Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Symbian signing key reportedly stolen from Nokia could have enabled powerful malware

Lucian Constantin | June 19, 2014
An unknown person or group reportedly stole the cryptographic key used by Nokia to digitally sign applications for Symbian OS and extorted millions of euros from the company in 2007 by threatening to make the key public.

If such a key were stolen, then two years of development of Symbian 9 would have been rendered useless, said Victor Yablokov, head of mobile at Kaspersky Lab.

Distributing a digitally signed malicious app wouldn't have been hard at the time. In fact, the first smartphone malware ever discovered was a Symbian worm called Cabir that spread via Bluetooth.

There was no security setting at that time to allow the installation of apps only from an official store, so apps were commonly downloaded from various places on the Internet or installed on phones from PCs through a data cable, Yablokov said.

Nokia reported the extortion attempt to the Finnish National Bureau of Investigation, according to MTV. The money was put in a bag and left in a parking lot in the Finnish city of Tampere, but police lost track of the blackmailer after the bag was picked up, the report said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.