Mobile Malware “Study”: Not News

SMobile Systems put out a press release this week, with the headline “One in 63 Smartphones Infected by Mobile Spyware and Malware”. Unfortunately this headline is grossly misleading, and it has therefore been the cause of a lot of inaccurate reports.

It’s striking that SMobile Systems have chosen not to publish any of the supporting data from this “study”. I believe this is because, when the actual data is examined, the accurate conclusion is malware or spyware found in only 31 infected smartphones, most of them obsolete, which would, of course, be of no interest to any news media.

(more…)

Signed Malware, Revoked

A number of blogs and news sites have picked up on a report from Dancho Danchev last week, identifying some malware that was submitted to, and signed by, the Symbian Signed portal.

As soon as we were notified of that (the following day) we revoked both the content certificate and the publisher certificate used to sign the malware. That means that the Symbian software installer will not now install the malware, providing that revocation checking is turned on. Unfortunately, revocation checking is often turned off by phone manufacturers, because the data traffic could cause problems for people who do not have a data plan as part of their service or who pay for data by volume.

Here’s how to turn on revocation checking, which we strongly recommend if you have a flat-rate data plan:

(more…)

We’re Off and Running!

Today we have reached a significant milestone for us Symbian security people, and for the Symbian Platform in general. The OS Security package source code is now available under the Eclipse Public License (EPL) and it is the very first package to be officially moved from the closed Symbian Foundation License (SFL) to be open sourced under the EPL.

I want to publicly thank everyone who pulled out the stops to make this happen, particularly Santosh Patil and William Roberts who did most of the heavy lifting, but also many others who were involved in the approval process inside and outside Symbian.

Why was this package the first to go through this process? There was a practical reason and a symbolic reason:

(more…)

Making a Difference

On Saturday I attended OpenTech 2009, hosted at the University of London Union. I hadn’t been before, but I was particularly intrigued by this year’s theme: Working on Stuff that Matters. The attendees were a motley collection of social activists, technology advocates and alternative lifestylers, but I think our common cause was the desire to make a positive difference in the world in some way. That really resonated with me, as that same desire was a crucial element in my decision to join the Symbian Foundation earlier this year.

I want to briefly (yes, I know I’m really bad at that ;-)) mention some of the ways that I’ve been thinking about in which we (the community) could take advantage of the unique and powerful opportunity that the Symbian Platform offers, to make that positive difference. You may or may not agree with my ideas, but the fundamental thing I want to do is to throw open the challenge. I’m going to focus on security as that’s where my expertise is, but if any other good ideas come up I’ll be happy to move them over to the main Symbian blog for further exposure.

(more…)