Security of Symbian Based Mobile Devices

Abstract

Security issues of Symbian-based mobile computing devices such as PDAs and smart phones are surveyed. The evolution of Symbian OS architecture is outlined. Security threats and problems in mobile computing are analyzed. Theft/loss of the mobile device or removable memory cards exposes stored sensitive information. Wireless connection vulnerabilities are exploited for unauthorized access to mobile devices, to network, and to network service. Malicious software attacks in form of Trojan horses, viruses, and worms are also becoming more common The Symbian OS is open for external software and content which makes Symbian devices vulnerable for hostile applications. Embedded security features in Symbian OS are: a cryptographic software module, verification procedures for PKI signed software installation files, and support for the communication security protocols IPSec and TLS. The newest version 9.3 of Symbian also embeds a platform security structure with layered trusted computing, protection capabilities for installed software, and data caging for integrity and confidentiality of private data. Fundamental security requirements of a Symbian based mobile device such as physical protection, device access control, storage protection, network access control, network service access control, and network connection security are described in detail. Symbian security is also evaluated by discussing its weaknesses and by comparing it to other mobile operating systems. Current availability of add-on security software for Symbian based mobile devices is outlined in an appendix. In another appendix, measurement results on how add-on security software degrades network communication performance of a Symbian based mobile device are presented and analyzed as a case study.