What Defines a “Botnet”?

Mon, 23 Nov 2009

There have been various reports over the weekend of a new development of the “Ikee” iPhone worm that now collects banking details. It is being reported as a “botnet“, which seems to be a popular term with journalists (possibly because it appeals to “Rise of the Machines” type scare-mongering 🙂 ).

I’ve been quite sceptical about such reports since this July when the “Sexy View” malware on the Symbian Platform was reported as the “first mobile botnet“. Now in my view that wasn’t even a proper worm (it had to be manually installed by the user on every phone it spread to) and definitely not a botnet (there was no remote control of the malware after it was installed), so is there any more truth in these latest reports?

According to F-Secure’s initial analysis, the latest iPhone malware connects to an IP address in Lithuania, and downloads something from it, but it’s not clear from that what the thing it downloads is, or what it does with it. Although they call the IP address a “command & control center”, I remain sceptical, and would like to see some more details before conceding that this actually is the “first mobile botnet”…

Opening up the Security Strategy Working Group

Fri, 06 Nov 2009

We’ve been trying to get a Security Strategy Working Group going, and thus far it hasn’t really taken off. Chatting with various people about this, we’ve decided that, following Symbian’s principles of open governance, we should be brave and open the discussions to the world at large.

Do please note that this is not a commitment to full disclosure of unfixed security vulnerabilities; the point of this working group is, among other things, to discuss what the right policy should be for dealing with vulnerabilities. I (Craig) favour responsible disclosure, but that’s up for discussion.

If you have an opinion on the work items (and you really should, they will affect device manufacturers, security researchers, network operators, package owners and committers, security tools vendors and anyone who even uses a Symbian Platform device) then please sign up for the mailing list!

Meet the Package Owners: Timo

Thu, 05 Nov 2009

Completing the set of package owners in the security technology domain is Timo J. Heikkinen, owner of the Security Services package (and also the Application Installation package in the runtimes technology domain):

Read the rest of this entry »

Meet the Package Owners: Simo

Mon, 19 Oct 2009

Next up is Simo Järvinen, owner of the DRM package:

Read the rest of this entry »

Security Strategy Working Group

Thu, 15 Oct 2009

We are forming a working group to decide what the Symbian community’s strategy should be in dealing with security issues on the Symbian Platform. This is an example of Symbian’s commitment to open governance, and membership of this working group is open to any Symbian Foundation member.

There are some interesting challenges, both in the operation of this working group and in the operation of whatever processes the working group decides should be put in place, arising from the tension between the desire for openness in our dealings with the community and the harm that could be caused by disclosing security vulnerabilities to the world before a fix or workaround is available.

Full details of the remit of the working group are on the Symbian Developer wiki. We already have several working group members signed up, and if you are a Symbian Foundation member and would like to participate, please go ahead and join in!

Meet the Package Owners: Santosh

Wed, 07 Oct 2009

I thought it would be a good idea to introduce the package owners in the security technology domain; these good people don’t work for the Symbian Foundation, but they do work very hard on the Symbian Platform code, and deserve public recognition for that :-).

We thought we’d try an interview format for these introductions, and Santosh Patil, owner of the OS Security package, bravely volunteered to be the first up.

Read the rest of this entry »

Worry Less About Malware, More About Losing Your Phone

Fri, 25 Sep 2009

There’s a very good article on the PC World Magazine site about the risks of mobile phone banking. The author, Eric Larkin, rightly suggests that the biggest risk is the physical one of losing your phone and someone finding information on it that could be used for identity fraud.

I don’t have good statistics on the number of mobile phones infected with malware yet, although I am in discussions with the GSM Association Security Group to see if we can publish some; still, I’m personally convinced it’s nowhere near “1 in 63”! Statistics on the theft of phones are easier to come by. In the UK, a 2009 report published by a government department states that 2% of mobile phone owners had their phones stolen in the 12 months covered by the survey – that’s 1 in 50. More people must surely have lost their phones by accidentally leaving them on trains, buses or in taxis, so physical loss of your phone does indeed seem to be the biggest risk.

The lesson? USE THE DEVICE LOCK ON YOUR PHONE! Yes, it’s a little bit of extra inconvenience, but it’s an important protection against identity fraud, which a lot of people are worrying about these days. There are step by step instructions for various devices here.

Can You Crack the Code?

Fri, 21 Aug 2009

Partly because it’s summer, partly because I visited Bletchley Park this week, but mostly because I’ve been intrigued by it for years, I’m posting a challenge on an enigma very close to the Symbian offices (most of us here walk past it every day!)

There’s an area of historic housing on Mitre Road and Ufford Street, between our office and Waterloo station. It was built by the Ecclesiastical and Church Estates Commissioners for England around 100 years ago, inspired by the ideas of Victorian housing reformer Octavia Hill (after whom it is now named). The thing that intrigues me is the irregular pattern on the cast iron railings at various points on the boundaries of the estate along Webber Street and Short Street:

Railings, Short Street, North

Read the rest of this entry »

Mobile Malware “Study”: Not News

Fri, 31 Jul 2009

SMobile Systems put out a press release this week, with the headline “One in 63 Smartphones Infected by Mobile Spyware and Malware”. Unfortunately this headline is grossly misleading, and it has therefore been the cause of a lot of inaccurate reports.

It’s striking that SMobile Systems have chosen not to publish any of the supporting data from this “study”. I believe this is because, when the actual data is examined, the accurate conclusion is malware or spyware found in only 31 infected smartphones, most of them obsolete, which would, of course, be of no interest to any news media.

Read the rest of this entry »

Signed Malware, Revoked

Thu, 16 Jul 2009

A number of blogs and news sites have picked up on a report from Dancho Danchev last week, identifying some malware that was submitted to, and signed by, the Symbian Signed portal.

As soon as we were notified of that (the following day) we revoked both the content certificate and the publisher certificate used to sign the malware. That means that the Symbian software installer will not now install the malware, providing that revocation checking is turned on. Unfortunately, revocation checking is often turned off by phone manufacturers, because the data traffic could cause problems for people who do not have a data plan as part of their service or who pay for data by volume.

Here’s how to turn on revocation checking, which we strongly recommend if you have a flat-rate data plan:

Read the rest of this entry »