Friday, March 28, 2008

Security is all the rage these days...

...and people just love to talk about it, although they don't have a single clue.

I recommend you read this article (and the comments) over at All About Symbian. The article is written by a guy who has no knowledge about computer security, but has made it his life's mission to claim that Symbian OS is secure, as in completely unbreakable. Not that he actually has any knowledge to back it up. He just assumes that as there's a security system and there hasn't been any dangerous malware in the wild yet, it's secure (whatever that would mean, in an absolute sense, in a system that just oozes with connectivity and consists of millions of lines of code). Because Symbian told him so, and they should know, I guess.

Now, the case is complicated a bit by the fact that it has recently been proven that S60 phones can be hacked. It's not a case of dangerous malware. It's another aspect of Symbian that has been hacked. But apparently, if you have to be an "uber-geek" (have a look in the mirror sometime!) to hack your own phone, it's not a real breach of security. And well, it seems that if a vulnerability in a security system is discovered by an amateur, it's not a real problem.

This guy's been doing this for a long time, because he's a fan, just like the Michael Jackson fans who know that Michael Jackson would never do anything improper with a child, because he writes such wonderful songs (oh, and he's a married man). Now and then I've been thinking of putting on my black hat and come up with something nasty, just to shut him up. But you know, he's just some uber-geek in Britain, so why would I care?

The sad truth is probably that the only reason why no real hacker has bothered to hack Symbian yet, is that it's such an incredibly unsexy platform to work with. That's its most important security feature. The iPhone's webkit based browser was easily hacked, so no one should be surprised if that could be used as an entrance to S60 phones as well. And while the browser doesn't have a full set of capabilities, everyone in the know should know where to start looking for local exploits to escalate their privileges. I'm not telling anyone to do this, but it would be a bit fun if someone did it, just to see what mr. Litchfield would have to say about it. I guess in his view, it wouldn't be a real problem if it didn't empty his bank account, and if it did, I guess it would be the bank's fault, rather than Symbian's.

And the stuff that some people write in the comments... Isn't it damn easy to have strong opinions about things that you're clueless about?

Rant mode turned off for now.

No comments: