Device security mechanisms

The list below contains some common device security mechanisms.

Device protection

Protection of the Symbian platform-based device against a physical attack (that is, when an attacker has physical access to the mobile device) is controlled by the device lock feature, which is not necessarily often used. Other external methods of protection, like a PIN code or Subscriber Identity Module (SIM) locking, tend to provide protection only when accessing a cellular network, leaving the information content vulnerable. Without cryptographic protection, it is possible to gain access to the device's information storage with hardware-based methods (for example, wiretapping connectors and direct reading of memory chips).

Device authentication

Sometimes, for security reasons, an application needs to identify the mobile device it is running on, for example, to use specific ciphering keys or to apply copy protection. Identification can be done by checking the device's International Mobile Equipment Identity (IMEI) code, which is unique in each device used in cellular networks. To retrieve the IMEI code, you can use, for example the CTelephony::GetPhoneId method. For more information, see Phone Identification Tutorial. There are different APIs for retrieving the IMEI code in different versions of SDKs. Refer to the SDK API or Symbian documentation for the proper method.

Another way to get information about the running platform and the mobile device is to use the HAL:Get() method defined in hal.h header file. For more information and examples, see Device Product ID, Platform ID and HAL information at the Symbian Foundation.

User authentication

When powering on the device, the user is authenticated in the operating system level with standard device authentication methods, such as a PIN code and security code requests. However, these features can be turned off by the user and are easily reset with special hardware. If an application needs to authenticate the user, it should be done in the application level by implementing a separate user name/password authentication mechanism.

Mobile hardware

The Symbian platform attempts to ensure the integrity of data even in the presence of unreliable communication and a shortage of resources, such as memory, power, and storage.

The user may detach removable storage media at any time, either intentionally or unintentionally. The platform has a built-in detach handling mechanism, but applications should still be prepared for a sudden loss of storage media to prevent data loss or corruption. To check the type of storage media (removable/fixed), use the RFs::Drive() method.

The device may shut down at any time, either by accident or because the battery runs out. Important data stored in nonpermanent memory should be written to permanent memory as early as possible. To query the battery level, use the HAL::Get(EPowerBatteryStatus) method. For information on how to retrieve system information, see the Power HAL Handler Tutorial.

Even though internal storage is not physically protected, you can secure memory cards with password protection. If the locking option is used (method RFs::LockDrive), memory card contents are protected with a password and cannot be read in any other device without it. Password locking is an extended functionality of the Multimedia card (MMC), and may not be compatible with all hardware and software configurations.

Third-party solutions

A mobile device can be protected with third-party security applications. Antivirus software can detect and quarantine any viruses that try to access the device, as well as restore infected files. Antivirus software is usually used together with firewalls to observe and protect both incoming and outgoing data connections. This enables monitoring of important data and prevents it from being sent out of the device. Firewall and antivirus software can also be part of an intrusion detection system that notifies the user whenever a malicious attempt is detected.

Furthermore, there are applications you can use to encrypt existing files, manage passwords, and store information and data securely (in vaults). You can even cipher information in applications and connection methods which do not initially support ciphering (for example, short message service [SMS]).