First published: 30th June 2008
A recently-discovered privilege escalation hack allows mobile phone hackers to bypass the security system of the Symbian OS 9 based S60 3rd Edition phones with a mobile application. Symbian OS 9 based S60 3rd Edition is a market-leading open operating system for mobile phones.
The vulnerability allows hackers to get unauthorised access to the phone's normally protected file system, and thus make system modifications.
Hacks directed towards the S60 3rd Edition have been evolving for some time. What makes this case different is that the new hack can be carried out without external devices or system knowledge by installing just one mobile application that could be downloaded from the web.
Because the application can be considered as a hacking application, it is classified by F-Secure as riskware. F-Secure Mobile Security software identifies this application and removes it.
Commenting on the vulnerability, Jarno Niemelä, Senior Mobile Virus Researcher at F-Secure, said, "The application needs to be installed by the user, so this hacking tool is not a threat to the average mobile user. Because the application lets a user access the file system, we consider this as a security risk. Mobile virus source code could be updated to work on 3rd Edition phones and with the addition of this privilege escalation, hackers could do pretty much the same things as they do on 2nd Edition phones."