Mobile malware threat heightened by Symbian hack

A hacker has created a way of bypassing security measures in the Symbian operating system that block malware.

A hacker has created a way of bypassing security measures in the Symbian operating system that block malware.

A "jailbreak", similar to those developed to crack the iPhone, has been developed for Symbian S60 3rd edition. Security company F-Secure fears it could be used to target phones which run Symbian's latest operating system, such as the Nokia N95, with malware.

"It allows an application to do things to the device it shouldn't be able to do, such as use the network connection without a user prompt," F-Secure senior security specialist Patrik Runald told ZDNet.com.au.

Symbian S60 3rd edition is considered to offer better security than computer operating systems such as Windows because applications need a certificate from Symbian itself before they can be run. While the block on unsigned applications comes as Symbian's default setting, users can circumvent it manually, allowing the applications to run.

"This jailbreak hack allows an application to run without making this change in the settings and therefore could potentially allow a trojan/malware to bypass the security settings on a S60 3rd Edition phone despite it being set to only allow signed applications," said Runald.

"If you run it, any application that's currently running will get access to everything on the device, including things they shouldn't be able to do," he added, such as contact lists and personal files.

The hack is delivered as a Symbian (SISX) installation file and must be run before the device becomes vulnerable. However according to Runald, some form of social engineering technique would be required for it to work.

Nevertheless, phone users are still far safer than PC users, according to Runald. "A drive-by download type install is not possible," he added.