Friday, 20 June 2014

Nokia paid millions to protect Symbian from code thieves

Nokia reportedly paid millions of euros (Finnish) to blackmailers in 2007-2008 to keep a key part of the source code for its Symbian feature phone platform from being used to create malware, according to Finnish broadcaster station MTV.

symbian-logo
According to the report, which has been confirmed by Finnish police, the code blackmailers had stolen the Symbian's encryption key. With these few kilobytes of code, the code thieves could have created signed applications that would have appeared to have been, not merely legitimate Symbian applications, but Nokia programs and operating system "upgrades."

In short, this would have given the cybercriminials the power to create malware and root-kits at will.

At the time, Nokia had just over 50 percent of the world phone market and the vast majority of these phones were running Symbian. Apple's iPhone had just been released in June 2007 and Android was only a beta. Android 1.0 would not be released until September 2008. Although Nokia would start abandoning Symbian only three years later for Windows Phone, Symbian was at that time the most important mobile operating system in the world.

With that in mind, Nokia's leadership agreed to paid millions in return for the promise that the software thieves would not use the encryption key to produce malware. Nokia enlisted the help of the police and delivered the ransom in a bag of cash to a parking lot near an amusement part in Tampere, Finland.

The money was picked up but the police lost track of the culprits.

While the Finnish police are still working on the case, the culprits have never been located. They also, it appears, never used the code against Symbian. Of course, today, according to comScore, Symbian has only a 0.2 percent market share.

The once mighty Symbian may have fallen, but at least it didn't collapse because of a major security breech.

No comments:

Post a Comment