Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Mobile phone OS security changing?

From: Michael Silk <michaelslists () gmail com>
Date: Thu, 07 Apr 2005 03:06:27 +0100
On Apr 7, 2005 3:12 AM, Kenneth R. van Wyk <[EMAIL PROTECTED]> wrote:

On Wednesday 06 April 2005 09:26, Michael Silk wrote:

The last thing I want is my mobile phone updating itself. I imagine
that sort of operation would take up battery power, and possibly cause
other interruptions ... (can you be on a call and have it update
itself?)


I vividly remember a lot of similar arguments a few years ago when desktop PCs
started doing automatic updates of OS and app software.  Now, though, my
laptop gets its updates when it's connected and when I'm not busy doing other
things.


Hmm, I wasn't around then but I can see what you are saying... Still,
though, a phone seems so simple, and I can completely live without net
access (I guess they said this too) so it just seems wrong, and a
little annoying, to bring security problems to them...

 

My main point, though, is that the status quo is unacceptable in my opinion.
If a nasty vulnerability is found in most of today's mobile phone software,
the repair process -- take the phone to the provider/vendor and have them
burn new firmware -- just won't cut it.  For that matter, a lot of PDAs are
in the same boat.


True. But I wonder if an update strategy like that allows them to be
more secure? I.e. perhaps a physical interface can allow more
programming options? Options that aren't available over the HTTP
interface (like installing apps, for example).

This could increase their security.

Corporations giving phones out to employee's, or developing software
for them, could buy these attachments and have policies at work.
Regular people would need to go back to the phone store, or a
speciality "Mobile Phone Software Installer" store to get it done.

 

Sure, we'd all prefer better software in those devices to begin with, but as
long as there are bugs and flaws, the users of these devices need a better
way of getting the problems fixed.


Fair enough..



Personally, I would prefer a phone that doesn't connect to the
internet at all rather than a so called 'secure' phone.


For the most part, those days are over.


I guess I better hold on to my 'non-internet' phone for as long as I
can, then, if I won't be able to replace it :)

-- Michael



Cheers,

Ken van Wyk
--
KRvW Associates, LLC
http://www.KRvW.com
Previous By Date Next
Previous By Thread Next

Current thread: