Increasingly sophisticated mobile software has improved features and intelligence in mobile devices. At the same time, the increasing volume of high-end mobile devices has shaped the profile of an average user from an IT professional to an average-skilled end user.
This shift has created new opportunities for malicious parties who usually want to gain access to the valuable information stored in mobile devices.
The following list classifies threats according to the most common reasons for security breaches, in descending order of frequency:
Intentional hostile action, where an attacker is deliberately trying to harm the system
Administrative flaws in the management of a device (for example, in a security area)
User mistakes, such as deletion of critical information or typing errors
Technical failures that cause data corruption, deletion, or inaccessibility
Other unpredictable or unavoidable failures and incidents that cannot be prevented (usually system wide)
There are different types of malicious software that you need to be aware of when designing new applications. The following common classification is based on the way these programs spread.
Software that needs a host to spread:
Backdoors and trapdoors are debug-type entrances to programs, for example, via hard-coded password access.
Logical bomb "explodes" under certain conditions, that is, it stops working or corrupts data. Like backdoors, the logical bombs can be unintentional, there may be a bug in the application that the developer did not discover in the testing phase.
Trojan horse is a useful-looking software that acts maliciously without notifying the user.
Virus modifies other software to reproduce new viruses.
Software that spreads independently:
Bacteria (also known as rabbits) reproduce themselves as quickly as possible to jam the system and its services. A single unit of bacteria is not usually dangerous, the strength comes from a large quantity.
Worm spreads through networks and can act in a system like bacteria or a virus.
These classifications are not strict or self-contained. For example, a worm can be used to install a Trojan horse into a system. The Trojan horse can then be used to activate a backdoor or logical bomb.
Controlling and restricting the access rights to your soft ware is an effective precaution to protect the system against these malicious programs. From Symbian OS v9.1, onwards, control and authentication of access rights is performed by the platform security mechanisms.
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.