Running concurrently with their desktop browser hacking challenge (where one clever programmer broke down Safari in 10 seconds), the Pwn2Own contest at CanSecWest will also be testing the security of mobile operating systems. If they can break through any of the five big platforms (Android, BlackBerry (NSDQ: RIMM), iPhone, Symbian and Windows Mobile), reps from those companies are will to shell out $10,000 for rights to the code. It might be more than the $5,000 and prizes they’re giving out for the desktop hackers, but it’s certainly nowhere near the $100,000 that such exploits can fetch on the black market. It’ll be interesting to see what these hackers can dig up… Here’s a run-down of the Pwn2Own itinerary:

Phones (and associated test platform)
* Blackberry(TBA)
* Android(Dev G1)
* iPhone(locked 2.0)
* Nokia (NYSE: NOK)/Symbian(N95-1)
* Windows Mobile (HTC Touch)

Day 1 (Raw functionality out of the box, users configured for service) post phone, post email
* SMS
* MMS
* Email (arrival only)
* wifi on if default
* bluetooth on if default
* Radio stack

Day 2
* All of Day 1
* Email/SMS/MMS (reading only – no secondary actions)
* wifi on
* bluetooth on (not accept pairing by default. Paired with a headset. pairing process not visible)

Day 3
* All of Day 1 and 2
* one level of user interaction with default applications
* bluetooth on (not accept pairing by default. Paired with a headset/other devices upon request. pairing process visible)

What is owned? Must demonstrate…
* loss of information (user data)
* incur financial cost

[via ElectricPig]

BlackBerry (NSDQ: RIMM) has tended to be device of choice for suits, lawyers included, but apparently that’s changing.  A few firms, notably Chapman and Cutler who have been sporting Apple (NSDQ: AAPL) products since 1992, have over half of their staff using iPhones. Corporate network access through web-based utilities is more than satisfactory with the iPhone’s ample Safari browser, and the recent Exchange support makes it a passable e-mail device. Chapman and Cutler are what you might call an extreme example, however – most firms simply offer the iPhone as an alternative for those interested, but the lack of security options, battery life, and e-mailing capabilities remain a deterrent for most lawyers.

“Coming from the BlackBerry world, you get used to the conveniences they have refined,” says [David Gregson, chief information officer at Kilpatrick Stockton]. “A BlackBerry is really an e-mail device with a phone added on, where the iPhone is a phone with e-mail added to it. You can’t search through e-mail or cut and paste, like you can on a BlackBerry. You can only sync with your inbox, not with subfolders. You can’t set priority when sending messages. Attorneys are going to be disappointed if they are real power users.” Kilpatrick currently has no plans to deploy iPhones firmwide, although it has recently given them to two partners in New York who work with Apple.

[via National Post]

There’s an interesting piece on mobilemarketingmagazine.co.uk, where the CTO of a company called UMU Mobile makes a statement about people needing to be more vigilant about the security on their Mobile devices.

Peter Harrison says that since the advent of mobile devices are more capable, we are at risk of a virus causing major damage – such as file wipes, hard resets, or unexpected call charges. He says that the advancement in Operating Systems, and also wireless network types, means it’s now easy and lucrative for malware writers to exploit devices. His final thrust, and not unexpected given he works for a Mobile Security company, is that we should consider some sort of firewall and anti-virus equivalent for our smartphones.

Well I’ve got to say I’m really not on board with many of the arguments that are made. Having myself worked for a Mobile company with an AV offering, it became clear to me that much of what is malware is created by hobby-hackers, and even then, it’s not that common.

In addition, the mobile companies are seen as more of a gatekeeper to subscribers than say ISPs are for fixed-line InterWeb users, and so there’s an expectation that my service provider will stop viruses getting in to the mobile network. Given the lack of viruses that have gone mainstream, and the fact that Series60 has unfortunately borne the (small) brunt of smartphone viruses so far it seems, are the rest of us really that bothered at the moment? Will we be in say 18 months time? Doubt it.

But what say you IntoMobile readers? Should we be wary?

[Via: mobilemarketingmagazine.co.uk]

Anyone in retail will know how commonplace theft is these days. Five-finger discounts are sometimes hard to combat, especially in the electronics industry. With that in mind, Rogers (NYSE: RCI) is going to begin use immediately of an EIR, or Equipment Identity Register. This register will log reports of stolen devices and stop them from being used. If a device is stolen and the IMEI can be identified, Rogers will input the device to the registry which will therefore prevent it from being used on over 40 GSM networks worldwide…So if you steal a device from a Rogers retailer, or have your device stolen… Chances are you’re out of luck, buddy!

Make the jump for more info via an internal document from Rogers.

Thanks to BGR on this one, as this report comes direct from one of their Rogers ‘ninjas’.

Read the full article »

The T-Mobile (NYSE: DT) Sidekick has topped Boston’s list of stolen gadgets, accounting for 14% of all robberies in the area – more than 300 cases in 2008 alone. While it’s not surprising that the Sidekick is a popular target, most steal-worthy toys are top sellers, like the iPhone; the Sidekick, however, has never broken the top five phones. We don’t have these things up in Canada, but having played with one briefly, I can understand how them young whippersnappers dig the spring-loaded flipping screen and buxom texting capabilities.  Protecting against theft is tricky right now – biometrics still aren’t widespread, although patent filings from both RIM and Apple show that they’re interested in solving the problem. One thing’s for sure: higher-end smartphones will be seeing these security features way sooner than mid-range handsets like the Sidekick.

[via AP]

Sounds as though Visa has encountered a little bit of trouble today. Word is they’re being sued by a small US business for infringing a patent which covers the use of SMS messages used to alert spenders of transactions. Charge Notification Services Corporation (CNSC) out of Miami, Florida has taken exception to the service that Visa and some of their partners have recently been offering. Their patent covers charge card transaction authorization and/or notification in real-time via SMS to a mobile device.

Ivan Ochoa, CEO of CNSC commented:

“We are very sorry that it had to come to filing this suit…For months we’ve tried exhaustively to work with VISA with no results. We’re a young company but we have experience with this product and the credit card business as a whole. We have the knowledge and infrastructure to handle even the most extreme transaction volume. We’ve expended considerable resources on patent registration and product development.”

Should be interesting to see how this one turns out.

[Via: Cellular-News]

But you can’t just be any, run-of-the-mill hacker.

In order to score one of the bigger prizes at the annual Pwn2Own 733t hacker competition in Vancouver, Canada, you’re going to have to prove your hacking fortitude by finding security exploits in the Android, Symbian, Windows Mobile, BlackBerry (NSDQ: RIMM) and iPhone mobile operating systems.

With the flood of smartphones hitting the market these days, there’s a potential bonanza for nefarious mobile developers looking to hack your cellphone for their own gain. The iPhone has been targeted as a high-profile candidate for hackers looking to gain notoriety in hacking-circles, but other smartphone platforms are just as vulnerable to attack.

Pwn2Own is offering a whopping $10,000 prize to for each successful mobile phone exploit that is submitted and proven to work. Hackers will have to remotely dig their way into one of the mobile platforms mentioned above, using exploits based on “email, SMS text, website browsing and other general actions a normal user would take while using the device.” There is also a browser-exploit track at the competition, but it’s the mobile-related hackery that piques our interest.

Successful hackers will be allowed to keep the device that they hacked, including one year of cellular service. All successful security exploits will then be submitted to the appropriate vendor to help drive security advances and keep the general public just that much more secure from hackers.

If you think you have what it takes to hack your way into a mobile phone from afar, the Pwn2Own competition might be worth your time. Find out more here.

[Via: TheRegister]

In a sad little twist of fate, Google (NSDQ: GOOG)’s development-oriented variant of the T-Mobile (NYSE: DT) G1 has been barred from downloading premium Android applications from the Android Market. The Google Dev Phone 1, as it is being called by the folks in Mountain View, is reportedly unable to play nice with those for-pay applications that recently started trickling into the Android Market.

The consensus seems to be that Google is trying to prevent application piracy and payment fraud by locking out Google Dev Phone 1 users from putting hands on paid apps – the very same apps that they developed with their $400 Google Dev Phone 1.

The problem lies in the Google Dev Phone 1’s unlocked file-system that gives the user full reign over the handset’s root directory – the key to hacking the bloody daylights out of the handset. Because the Google Dev Phone 1 is unlocked (a different kind of “unlocked” than the kind that lets your GSM handset play on any GSM network in the world), Google may be worried that the premium apps could be extracted and pirated. Another possible scenario would have an Android-developing malcontent downloading a paid app, copying the application to a computer, requesting a refund, and then simply transferring the application back to the Dev Phone 1.

Whatever the case, it seems the Google Dev Phone 1 is being selectively barred from premium Android Market apps. “This is a big problem for everyone who has a Dev phone,”says oscillik. “Assuming that we’re pirates is very offensive.”

Indeed.

Of course, you can unlock your T-Mobile G1’s file-system with a bit of hackery, but don’t tell Google.

[Via: Macworld]

When we heard that AT&T (NYSE: T) was pulling their entry-level, QWERTY slider from shelves for failing to live up to AT&T’s “minimum performance expectations,” we were left wondering exactly what it was that the Quickfire did wrong. Today, AT&T has shed a little light on their Quickfire messaging handset’s woes. Turns out, the Quickfire, when charged in appropriately, is prone to overheating and actually catching fire.

If you can’t smell the irony in the Quickfire’s propensity to catch fire, perhaps you’re just distracted by the acrid smoke coming from your flaming Quickfire.

On a more serious note, AT&T has issued a friendly reminder to Quickfire owners, advising against improperly jamming the charging plug into the phone’s charging port. Doing so might give you an ironic laugh, followed immediately by a call to the fire department.

Says AT&T:

Please take special care when charging your Quickfire GTX75 mobile phone. There have been a few reports of significant overheating of the phone when the AC Charger adapter is inserted incorrectly and forced into the phone. The clearly marked, embossed arrow on the AC Charger adapter should always be face-up on the same side as the display screen of the Quickfire when it is inserted into the phone. See the diagram below for proper positioning and insertion of the AC Charger adapter into the phone. You should never force the AC Charger adapter into the phone.

If you have any questions, please call 1-800-801-1101.

Sincerely,

AT&T

Quickfire owners would be wise to heed AT&T’s advice.

[Via: EngadgetMobile]

Donuts, good BBQ, and a Celio REDFLY – the essentials for the Memphis Police Department (MPD) in Memphis, Tennessee. The MPD has reportedly snatched up a whopping 1,2000 Celio REDFLY Mobile Companion units in a bid to make their smartphone-wielding officers more efficient and better connected in the field. The adoption of the Celio REDFLY, which essentially works like a dumb-terminal – connecting to and using your WinMo handset’s CPU, memory, and wireless data connection – for your Windows Mobile smartphone, is a boon for Celio’s move to push their Windows Mobile companion hardware.

The jump to the Celio REDFLY was a logical next step for the MPD. While more advanced law enforcement agencies around the country use in-vehicle computer systems linked up with a central database, the BBQ-loving Memphis PD set about their daily duties with smartphones in hand. Officers would use their smartphones to connect wirelessly to the Watson Field Reporting Suite and their own MPD web-based database, allowing them to log reports and check information in the field.

But, with a tiny keyboard and limited screen size, many officers’ weren’t tapping out quality reports on their smartphones. The Celio REDFLY answered the call for larger displays and a more comfortable keyboad to use with their Windows Mobile smartphones.

“We noticed that when officers use only their smartphones, reports had typos and the quality of the narratives were not as detailed as they needed to be,” said Major Jim Harvey. “The larger screen and keyboard has given our officers what they need to bring up mug shots and individuals’ information from our databases, as well as implement a new Paperless Reporting program to submit incident report narratives. Now they can do their jobs more effectively and are very comfortable using their smartphones to file their reports.”

So, the next time you see a Memphis police officer casually tapping away at what looks like an impossibly small laptop, make sure to not bother him – he’s probably writing up a report.

[Via: WMExperts]