Mabir.A Virus Targets Symbian Phones
adennis writes "Exploiting bluetooth and weaknesses in the OS, the Mabir.A virus, like its predecessor, targets the version of the Symbian operating system running on Nokia Series 60 handsets. Since Symbian is the dominant smartphone OS, found on phones made by Motorola, Siemens, Sony Ericsson Panasonic and Nokia, this virus could have great impact. Will mobile OS companies, like desktop OS makers, have to start an automatic update system, or will the OS creators have to start making their software secure?"
I'm am an experience commercial software developer on the Symbian platform. I have a strong background in many other platforms and i the context of this message, my anonyminity is important since my company can be sued by Symbian just for a biased negative opinion of Symbian made publicly.
Symbian OS is the most expensive platform to develop on. This means more expensive money and time wise. It takes 3 times as many developers to deliver the same product in twice the time as on comparible platforms (brew, iTron, etc...) as for platforms with real development tools such as Windows Mobile, we use ten developers on Symbian to every one on Windows Mobile to produce a lesser product.
Symbian has limited hardware level debugging support (if any at all), they lack so much as a command prompt to log to.
They lack decent compilers and you're stuck with GCC or ARM Realview (neither are that good, satisfactory at best on ARM).
Documentation is aweful at best.
A simple program requires you to just through hoops, more complex sets the hoops on fire.
The emulator environment emulates nothing and simply tries to implement the Symbian UI APIs on Windows and all system level stuff is just layered on Windows. That's fine if you don't need to do anything at the system level.
The development environment is heavily based on CodeWarrior these days. I find this funny since every other company (Nintendo, Sony, Be, Apple, etc..) where Metrowerks had a good footing, the companies found it more profitable to dump CodeWarrior and do it themselves instead. Symbian is the only company stupid enough to choose to rely on Metrowerks, especially with their pathetic resume.
As for security, the fact that anyone could possibly ship a product based on Symbian is a miracle in itself. As for securing it as well, I think you're just asking too much.
I will turn off bluetooth or set my phone's visibility to off.
Setting your phone's visibility to off is not enough to stop attacks.
There are already tools out there that find non-discoverable bluetooth devices. A worm might use the same technique.
"I'd rather have a full bottle in front of me than a full frontal lobotomy"