A Spanish hacker has found a way around the S60 signed-app authentication, potentially allowing harmful apps to access bits of your phone they really ought not to.
The securioty model on recent Symbian phones uses a layered,’onion skin’ approach to signing. An app is signed and given a particular level of access to the phone- a layer on teh onion skin, if you like.
This stops any old app from doing what it likes to your phone. Older Symbian phones used a ’single layer’ system - once an app was signed, it had freereign to touch what it liked. The new system allows les trusted apps (e.g. random freeware) to be given restricted access to thehandset.
Or at least, that is how it should work. Security company F-Secure has identified a Symbian app that once installed, will bypass the security layers and gain unlimited access to the phone’s entire file system.
Granted, the user still needs to install the suspect app in the first place - although this would just be a matter of social engineering (an advanced hacking technique, also known as ‘lying’)
On the positive side, the app stops any other apps from working, so it is likely that you would soon know that something was wrong, should you become infected.
via The Register
0 Responses to “Symbian app security hacked”
Leave a Reply