Even Symbian 9 Spyware Can Get Signed
With the advent of Symbian 9 came a new capabilities model that could be seen as akin to mandatory access control, or MAC, which I’ve touched on briefly in the past . If you’re interested more in the Symbian 9 capabilities model, I recommend you go read the Embeddec.com article or purchase a copy of Symbian Platform Security Development Architecture from Symbian Press.
FlexiSpy is spyware program that runs on either the Symbian OS or BlackBerry mobile devices. Recently, we saw the release of a version of FlexiSpy for Symbian 9. However, in order for this threat to run and do its nefarious operations it needed to be signed with certain capabilities. When our analysts had a look at it sure enough it was enabled with the following capabilities:
The descriptions of these capabilities are available at the links provided. Suffice to say that with those capabilities, Symbian users may not have many secrets left on their device. When we look at who has it signed we can see the company that sells FlexiSpy went through the appropriate channels in order to get it signed by Symbian.
'Vervata Co Ltd'
'Vervata Co Ltd'
'VeriSign Testing-Based ACS Root for Symbian OS'
The fact that code that has malicious intentions can get through the signing process highlights the need for people to take certain precautions. For example, FlexiSpy can’t be installed remotely yet. So, if users set PINs on their device, both at startup and on the keypad lock, they can prevent its installation. It is imperative that you don’t only set the SIM PIN but also the device PIN. The reason for this is that if you rely on the SIM PIN they attacker can simply remove it, restart the device, install and then replace your SIM. Anyway be safe…