As you've been hosting some videos with the MS SmartPhone people, I'd like to hear their opinion on this subject an how it relates to the MS Smart Phone platform, .NET Compact Framework and the Trustworthy Computing Initiative, and if are any steps taken in
this direction to mitigate this kind of issues. I'd like in the future to support customers using this platform (for which I might write some sw) and I would like to know in advance where most of my problems are going to come from
I'm the .NET Compact Framework technical evangelist at Microsoft.
The short answer is that we've spent a lot of time looking at security issues and threat modeling on mobile devices, and on the .NET Compact Framework. Additionally, Windows Mobile devices have a security infrastructure that mobile operators can enable that
require any kind of executables (whether they're managed or native) that requires digital code signing before an application can run on a device. Even when operators _don't_ choose to use this infrastructure, you still get a warning screen warning you that
the application may not be trusted.
Devices are very cool in the way that they can enhance our lives on an ongoing basis, but as a wise arachnid once said "with great power comes great responsibility." The good news about this particular case is that it doesn't appear to do anything malicious
on the devices - hopefully it is just a wake up call (that we all knew would come eventually), and will make us as a software community redouble our efforts to keep systems secure so that the rest of the world continues to trust the way technology enriches
I can't believe I quoted a cartoon character.
The problem is, users will install applications like this even when they're warned not to.
If I'm often getting Bluetoothed cool games from Dave, why wouldn't I accept a virus that comes from him?
Sure, you can restrict the device to only accepting signed code - but look how well that works for XP Drivers;
it doesn't because not everyone can afford to sign their software.
And you can't restrict software from accessing the smart-phone's phone features, because then you restrict legitimate use.
You can't have a "firewall" because users will get so fed up with "Do you want FooBar to access your SMS system?" that they'll permanently disable it.
The solution? None. There is no difference between a virus and a legitimate program.
Symbian have the same security measures in place. You have to accept installing the application by pressing "Yes" two times.
"Installation security warning. Unable to verify supplier. Continue anyway?"
As you would for just about any program. Most of them are not signed.
The problem isn't so much with the installation as that the program shouldn't be able to gain access to sending itself though Bluetooth without asking. A more evil program would be able to broadcast your private information. That is not a good thing! Then again,
Bluetooth security is overall very disappointing.
Bluetooth range is about 10m so if your buddy sends you some strange app maybe it's a good idea to just ask him what it is. If you get a program from some stranger on the bus and go ahead and install it, then you're too stupid to have a smartphone.
And a more general advice is: If you're not using Bluetooth at the moment -
turn it off!
OK, all that is true, but that is not what concerns me most. My biggest concern has to do with how to react to what i don't know, not to what I do know. I mean, that article just points out that these system -will- have security issues, which we don't
know about yet.
In desktop systems, a lot of research resulted in providing us with automatic updates to the systems to secure them of issues as the vulnerabilities appear. There is Windows Update in general, Windows Update Services for corporations, SMS, the new quarantine
LANs in ISA 2004 (which are just a great idea), etc.
All these technologies have appeared AFTER the vulnerabilities have been succesfully exploited, and they are now in place to be a little proactive, and not reactive to security issues.
Knowing all this that we now know, and the new mobile environments that are comming, has anybody thought about how can the security issues that we faced in the past be prevented in the new environments?, or are we just 'doomed' to suffer them again on the new
environments and then find the solutions afterwards?
I'm thinking (from the top of my head) for example on some exploit that could hack into the Exchange 2003 notification services (AUTD) that could flood a network of mobile devices (that i could support) with notification messages (SMS messages) to syncronyze
with the server using ActiveSync causing some kind of DOS to a lot of people (devices and systems).
To prevent this exploit, you can just deactivate AUTD and it will be solved, but only AFTER the problem appears (and then clean/rebuild the hacked system). Besides, as i said before, what concerns me most is the kind of exploits i can not think of yet :-/
They just have to be prevented. The success of the whole concept is in the balance. People are not going to accept the same level of problems with their phones as with their desktop. Rebooting phones and worms sending MMS that the customer
have to pay for. Oh brother. Should that happen the smartphone is dead, and people will go back to the basic services (voice and SMS). For the majority that is very much an option.
Not to mention what will happen if someone successfully creates a virus that DoS 911... Some countries have already outlawed camera phones for way less.
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.