[ISN] Symbian admits Trojan slip-up

From: InfoSec News <alerts_at_private>
Date: Mon, 20 Jul 2009 00:17:18 -0500 (CDT)
http://news.cnet.com/8301-1009_3-10290212-83.html

By Tom Espiner
Security
CNet News
July 18, 2009

The Symbian Foundation has acknowledged that its process for keeping 
malicious applications off Symbian OS-based phones needs improvement, 
after a Trojan horse program passed a security test.

The botnet-building Trojan, which calls itself "Sexy Space," passed 
through the group's digital-signing process, Symbian's chief security 
technologist Craig Heath said Thursday. Heath said the group is working 
on improving its security-auditing procedure.

"When software is submitted, we do try to filter out the bad eggs," 
Heath told ZDNet UK. "When apps are submitted, they are scanned. We are 
looking at how they could be scanned better."

Developers must submit the mobile applications they build to the Symbian 
Foundation for checking for the applications to be accepted by handsets 
with the Symbian operating system. Once the submission has been 
accepted, the applications are digitally signed by Symbian. Digital 
signatures, which are cryptographic security features, are designed to 
provide an amount of assurance that software for download comes from a 
trusted source.

[...]


_______________________________________________      
Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Sun Jul 19 2009 - 22:17:18 PDT

This archive was generated by hypermail 2.2.0 : Sun Jul 19 2009 - 22:32:40 PDT