Prr, did I hear someone start counting mobile malware samples, prr?
Try getting to know the OS itself, the main proof of concept faciliator representing today's constantly growing mobile malware family. A review of this recommended bed time reading book :
"Symbian OS is an advanced, customizable operating system, which is licensed by the world's leading mobile phone manufacturers. The latest versions incorporate an enhanced security architecture designed to protect the interests of consumers, network operators and software developers. The new security architecture of Symbian OS v9 is relevant to all security practitioners and will influence the decisions made by every developer that uses Symbian OS in the creation of devices or add-on applications. Symbian OS Platform Security covers the essential concepts and presents the security features with accompanying code examples. This introductory book highlights and explains:
* the benefits of platform security on mobile devices
* key concepts that underlie the architecture, such as the core principles of 'trust', 'capability' and data 'caging'
* how to develop on a secure platform using real-world examples
* an effective approach to writing secure applications, servers and plug-ins, using real-world examples
* how to receive the full benefit of sharing data safely between applications
* the importance of application certification and signing from the industry 'gatekeepers' of platform security
* a market-oriented discussion of possible future developments in the field of mobile device security"
Malware authors indeed have financial incentives to futher continue recompling publicly available PoC mobile malware source code, and it's the purchasing/identification features phones, opening a car with an SMS, opening a door with an SMS, purchasing over an SMS or direct barcode scanning, mobile impersonation scams, harvesting phone numbers of infected victims, as well as unknowingly interacting with premium numbers are the things about to get directly abused -- efficiently and automatically. And whereas there are more people on Earth with mobile phones compared to those with PCs, it doesn't necessarily mean everyone's having a smart phone -- perhaps Bill Gates "remarkable" cash on the poor proposition could soon undermine the $100 laptop one.
People are getting more aware on the social engineering basics of today's mobile malware, and running a mobile phone anti-virus would be nothing more than a marketer's dream come true -- end users positioning themselves as security savvy buyers. Mobile operators tend to have God's eye view on their networks, therefore epidemics are far from reality, targeted attacks (events and places where the masses gather or pass by), and directly exploiting the lack of awareness in certain regions could make an impact. South Korea's advances in mobile communications let its citizens have more phone bandwidth than an average ADSL user, but I would still have to see this getting abused at a level going beyond the sophisticated impersonation scams going on all the time.
Worth taking your time to read this book, go through Chapter 1 discussing "Why a Secure Platform?" is the basics of mobile devices security, as well.
Related posts:
Privacy issues related to mobile and wireless Internet access
Digital forensics - efficient data acquisition devices
The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking
Mobile Devices Hacking Through a Suitcase
Bed Time Reading - The Baby Business
Bed Time Reading - Rome Inc.
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Saturday, August 12, 2006
Bed Time Reading - Symbian OS Platform Security: Software Development Using the Symbian OS Security Architecture
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment