back to article How to stay out of big trouble from little devices

Here's the tricky thing about mobile security: the perfect storm of smartphone threats is always just over the horizon. Every couple of years, the vendors are up in arms about it and predict handheld apocalypse. At the same time, we are seeing an unprecedented level of activity in the mobile space. Morgan Stanley analyst Mary …

COMMENTS

This topic is closed for new posts.
r76
Joke

"MobileMe also offers remote data wiping"

That sounds useful, where can I get this MobileMe service?

0
1
Silver badge
Linux

Actually

the best way is to release the source code for Android to the world so we can check for flaws and security concerns. That's the way Open Source has worked for years and worked rather well.

Not a silver bullet, but a damned good start.

1
1
Windows

Bugs?

Don't need no stinking bugs to steal somebody's data, good old human stupidity is a million times easier (and works on all platforms!).

6
0

Another view

... It also gives malware writers more information about the workings and vulnerabilities of it. Especially bad considering the fact that mobile phone operators are very slow at pushing out updates and fixes.

0
1
Tim
Thumb Down

I got as far as Mary Meeker

...and gave up. The Reg is listening to her now?

0
0
WTF?

huh?

iOS and Android are the only Smartphone operating systems now? I must have missed the memo stating that Blackberry (arguably the most secure smartphone and tablet OS) wasnt available any more!

1
1

@r76

http://lmgtfy.com/?q=mobile+me

Although you really want android lost, which is free

1
2
r76
FAIL

lmgtfy - why?

Exactly, www.me.com/signup_EOL/en/ "Apple is no longer offering new MobileMe trials or subscriptions."

No need to look it up anyway - Apple already sent me an email "Your MobileMe subscription will be automatically extended through June 30, 2012, at no additional charge. After that date, MobileMe will no longer be available."

Cheers chaps, guess we're not paying you enough to keep that one running...

0
0
Childcatcher

May I add...

Don't do mobile phone banking?

Specifically, I'm quite pleased with my bank checking by mobile phone that it is me that's set up a new payee. Of course if I did mobile phone banking, I've potentially if not actually closed the air gap.

1
0
WTF?

Oh, what a surprise..

Its smack symbian time again at el fail.

"symbian was hit hardest...". Note if you will the capitalisation of Android and idiotOnSlab, a concept that el fail cannot manage with Symbian. Note also that this statement is backed up with precisely sweet F A. My GCSE english teacher would have crucified me for that sort of shoddy work.

Android is about as secure as a nomads yurt. There are borderline apps everywhere you look and plenty of outright hostile ones as well. Oooh look my tetris-clone *really* needs GPS services, so be a good pleb and hit allow. I promise it wont track you, or snarf your payment details or install a keylogger...

I'd love to see who pays your wages, because its all getting a bit shill-tastic for my taste.

I will repeat slowly and in simple words so you understand. Symbian has a built in thing that stops naughty people doing things to your phone that are bad. It stops nasty app writing people using their nasty apps to trick you into letting the nasty apps do bad things. It also has another thing that makes sure that if an app only is allowed to use certain parts of your phone that is all it can use - your smartphone tells it off if it doesnt play by the rules. That means that all the things you put on your Symbian phone are very much safer than the things silly people put on Android or Apple phones. The End.

Simple enough for you? I havent channelled my inner 7 year old for years, but I needed to get to the level of journalism on here.

Yes there have been trojans and nasties developed for symbian, all of which rely on the user being an idiot. NONE of them have *ever* managed to crack inherant security - nor are they out in the wild...

Android on the other hand, cant even manage to run a clean install for 3 hours without crashing, let alone deal with app security. Apples method is even simpler - feed given app to one of the many Mahatma Jobs clones they have floating around and if he likes it, its in (security, um how does that work?).

Seriously, I despair of finding anything intelligent on this site now, between army arse-up scapegoats, smartphone fanboi fellatio, and american todger trepanning theres less actual articles of interest by the week. Its almost like an online NoTW, hold the boobs (in el regs case, bulgarian airbags should be heard, not seen).

6
6
FAIL

Oh dear.

Security firm McAfee says there has been a 46 per cent surge in malware targeting mobile devices over the past year. The Symbian operating system has been compromised more than the Android and Apple’s iOS.

I believe you might want to re-read the article, and redirect your ire to McAfee. There's probably an app for that...

2
1
FAIL

Uh-Oh

"Note if you will the capitalisation of Android and idiotOnSlab, a concept that el fail cannot manage with Symbian...

... Yes there have been trojans and nasties developed for symbian...."

Shouldn't that be Symbian, old bean?

2
0
FAIL

@Jemma: Operating systems are not religions.

Please, for the love of Codd, stop treating them as such.

"Yes there have been trojans and nasties developed for symbian, all of which rely on the user being an idiot."

Last time I checked, idiocy and ignorance were the only successful cross-platform operating systems available to humanity, and the evidence suggests they've proven incredibly popular [Source: Google. You won't have to try very hard, believe me.]

Humans form the bulk of computer users. [Source: Google.] Symbian can't do a damned thing to fight this either. [Source: Google.] And neither can Fandroid or PiOS. (There: is that enough childish misspelling for you?) There's no such thing as a "best" operating system. There's only a "least worst". After 30 years of working in IT, I've yet to see an OS I'd consider genuinely "good". At best, most are "not entirely shite", but a few manage to rise up to the level of "polished turd". Apple have managed to produce a "gold-encrusted polished turd", which is at least one step up from Android, which is "a copy of a silvered, polished turd, made by someone with very poor eyesight."

If you'd actually bothered to read the original article, it's crystal clear that it's the ignorance of the users that forms by far the greatest security threats. To the extent that the company at the heart of the article is literally telling people to just switch their mobiles' radios off when not in active use! (Which, if nothing else, also proves my earlier point about idiots and ignorance.) Hacking people is a piece of cake compared to hacking an iPhone, a Galaxy S, or an N8, and tends to yield far better returns in investment. [Source: Google.]

As you can see, I've also cited my sources, for what it's worth. (Not many outside academia and very specific careers bother to subscribe to major peer-reviewed publications, so citing "Nature" or "Science" in a news article in a red-top website that has a f*cking VULTURE in its logo really isn't going to happen. And I doubt I need to tell someone as clearly intelligent as you are what search terms you should use.)

I went through a lot of Nokia kit over the years and have personal experience working with the Byzantine labyrinth that is its excuse for an API. Never, ever, again.

I tend towards Apple's kit for a bloody good reason, which has nothing to do with fashion [Source: my bedroom mirror], and everything to do with not wanting to waste one more second of my life fighting the tools that are *supposed* to be *saving me time*.

3
1
Facepalm

thank you...

For making my point for me...

I loathe religion, all religion, with malice aforethought. I find it practically impossible to believe in people, nevermind some massive invisible beard in the sky. However, I do believe in facts (and yes, I am fully aware of the dichotomy of that statement) and in point of fact, Symbian, BB, WebOS (as was) have functioning and capable built in security.

idiotOnSlab relies solely on the ducks-ass paradigm & Android has more holes in its security 'model' than Job's liver. I have used all of these OS bar iOS and my conclusions are as follows.

BB - adequate, competent, a little behind the times and reminiscent of old Nokia S40 in some respects. Bullet proof security & reliability. Good keyboards. Crappy data plans and configurations. Works well on reasonable hardware.

Android - infinitely configurable, but consequently infinitely flakey. I've no idea what connectivity stacks theyre using but they are irredeemable in their awfulness. Moderate reliability, zero security. Battery life in hours with some handsets. High speed bleeding edge processors for good performance. Generally weak function sets.

WebOS - looks good, as up to date and simple as iOS. Good battery life. Good reliability. Doesnt need the output of a Victory-class ionisation reactor to be useful. Fair security, good connectivity, fair functionality.

Symbian 3rd. 3-4 day battery life. Class leading functionality. Infinitely configurable but with excellent security. Runs on lower mhz processor & chipset configurations. Good memory handling. There is a reason why the N93i is still making £175 on ebay. Unbeatable connectivity and durability.

Symbian 5th/^3 - see above. I will concede happily that in comparison to iOS that the UX on these devices is not 'up to par' (aka simplified to the point a 2 year old can order a new car on dads credit card). Functionally, and this is the point of a smartphone, still way ahead of the rest, bar maybe the Galaxy SII. *Still* two day battery life. Still runs perfectly happily on cheaper, energy sipping hardware. Still can do more using that hardware, than 1.2ghz chips can running Android etc, simply because its fundamental principles were and still remain efficiency and functionality.

I dont consider ^3 to be perfect. I dont consider my E7 to be perfect. In some respects its gone backwards in relation to even my old 2006 E70. But it gets and keeps a signal, it lasts for a full days usage without fail. Its never crashed on me, never dropped a call, never died from lack of battery, never spontaneously switched itself off and doesnt force me to bend over and take it up the ass from either Google or Apple.

My ideas, writings, pictures are MY OWN. I do not wish google to know where my brother lives or what his daughters are called. I may loathe him, but those are his decisions to make, not mine, and certainly not up to some pompous little American prick who has delusions of grandeur/aspergers/thinks hes God (Brin/Zuckerberg/Jobs). And before ppl wail, I have a mild form of Aspergers, thankfully it didnt inspire me to barf peoples details all over the place and result in my being guilty of enabling several murderers.

I am however drifting from my point. Fair enough Symbian isnt easy to develop for, but is it just me or have there been people perfectly happy to churn out freeware for it for years.. Oh look, im right. They've not bitched and whined about it. I suspect that the old reason is behind this. Greed. I can get more money developing for *insert flavour of month here* and the programming tools are so simple because they've been designed for tweenie script kiddies, so I can be lazy & rake it in too. Who knew *bounce*. Everyone else is doing it.. Why not me too?

You probably are even a nice little chap who puts money into RSPCA or PETA or one of the myriad Godbotherers for Africa charities, but ignore the problems in your local community. Ironic isnt it since its British and assorted Godbotherers that got most of Africa into its current state.

Frankly I dont give a Bonobos left bollock about all the fanboi stuff. My opinions are from my own experience. It may not be typical - I may not be typical, in the fact that I like to learn as much as I can about whatever catches my fancy. But I do get very sick and tired of inane statements and biased crap being taken as gospel, another irony since most of both come from the US currently. If you work as a journo, you have a fundamental requirement to be truthful, if you arent, then whatever you report on is effectively worthless words on a page.

Yes, its probably not world endingly important that the smartphone wars be truthful, in the same way that the history of the holocaust should be, but then that wasnt accurate either and given the effect smartphones are having on modern society, mostly to its detriment it appears...

I take it you know why Churchill & Roosevelt closed the borders to Jews in '41? No? I quote from a signed cabinet minute by Churchill "we dont want them all over here!". Funny how *that* aint in the school books... The result, the horrifying extension of policy that Himmler & Heydrich dreamed up, is, in all its mindbending detail.

To summerize. I dont give a damn what OS you use or program for. I dont really care if you are Apple fanboi/fangrrl no.1. Ive said my piece, from my experiences. What does annoy and worry is poor research, bias, and downright garbage that seems to be all there is to guide consumers. It worries me because I can see this greed driven laziness and easy optioning in many walks of life, some of which are a damn sight more important than which smartphone you choose to snuggle.

0
2

Symbian most compromised

"Security firm McAfee says there has been a 46 per cent surge in malware targeting mobile devices over the past year. The Symbian operating system has been compromised more than the Android and Apple’s iOS"

Could you explain the logic behind McAfees conclusion that the Symbian OS was most compromised, by end users navigating to an app store and downloading and install some malicious third party software.

0
0
Anonymous Coward

Sorry Freetards, article spin fail

iOS remains untouched by malware while Android surges ahead with 76% more malware threats than in the first quarter this year. Way to spin a story and drag Symbian around to distract from the Android malware explosion.

0
2
Facepalm

You either don't know english or are an overt Troll

"Untouched"

- I guess in the sense that Kim Kardashian or Paris Hilton is untouched maybe...

Search for "IOS vulnerabilities" (comes up with 2 million + replies on Google)

Just clicking on the first few top links gave these tidbits...

"Friday, Apple released an update to its mobile operating system (iOS 4.3.4) which patches a couple of vulnerabilities that left a door open for malware infections on the iPad, 3rd and 4th generation iPod touch, iPhone 4, and iPhone 3GS."

"The exploitation of these two vulnerabilities could give an attacker the ability to shut down or even control an iOS device"

"However hackers have exploited vulnerabilities in the iOS operating system that allow the phones to be "jailbroken."

try this link: (or just read the name of the link)

http://www.theinquirer.net/inquirer/news/2094050/dangerous-ios-vulnerability-remains-unpatched

"It's worth pointing out that the comex jailbreak bypasses the Address Space Layout Randomization (ASLR) technology that is supposed to make exploits harder. ASLR was first introduced by Apple in IOS 4.3, but aside from setting a few small roadblocks, it doesn't seem to have had any real impact on people's ability to jailbreak their devices."

0
0
FAIL

It's always been the case.

"the NIST guidelines effectively advise minimising the functionality of the device ... they fly directly in the face of what mobile vendors and users really want. As we navigate the security landscape, that might be the ultimate challenge."

That's +always+ been the challenge. The only real question has ever been what balance between convenience and security you choose.

0
0
This topic is closed for new posts.

Forums