Discussion Board

Results 1 to 2 of 2
  1. #1
    Registered User
    Join Date
    Oct 2003

    symbian security failures?

    Hi to everybody. I must develop a payment application on Symbian, and it is very important to know if this system has any failures or bugs in terms of security. For instance, is it possible that third parties get to know your credit card number when you purchase on the net?
    Has anybody a great knowledge of security on Symbian?
    Thanks on advance!!!

  2. #2
    Registered User
    Join Date
    May 2003
    Anyone - please correct me if I'm wrong.

    In terms of data transmission alone, WAP has a semi-secure version of SSL. That is, you can open a secure WAP connection and transmit POST or GET requests. However, the data is decrypted on the gateway and then re-encrypted using HTTPS before it makes its way to the destination web server. There is a small security risk should the gateway be compromised. You can specify your own wap gateway but then you would have problems with access points on the phone. This is why many banks offering WAP access do not allow it over public (carrier) wap gateways and force you to use their own dial-in number.

    You can implement your own end-to-end security if you wish. I'm not sure if there are any primitives built into Symbian 6.1 that would help with this. There is a Cipher example in 6.1 but I haven't looked at it.

    Databases can be encrypted on Symbian and opened with a key. I'm not sure if this encrypts the whole database or stops the API from opening a database if the key is not authenticated. You should probably encrypt anything sensitive that you store on the phone.

    A symbian phone can also be compromised by trojan-type programmes such as key loggers. I doubt that any exist yet.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts