Saturday, 26 March 2011

Technology: Where There's Will...

It seems that for a dedicated hacker even meagre dubmphone (aka "feature phone") can be a target...

As the article above explains (do read it, I'm not going to go into details here) using nothing more than a malformed text message (SMS) it is possible to do serious harm to a mobile phone (notably, smartphones seem to be largely immune). The best that can happen is your call drops and/or your mobile resets. Worst case (as described in the article), your phone goes into an endless - and unrecoverable - reset loop. Scary. Good that I've ditched dumbphones years ago (as have most people I care about). But is this surprising? No, not really. For someone steeped deeply into the mobile phone industry it is in fact quite heartening. Heartening because the weakness described here is a result of overzealous programming aimed at shielding user from just such malformed messages, rather than the sloppiness usual in the security lapses used on the desktop. And smartphones, for that matter. Don't read this as "smartphones are safe". Au contraire! They tend to be as vulnerable as desktop computers. It is just that their vulnerabilities lie at the top of their software - the operating system (i.e. Android, iOS, Symbian, ...) and not in the underlying bits which actually make phone a phone - and about which nobody cares much these days. But luckily, that bit is still built like a tank.

Yes, sometimes it feels good to be a part of an unappreciated branch of software engineering...