know how to hack their device to this extent is going to know exactly what's installed on his or her smartphone and won't let a would-be piece of malware within a mile of its operating system.

So claims on Symbian-Freak that 'S60 3rd Edition security is broken' are melodramatic, to say the least. And talk on Engadget Mobile about this being 'jailbreaking' S60 is also twisting the truth - after all, nearly every S60 application could already run on the platform - we're talking here about a tiny subset of power utilities that do things to the S60 interface now working, after a lot of effort, on a single device for a while.

So - S60 hacking - it may be a hobby, it certainly isn't a profession.

And for you, the end user, my advice would be to leave well alone - it's simply not worth it. Against the 'benefit' of seeing what's inside your smartphone's OS folders, the adrenaline rush of grabbing scripts from the underworld, and -possibly- slightly easier installation of some accelerometer utilities a few weeks ahead of official availability, there's a real risk that you'll wreck your current S60 install completely and will have to hard reset your phone. Meaning an hour of app installations and data resyncing at best - and data loss and a voided warranty at worst. I know which way I'd jump....

Steve Litchfield, All About Symbian, 27 March 2008