Symbian’s Robust Enterprise Security


L to R; Me, Mike Maddaloni, Craig Richards,  Teemu Lehtonen.

At Microsoft Tech.Ed in Berlin last week, Mike Maddaloni (thehotiron.com), Craig Richards  (geekcomputers.co.uk) and I sat down with Nokia’s Teemu Lehtonen.  The topic was Symbian security, something Teemu knows a thing or two about having worked primarily in that area for most of the 12 years he’s been with Nokia.

Teemu outlined the Symbian security model which he called the most secure in the industry. It starts with the hardware. All modern Symbiam phones contain a chip level, hardware accelerated AES encryption engine which can encrypt and decrypt large data sets on the fly without impacting the user experience.

The Symbian boot loader is encrypted.  As the device is powered up the hardware engine decrypts the boot loader and verifies that it has not been tampered with.  Similarly, the Symbian OS image is  encrypted and has to be decrypted and verified before the OS can be loaded.

The hardware encrypted boot loader and OS image mean we will probably never see an alternate OS like Linux or Android running on a Symbian device.  While I’m a big fan of  people hacking alternate OSs on to  all sorts of devices, I’m sure corporate IT administrators  sleep better knowing that they don’t have to worry about rouge operating systems  on devices issued to employees accessing the enterprise network.

On top of hardware and OS security lies Platform Security.  Symbian apps must be signed with an encrypted certificate and Java apps may be. Signing guarantees that the app has not been tampered with and there are different certificates  that rant  varied levels of access to device capabilities. The  certificates that allow access to the most privileged APIs are only available to Nokia, device manufacturers, mobile operators and other trusted partners.  While it’s true that Platform Security in older Symbian phones has been hacked to grant  unsigned apps access to privileged capabilities,  doing so has required physical access to the device.

Lost or stolen phones can also potentially result in identity theft and disclosure of personal, financial and corporate secrets. Symbian offers users and device administrators several ways to protect sensitive information if a device goes astray.  All E-Series phones since the E71  let the user encrypt the contents of device memory and the SD card  using the same hardware accelerated encryption engine that protects the OS and boot loader. Decryption of data of data occurs on the fly as needed and is transparent to applications and the user.

All E-Series and most N-Series phones also support  remote device locking.  Provided the user has enabled remote locking in advance, a lost or stolen can be locked by sending a text message containing the secret lock code.

Corporate IT administrators have a lot of options for managing device security in the field. Microsoft Exchange and Lotus Domino administrators can apply mailbox polices to E-Series phones that enforce things like requiring a device lock password, setting inactivity timeouts and password complexity and aging rules, automatically wiping the device after a specified number of failed password attempts and disallowing downloading attachements or limiting their size. Exchange and Domino administrators can also remotely wipe a device.

Symbian supports the  Open Mobile Alliance  Device Management (OMA DM) protocols that allow administrators to set password policies, remotely configure phone settings and remotely lock or wipe phones using 3rd party OMA DM products.

The Nokia Mobile VPN client, which is pre-installed on E-Series phones and is a free download for most Symbian  phones, lets users to securely connect to corporate and personal Virtual Private Networks (VPNs) using the iPSec protocol.  The client supports many enterprise features including custom digital certificates, password rules, and RSA SecurID or  Active Directory /LDAP  authentication.  VPN security  can be configured and updated over the air using OMA DM compatible tools.

Talking with Teemu was an eye opener for me. I worked as a developer at a large US based financial services company for many years and am familiar with the challenges that mobile computing brings to enterprise data security.  Still, I was unaware, as I think many US IT professionals are,  of the strength and depth of Symbian’s security model.  RIM and Windows Mobile are the dominant choices for enterprise smartphones in this country but Symbian is a worthy and cost effective alternative that more businesses should consider.

Theres more on Symbian security on nokia.com. including a detailed security white paper (PDF).

Disclaimer: My expenses for the trip to Tech.Ed, including airfare, hotel, meals, drinks, and admission to the conference were paid for by the 1000heads agency on behalf of Nokia. However, the opinions expressed here are entirely my own.

13 thoughts on “Symbian’s Robust Enterprise Security

  1. yes finaly i got a man i dont know is this man you said..

    fi.linkedin.com/in/teemulehtonen

  2. first thanks for your quick replay
    I feels a friend here to help me.

    i will try to contact him.
    but i think they may not intersted to help me.because iam starnger to him

    but if you present my problem to him he may take seriosness.

    will you help me by sending about me to him.

    If you cant do this. no problem.

    thanks for all help. Sorry if i disturbed you.
    .you have a good mind.thats why you replay me..thanks again for that.

  3. what.
    is that article writen by you.
    if yes then you know teemu

    Could you please give his info..

    I dont know none because iam in india..staying in my house sice 4yrs.

    Now iam playing with symbian python..

    Linux for arm processer exists.so idont need to write linux.
    I need to write device drivers only

    Symbian now dead.
    but users not.then my effort will help users.

    please help if you can..i may not need this help affter years because i may buy a nokia maemo device .and most users may throw nokia.

    • I met Teemu once when I interviewed him at a conference four years ago. I have not been in contact with him since then and don’t have his email, phone number or any other information that might help you contact him. If you Google his name you might be able to find him.

  4. helo iam too late. but

    Iam going to port linux to symbian..
    but i need your help.
    Could you give me contact info of a nokia expert you said
    I have two way to hack symbian

    buying new rom and insert linux in it and solder it in phone

    Or suing a eeprom programer i erase symbian.and rewrite linux

    Iam waiting for your words..

    Please urgent

  5. I have a Nokia 5800 that became slower than ever, may be because of too many apps that I have on it. I was confident about the symbian security that my phone is virtually immune to viruses etc until I used NetQin antivirus and AntiMalware apps. An initial scan showed over 10 malwares (as .exe and other files in system folders) happily running as processes. Shocked, I removed them and saw considerable improvement in speed. I really wonder if those were malwares or what??? Can you clarify a bit on this matter Dennis?

    • Interesting, I’ve always considered Symbian virues a non-issue and anti-spam apps for mobiles as pure snake oil. But if your phone is verifiability faster with no loss in functionality after the AV apps removed “viruses” maybe there is something to Symbian viruses after all

  6. Unfortunately this Nokia Mobile VPN client is basically unusable software. We have more than 120 Nokia phones in our company and our IT department was unable to make it working even after a few months of trying.
    5 months ago we have purchased another VPN client and are living happily ever after. This VPN client name for Symbian/Nokia phone is SymVPN and it is available at http://www.telexy.com
    This VPN client works without a hitch on out fleet of Nokia phones, mostly Nokia 5800, N97, E72, and a few others.
    Best Regards,
    Adelmo.

Comments are closed.