Self-service mobile phone upgrades: Helping users stay secure
In a time not so long ago the world was a very different place—in terms of mobile phone software upgrades at least. For many years now, several smaller companies in the cellular handset industry have provided a means for users to upgrade the firmware of their devices at home. These firmware upgrades are typically carried out using a computer—on which the firmware files are stored—and a connecting cable (or desk stand) for the cellular device. Sadly, this was not always true for the larger players; the result of which was that when a vulnerability was discovered, the user would first have to learn of it and then take their handset into a service center to be upgraded. This method isn’t very practical and would be pretty low on the priority list for most, if not all but the seriously security conscious.
Well, I applaud Nokia for their recent change of heart to allow users to perform their own D-I-Y software upgrades. While they have only allowed a smallish selection of devices to use this service (most are Symbian based, but there is at least one series 40), at least it's a start. One of the coolest innovations I’ve found in their service is that it supports updates “over the air” on some models, such as the Nokia 6131. For those of you who are interested in the service, there is a detailed FAQ section available on their Web site.
The ability for users to self-upgrade their cellular device is obviously of great benefit when security issues are discovered; as users do today with Windows Update on the Microsoft Windows desktop, we can now download and install updates to ensure protection against new threats on our mobile devices. The final piece of the puzzle currently missing from Nokia's solution is notification. If Nokia could provide either a notification via MMS/SMS, or using a small application on the phone itself that monitors a Web site for new updates, this would quickly bring the service on par with today's desktop firmware upgrade solutions.