The list below contains some common device security mechanisms.
Protection of the Symbian platform-based device against a physical attack (that is, when an attacker has physical access to the mobile device) is controlled by the device lock feature, which is not necessarily often used. Other external methods of protection, like a PIN code or Subscriber Identity Module (SIM) locking, tend to provide protection only when accessing a cellular network, leaving the information content vulnerable. Without cryptographic protection, it is possible to gain access to the device's information storage with hardware-based methods (for example, wiretapping connectors and direct reading of memory chips).
Sometimes, for security reasons, an application needs to identify
the mobile device it is running on, for example, to use specific ciphering
keys or to apply copy protection. Identification can be done by checking
the device's International Mobile Equipment Identity (IMEI) code,
which is unique in each device used in cellular networks. To retrieve
the IMEI code, you can use, for example the CTelephony::GetPhoneId
method. For more information, see Phone Identification
Tutorial. There are different APIs for retrieving the IMEI
code in different versions of SDKs. Refer to the SDK API or Symbian
documentation for the proper method.
Another way to get information about the running platform and
the mobile device is to use the HAL:Get()
method
defined in hal.h
header file. For more information
and examples, see Device Product ID, Platform ID and HAL information at the Symbian Foundation.
User authentication
When powering on the device, the user is authenticated in the operating system level with standard device authentication methods, such as a PIN code and security code requests. However, these features can be turned off by the user and are easily reset with special hardware. If an application needs to authenticate the user, it should be done in the application level by implementing a separate user name/password authentication mechanism.
The Symbian platform attempts to ensure the integrity of data even in the presence of unreliable communication and a shortage of resources, such as memory, power, and storage.
The user may detach removable storage media at any time, either
intentionally or unintentionally. The platform has a built-in detach
handling mechanism, but applications should still be prepared for
a sudden loss of storage media to prevent data loss or corruption.
To check the type of storage media (removable/fixed), use the RFs::Drive()
method.
The device may shut down at any time, either by accident or
because the battery runs out. Important data stored in nonpermanent
memory should be written to permanent memory as early as possible.
To query the battery level, use the HAL::Get(EPowerBatteryStatus)
method. For information on how to retrieve system information, see
the Power HAL
Handler Tutorial.
Even though internal storage is not physically protected, you
can secure memory cards with password protection. If the locking option
is used (method RFs::LockDrive
), memory card contents
are protected with a password and cannot be read in any other device
without it. Password locking is an extended functionality of the Multimedia
card (MMC), and may not be compatible with all hardware and software
configurations.
A mobile device can be protected with third-party security applications. Antivirus software can detect and quarantine any viruses that try to access the device, as well as restore infected files. Antivirus software is usually used together with firewalls to observe and protect both incoming and outgoing data connections. This enables monitoring of important data and prevents it from being sent out of the device. Firewall and antivirus software can also be part of an intrusion detection system that notifies the user whenever a malicious attempt is detected.
Furthermore, there are applications you can use to encrypt existing files, manage passwords, and store information and data securely (in vaults). You can even cipher information in applications and connection methods which do not initially support ciphering (for example, short message service [SMS]).