Will an open source model expose Symbian’s security flaws? July 8, 2008
Posted by wirelessinformatics in Uncategorized.trackback
The industry chatter around Nokia’s decision to move Symbian into the world of open source is quieting down, leaving time to reflect on the security implications of making several year old code available to the masses.
In the computing world there’s plenty of debate about the impact of opening up previously proprietary code. The primary concern being that an open source model exposes code not only to benevolent practitioners but also to malevolent attackers.
The anti-virus industry has already jumped onto the bandwagon, suggesting that the trend for mobile open source will bring a rise in virus outbreaks. However the risks run deeper. As in the PC world, malevolent attackers are incentivized by financial gain; phishing and ID Theft are two of the fastest growing online threats.
With much of the mobile industry steering towards m-commerce initiatives, potential security risks must be considered. The mobile terminal (including the SIM card) is being positioned as a trusted m-wallet solution with users able to transfer funds and pay for good and services through channels such as NFC (near field communications). Will the storage of highly personal data on the mobile device, combined with the world’s most commonplace mobile operating system going open source collide to become the catalyst that makes mobile security breaches a very threat?
In a closed source world, and possibly lulled into a false sense of security, developers can take short cuts that introduce security holes. But there’s no security through obscurity and opening up the codebase guarantees that any shortcuts are readily visible to the world.
Conversely, green-field open source projects such as Android can benefit greatly from the open source community. The power of a collective community means security flaws are continuously peer reviewed by a large number of developers, each evaluating the code with a fresh pair of eyes and from different perspectives.
So while green-field open source projects will be able to mitigate major security threats prior to mass-market adoption, it will be some time before a previously closed operating system reveals and patches all of its flaws.
Interesting article! I’ve replied in my blog, here.
// David Wood, Symbian