Handset manufacturers to open Symbian security holes

The latest version of Symbian's operating system (OS) will do a better job of fighting mobile phone malware such as Cabir, but handset manufacturers are likely to introduce security holes, a security expert claims.Symbian is one of the most popular and fastest growing operating systems to be used in the next generation of 'smart' mobile phones.

The latest version of Symbian's operating system (OS) will do a better job of fighting mobile phone malware such as Cabir, but handset manufacturers are likely to introduce security holes, a security expert claims.

Symbian is one of the most popular and fastest growing operating systems to be used in the next generation of 'smart' mobile phones. Its popularity seems to have attracted the attention of malware writers because around 95 percent of mobile phone-based viruses and Trojans are written specially for the Symbian platform.

Mikko Hyppönen, director of antivirus research at European antivirus firm F-Secure, warns that, like early Bluetooth handsets, early manufacturers' implementations of the new mobile system are likely to contain flaws introduced by the handset manufacturers.

"Whatever the specifications say, it is up to the vendors to implement them. There will be different implementations and some [handset manufacturers] will get it wrong," said Hyppönen.

Handset manufacturers, including Nokia and Sony Ericsson, released flawed implementations of Bluetooth, the short range wireless standard that has become common in mobile devices. Although the Bluetooth standard is secure, mistakes made by the manufacturers opened up many handsets to Bluesnarfing, which is a method hackers could use to steal personal information - including phone numbers, calendar entries, documents and notes -- from Bluetooth-enabled handsets.

Hyppönen told ZDNet Australia  that although the Symbian mobile phone OS is being targeted by various forms of malware, it is still relatively secure -- and the new version is even stronger.

"So far we have seen 52 pieces of mobile phone malware. Out of those, 50 are targeting Symbian. Even now the current version of Symbian is obviously much better than Windows, which never warns you about anything at all. At least Symbian warns you that you are about to run an unsigned application that may be risky," said Hyppönen.

In February Symbian launched version 9 of its OS, which has been designed to improve on security by only allowing signed applications from known sources to execute potentially risky operations.

Although the new OS is not yet being shipped in any handsets, Hyppönen said the company is heading in the right direction and is doing its best to ensure mobile phones do not become infested with viruses and Trojans in the same way as PCs.

"It shows Symbian is aware of the problem and it is trying very hard to fight it. I think it is doing the right thing," said Hyppönen.