Submit Search
Upload
Smartphone Platform Security - What can we learn from Symbian?
•
1 like
•
643 views
C
Craig Heath
Follow
Presented at Cambridge Wireless, 15th January 2015.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 12
Download now
Download to read offline
Recommended
Symbian os
Symbian os
Prof.Dr.Hanumanthappa J
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian Daniel Rocha Mobile Expert
Symbian Daniel Rocha Mobile Expert
Mobile Expert
FIDOAlliance
FIDOAlliance
Sanjeev Verma, PhD
Hypori Performance Webinar
Hypori Performance Webinar
Grafic.guru
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Stephen Randall
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Jimmy Shah
Psion vs win ce
Psion vs win ce
Surapol Imi
Recommended
Symbian os
Symbian os
Prof.Dr.Hanumanthappa J
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian Daniel Rocha Mobile Expert
Symbian Daniel Rocha Mobile Expert
Mobile Expert
FIDOAlliance
FIDOAlliance
Sanjeev Verma, PhD
Hypori Performance Webinar
Hypori Performance Webinar
Grafic.guru
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Stephen Randall
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Jimmy Shah
Psion vs win ce
Psion vs win ce
Surapol Imi
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian os
Symbian os
Parimal Patel
Multi channel advantage
Multi channel advantage
Dipesh Mukerji
Overview of Mobile Dev Platforms
Overview of Mobile Dev Platforms
Mike Wolfson
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Katrien De Graeve
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Manoj Awasthi
Seminar report on Symbian OS
Seminar report on Symbian OS
Darsh Kotecha
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
Semaphore
Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
April 2019 Patch Tuesday
April 2019 Patch Tuesday
Ivanti
Symbian OS
Symbian OS
Arun S Kurup
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
Seungjoo Kim
Current trends in open source and automotive
Current trends in open source and automotive
Ryo Jin
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
Android before getting started
Android before getting started
Ahsanul Karim
Android App Security Solution
Android App Security Solution
Jay Li
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
What is ThousandEyes Webinar
What is ThousandEyes Webinar
ThousandEyes
WebRTC Market Status & Voice/Video Overview
WebRTC Market Status & Voice/Video Overview
Dean Bubley
DC4420 Bluetooth Security
DC4420 Bluetooth Security
Craig Heath
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
Craig Heath
More Related Content
Similar to Smartphone Platform Security - What can we learn from Symbian?
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian os
Symbian os
Parimal Patel
Multi channel advantage
Multi channel advantage
Dipesh Mukerji
Overview of Mobile Dev Platforms
Overview of Mobile Dev Platforms
Mike Wolfson
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Katrien De Graeve
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Manoj Awasthi
Seminar report on Symbian OS
Seminar report on Symbian OS
Darsh Kotecha
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
Semaphore
Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
April 2019 Patch Tuesday
April 2019 Patch Tuesday
Ivanti
Symbian OS
Symbian OS
Arun S Kurup
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
Seungjoo Kim
Current trends in open source and automotive
Current trends in open source and automotive
Ryo Jin
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
Android before getting started
Android before getting started
Ahsanul Karim
Android App Security Solution
Android App Security Solution
Jay Li
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
What is ThousandEyes Webinar
What is ThousandEyes Webinar
ThousandEyes
WebRTC Market Status & Voice/Video Overview
WebRTC Market Status & Voice/Video Overview
Dean Bubley
Similar to Smartphone Platform Security - What can we learn from Symbian?
(20)
Symbian
Symbian
Symbian os
Symbian os
Multi channel advantage
Multi channel advantage
Overview of Mobile Dev Platforms
Overview of Mobile Dev Platforms
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Seminar report on Symbian OS
Seminar report on Symbian OS
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
April 2019 Patch Tuesday
April 2019 Patch Tuesday
Symbian OS
Symbian OS
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
Current trends in open source and automotive
Current trends in open source and automotive
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
Android before getting started
Android before getting started
Android App Security Solution
Android App Security Solution
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
What is ThousandEyes Webinar
What is ThousandEyes Webinar
WebRTC Market Status & Voice/Video Overview
WebRTC Market Status & Voice/Video Overview
More from Craig Heath
DC4420 Bluetooth Security
DC4420 Bluetooth Security
Craig Heath
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
Craig Heath
The Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
Craig Heath
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Craig Heath
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Craig Heath
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
Craig Heath
Mobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
Craig Heath
People Power in Your Pocket
People Power in Your Pocket
Craig Heath
More from Craig Heath
(8)
DC4420 Bluetooth Security
DC4420 Bluetooth Security
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
The Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
Mobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
People Power in Your Pocket
People Power in Your Pocket
Recently uploaded
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
HarshalMandlekar2
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
AliaaTarek5
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
mohitsingh558521
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
blackmambaettijean
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nicole Novielli
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Recently uploaded
(20)
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Smartphone Platform Security - What can we learn from Symbian?
1.
Franklin Heath Ltd Smartphone
Platform Security What can we learn from Symbian? Craig Heath Independent Security Consultant 15 Jan 2015
2.
© Franklin Heath
Ltd c b CC BY 3.0 Discussion Points Was Symbian OS platform security a success? Did developer difficulties with platform security contribute to Symbian’s downfall? Could those difficulties have been prevented? Did Symbian’s platform security have anything better than today’s successful platforms? 15 Jan 2015 2
3.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian OS Versions 15 Jan 2015 3 Without Platform Security Year Ver. UI Layer Typical Phone 2001 6.0 Series 80 Nokia 9210 2002 6.1 S60 1st Edition+FP1 Nokia 7650 MOAP(S) Fujitsu F2051 7.0 UIQ 2.0 (& 2.1) Sony Ericsson P800 2003 7.0S S60 2nd Edition+FP1 Nokia 6600 2004 8.0a S60 2nd Edition FP2 Nokia 6630 2005 8.1a S60 2nd Edition FP3 Nokia N90 2007 8.1b MOAP(S) Fujitsu F905i With Platform Security Year Ver. UI Layer Typical Phone 2006 9.1 S60 3rd Edition Nokia 3250 UIQ 3.0 Sony Ericsson P990 2007 9.2 S60 3rd Edition FP1 Nokia N95 UIQ 3.1 & 3.2 Motorola Z8 2008 9.3 S60 3rd Edition FP2 Samsung i8510 9.4 S60 5th Edition Nokia 5800 2009 Nokia N97 2010 ^2 MOAP(S) Fujitsu F-07B ^3 S60 Nokia N8 2011 Anna S60 Nokia E6
4.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Platform Security Architecture 15 Jan 2015 4 Run-time controls on system and applications Based on long-established security principles e.g. “Trusted Computing Base”, “Least Privilege” Designed for mobile device use cases low-level, highly efficient implementation “Capabilities” determine process privileges checked by APIs which offer security-relevant services “Data Caging” protects stored data protected directories for system and for applications Secure identifiers (“SIDs”) for applications verified at install-time
5.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian OS New Malware Strains and Variants Per Month 15 Jan 2015 5 0 2 4 6 8 10 12 14 16 18 New Variant First phones introduced with platform security
6.
© Franklin Heath
Ltd c b CC BY 3.0 Developer Difficulties 15 Jan 2015 6 Compatibility break Used as an excuse for fixing accumulated technical debt Additional complexity SIDs, data caging, etc. “How do I know what capabilities I need?” Difficulty of debugging “Why can’t you just turn the security off?” Cost of approval and signing ...even though it was steadily reduced over time Delays caused by approval and signing process Rejections were common
7.
© Franklin Heath
Ltd c b CC BY 3.0 Aside: Symbian OS C++ Same language and environment for apps as the OS (and/or UI) In principle allows third party developers to produce powerful apps ... but harder to work with in-progress documentation and finicky tools Non-standard C++ “idioms” Descriptors, active objects, cleanup stack ANSI exception handling came too late Technically good (vastly more power efficient) ... but steep learning curve Alternatives were either too little (CDC Java, MIDP Java) ... or too late (PIPS, Qt) 15 Jan 2015 7
8.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Signed Capability Groups 15 Jan 2015 8 User Extended (System) Extended (Restricted) Manufacturer LocalServices Location NetworkServices ReadUserData UserEnvironment WriteUserData PowerMgmt ProtServ ReadDeviceData SurroundingsDD SwEvent TrustedUI WriteDeviceData CommDD DiskAdmin NetworkControl MultimediaDD AllFiles DRM TCB
9.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Signed Capability Groups 15 Jan 2015 9 Group Additional Capabilities Permitted Unverified Verified with Publisher ID Unsigned or Self-signed Developer Certificate per IMEI(s) Developer Certificate per IMEI(s) Express Signed Certified Signed User 6 install-time user prompt Yes Yes Yes Yes Extended (System) 7 Extended (Restricted) 4 Manufacturer 3 OEM approval OEM approval
10.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Signed Costs 15 Jan 2015 10 2004, initially a branding / co-marketing programme All outsourced costs passed to publisher (could be over $1000 per app) Most developers were their own publisher 2006, required for “non-user-grantable” platform security capabilities Standardised testing, lowest price €195 Still required $395 publisher ID annually 2007, reduced costs but increased complexity Publisher IDs reduced to $200 “Express Signed” $20 subset of “extended” capabilities, self-testing with random auditing afterwards 2010, streamlined test criteria Express Signed €10, Certified Signed €150 2010, Nokia pays for and performs signing for Ovi Store submissions
11.
© Franklin Heath
Ltd c b CC BY 3.0 What Could We Have Done Differently? Needed more clout and/or money Google were able to ignore operator demands Apple were able to phase out DRM Apple were able to subsidise approval process CA-issued publisher IDs were probably a mistake Self-signed works for Google Android Didn’t help us track down malicious actors Robustness was pretty good User experience was pretty good 15 Jan 2015 11
12.
© Franklin Heath
Ltd c b CC BY 3.0 Discussion Points Was Symbian OS platform security a success? Did developer difficulties with platform security contribute to Symbian’s downfall? Could those difficulties have been prevented? Did Symbian’s platform security have anything better than today’s successful platforms? 15 Jan 2015 12
Download now