Topic Review (Newest First)
|
| 22-02-2008 02:50 PM |
| Unregistered |
I recently installed an app and when I emailed the support desk about my problems I was told that I have a mobile virus and that I should flash my firmware. Needless to say I ignored their advice...
|
| 12-02-2008 12:21 PM |
| bartmanekul |
The most telling thing? The numbers of infection.
I know of no-one thats gotten a virus. Ive never actually seen anyone claim to have a virus (and thats rare, because people often mistake things for a virus).
And thats being on a number of phone sites, not in the least this one.
And how many people go through these sites? Thousands.
|
| 12-02-2008 11:29 AM |
| amdram |
Oh dear - where to begin.
You say there are no viruses for Symbian 9. That's true if you stick to the strict definition of a virus - self replicating software. But anti-virus companies are really into anti-malware. Viruses are only a small part of the malware scene, even on PCs. And there is malware for Symbian 9. Primarily commercial spyware at the moment. There is at least one Symbian Signed app out there which allows someone, if they install it on your phone, to listen to your phone calls, read your text messages, find out where you are using cell ID or GPS and so on. Sure, they need access to your phone to install it but most people's partners have enough access to do that and people are often pretty careless with their phones, leaving them lying around on their desk while they go to meetings.
FB-4 haven't "faded away". They are now called SMobile Systems and are doing very nicely.
And I can tell you several ways to produce malware for Symbian 9. It isn't difficult. Remember, signing doesn't guarantee that it isn't malware. All it does is identify the author. So, if I were a malware author, the only problem I really need to crack is how to hide my identity and still get it signed. Tricky but nowhere near impossible.
The biggest vulnerability exploited by malware authors is the user. The main attraction of smartphones to malware authors is that users believe they are secure and are therefore very careless with them. Now that these devices are increasingly being used to hold valuable information, they are more likely to be attacked. That doesn't mean it will definitely happen but it probably will. And, if it does, for some people it will be too late to get protection.
|
| 07-02-2008 12:52 PM |
| rbrunner |
rbrunner
Sorry to disappoint you, Unregistered, but I am definitely only rbrunner 
I also think that Hih's mentioning of "unhackable" is a straw man. Maybe some people somewhere pretend such things, but that's pretty uninteresting, because here in this thread people discuss virus matters who understand that *no* system is "unhackable".
The hack that Hih mentions more or less means that a dedicated and somewhat experienced Symbian phone user is - at the moment at least - able to hack *his own* phone. Well, what surprise. And with almost zero relevance regarding the question of virus dangers - the topic of this thread.
|
| 07-02-2008 08:08 AM |
| Unregistered |
"I just want to point out some issues about "So Called S60 9.x, non hackable OS"
I've never heard a claim that S60 9.x is unhackable. I've never heard a claim that any OS is unhackable because there simply is no such OS anywhere.
This is a strange thing to have an online conversation about with yourself under different names Hih/rbrunner.
|
| 06-02-2008 05:57 PM |
| Hih |
Thats correct rbrunner. I just want to point out some issues about "So Called S60 9.x, non hackable OS"
It can be done, but this issue is trivial indeed.
|
| 06-02-2008 04:49 PM |
| rbrunner |
Different kind of hack
I saw the hack that Hih refers to: That was a hack, alright, but not one that is relevant for the question of the discussion here, a discussion about the danger of virii for Symbian.
I mean, if you yourself take the firmware of your phone, zapp out essential protection features, re-flash your phone with the weakened modified firmware and then exclaim "See, my phone is not secure" or "See how easy it is to hack my phone", how relevant is that?
|
| 06-02-2008 03:33 PM |
| Hih |
Nah, they came from Tellus. Never trust a smiling S60 9.x developer. :
|
| 06-02-2008 02:03 PM |
| Unregistered |
"They" being the aliens from Andromeda that came and abducted you the other day!? ;-)
|
| 06-02-2008 01:48 PM |
| Hih |
They hacked Symbian 9.x firmware for Nokia phones (all protections bypassed). 
|
| 06-02-2008 08:38 AM |
| Unregistered |
Symbian is at least as safe as any other OS which claims to be safe.
|
| 06-02-2008 07:37 AM |
| rbrunner |
Incentives
For me, the story has two sides with about equal importance: One the one side, the considerable robustness and in-built security mechanisms of Symbian that make virus outbreaks unlikely. (I am a Symbian programmer myself, even a Swiss one, but I see much more holes in my cheese than in Symbian, thank you very much. Bugs, yes, holes, no.)
On the other side I think about incentives and motives. Compare the Symbian situation with the iPhone: Whole hordes of very skilled hackers descended on that device and cracked it, and cracked it again after each firmware update, at least until now. Why? Because of very strong incentives. If you crack the barriers of the iPhone and let people use the phone on other networks and let people install their own software, you are an instant hacker hero.
Compare this with Symbian: Why on earth should a hacker waste his or her time with a Symbian device? What's in it for the hacker? If I were a hacker, I could hardly be bothered.
I am quite sure that if the same hordes of iPhone hackers would descend on Symbian, with the same elan and endurance, it would take a little longer than with the iPhone, but finally Symbian would crack. But this won't happen.
There are other factors at play. If you as a hacker can plant a trojan at a PC, it is very easy and not dangerous for you at all to start making money from that PC, by renting it out as part of a botnet to spammers.
If you can take over a phone, of course you can also start to make money, but that will hardly be possible in an anonymous way and thus much more dangerous for you.
Again, why I as a hacker should target those well-protected and dangerous Symbian phones when PCs without patches are waiting for me literally in the millions?
|
| 06-02-2008 05:25 AM |
| Roller |
If I were a virus writer
I wouldn't go writing a self replicating app. I'd look for security exploits, eg, buffer overflows in image processing, so opening an mms from someone might run the code using the image viewer process or whatnot. The 'install' type virus isn't really going to work on symbian, but to suggest it is somehow immune is a bit of a stretch. Agreed, much lower risk. But there are some smart smart cookies out there, and the smartphone explosion is making it a bigger target. Having said that, any hacker who was using an unknown exploit would probably already have a way around the poor existing virus scanners, so while I think it's entirely possible that smartphones can catch a cold, even inevitable, I also think virus products for symbian are just a waste of cpu cycles.
|
| 05-02-2008 10:11 PM |
| tonyn |
>I wish Symbian would speak up more on this.
Quote:
Originally Posted by slitchfield
I wish Symbian would speak up more on this.
|
Any official statement along those lines would be tempting fate.
Platform Security makes it harder for viruses and worms to run on the platform, because it puts barriers in the way of propagation, but it does not make Symbian OS or the platforms built upon it "impregnable". If you want an OS that is sold heavily on its intrinsic security try OpenBSD: http://www.openbsd.org/
Quote:
|
They go to extreme lengths to break application compatibility in the cause of a new OS that's impregnable and then sit back and watch licensees actively promote unnecessary utility software that claims to defend against a threat that doesn't exist and merely damages performance..
|
Really two big changes coincided; Platform Security introduced Capabilities, Data Caging, etc... and the tools for ARM /Thumb target builds moved to using techniques devised and published by ARM for C++ code on ARM cpus. Other changes rode on the back of these, including cleaning up some APIs, SIS file format, etc...
I have several Symbian devices from different licensees, none of them have anti-virus products installed.
Other people sleep easier at night with an anti-virus product installed, possibly many of these are managers in corporate IT departments. Though having recently cleaned up a friend's PC that was infested with viruses & spyware I can understand how these people may fear that viruses could at some point attack their high powered phones.
ttfn,
Tony
|
| 05-02-2008 09:57 PM |
| Unregistered |
-
|
Posting Rules
|
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
All times are GMT. The time now is 09:01 PM.
|
|
