See into S60
» Subscribe
» Favorite Links
» Freeware & Trials
» S60 devices
» Hints and tips

» About this blog 		» analysis (1)
» news (2)
» reviews (2)
» Tommi's Reports from Wonderland
» Voice of S60
» Creating Carbide C++
» S60 Multimedia Blog
» The Convergence Zone
» Web Browser for S60 Blog
» Consumed by S60
» Java for S60
» Mobile Web Server
» Mobile Security
» See into S60
» Business2GO
» Nokia Podcasting Application Blog
» New kid on the block
» Phone Guardian by Symbian Guru
» The 1st S60 3rd edition virus... that wasn't
» TARM - Terminal Administration Rights Model
» Hello World!
» September 2007
» December 2006
Subscribe

Subscribe RSS 2.0 feed

RSS For posts
RSS For comments

» FeedBurner
» [What is RSS?]

Subscribe Atom feed

» For posts
» For comments

If you wish to receive email notification, please here »
Links
» Mobile Security
» Symbian One
» My-Symbian
» Symbian.com
» S60 Tips
» S60 Freeware
» Symbian Freak
 » All About Symbian
» E Series Blog
» MobHappy
» The Mobile Weblog
» Gadgets 4 Fun
» Christian Lindholm

« The 1st S60 3rd edition virus... that wasn't | Main | New kid on the block »

December 21, 2006 Phone Guardian by Symbian Guru Posted by at 03:55 PM | Categories: reviews

pg-3_1-thumb.jpg

I was asked to review Phone Guardian from Symbian Guru. This is a neat little security application which contains a couple of nice features. After installing to the phone, the user is required to set a master password and from the applications GUI the user is able to configure the application and set some custom parameters.

These features include:

1. The option to have the guard enabled or disabled
2. To have the phone automatically lock when the SIM is changed, or when an SMS is sent to the device, or both
3. Alarm on or off
4. User configurable lock message (free text field)
5. User configrable phone number where to send SMS's in the case an alarm condition is triggered
6. A configurable autolock period.

So how did I get on? I tested Phone Guardian on a standard Nokia E61 with the latest firmware. The Installation process was straightforward and easy and I set a master password. With regard to the configurable options, I set the guard enabled, the lock mode to activate on SIM change or SMS (both), configured another phone number in the alarm SMS field.

Then the fun part. I switched off the phone, inserted another SIM and rebooted. The normal boot process followed, I entered the SIM PIN the splash screen came and went and the main UI loaded. Then the phone started emitting this horrendously loud alarm noise with the lock code prompt! After a few seconds an SMS arrived on my other SIM.

Screenshot0013-thumb.jpg

The information contained within the Alert SMS is of real value since it contains useful information from every different SIM which is inserted into the phone. Information includes the date and time, the SIM ID, the phone IMEI and the CELL ID. The other thing I like about this feature is that a thief/finder of your phone is unlikely to be aware this software is running on your device and so they are probably oblivious to the fact their phone number is about to be sent off over-the-air - and at their expense too!

Areas where I think this software could be improved include the ability to lock access to the filesystem. With a pair of earplugs inserted and the alarm sounding, I plugged in a USB data cable to my PC and to the phone's pop-port and I was still able to dump the contents of the phone and memory card. So the ability to lock the filesystem is clearly a must. I was also able to perform a low level format (3 * and green phone button). Although the data is all wiped (bonus), once this is done the phone is still of value to the thief as all the default settings are restored.

At this point I want to mention some of the software security features that are already in S60.3, such as remote lock and lock on SIM change (Menu > Tools > Settings > Security > Phone and SIM > Allow Remote Lock). So if this feature were to be used in in conjunction with Phone Guardian, you would have a cheap security solution with the possibility to do a real remote lock (the native remote lock also locks file system access and stays locked - even if a low level format is performed).

However for Phone Guardian, this is version 1.0 and a good first attempt, so it will be interesting to see what enhancements will come in future versions. More info from Symbian Guru


Permalink |

Comments

What will happen if a thief decides to update a phone software? All internal data will be lost after update including Phone Guard, as I guess. Is it possible to do it anyway while phone is locked?

Posted by: Aquarius | January 6, 2007 11:50 PM

IF the phone is locked using the remote SIM lock, that is, the built in/native Symbian feature, then no, it won't work. When the phone is locked, so is access to the filesystem and so it won't be possible to enable the phone mode to enable the firmware update. If the phone is not locked in this way, then yes it will be possible to flash/format the device as I stated above (see low level format).

Posted by: Neil | January 8, 2007 12:58 PM

PS If like me, it takes multiple attempts to guess the captcha correctly, press F5/refresh this page to get a new code (you will not loose your comment).

Posted by: neil | January 8, 2007 01:00 PM

> IF the phone is locked using the remote SIM lock, that is, the built in/native Symbian feature

Neil, my N73 does not have this built-in feature. As I know this function is available only in Eseries devices.

>it won't be possible to enable the phone mode to enable the firmware update

What about updating the firmware via Phoenix (I've heard it is possible in "dead mode" without the phone being on) and other updaters?

Posted by: Aquarius | January 9, 2007 10:51 AM

You are correct when you state remote lock is not a feature of N Series. And when flashing the device, of course everything is possible.

Posted by: Neil | January 9, 2007 02:04 PM

>I plugged in a USB data cable to my PC and to
>the phone's pop-port and I was still able to
>dump the contents of the phone and memory card

One more weak point of Phone Guardian 1.0 is that the password is stored in the file C:\pguard.dat as a plain text without any encoding. Moreover this file can be deleted even if the application is running (when the phone is not locked yet). After that Phone Guardian asks to enter new password :).
So, waiting for improvements in newer versions.

P.S. Neil, thank you for the answers.

Posted by: Aquarius | January 12, 2007 04:49 PM

Just an imitation of original Guardian antitheft, from symbian-toys
http://www.symbian-toys.com/guardian.aspx
unfortunately not available for 3rd edition.

- Guardian features an advanced shadow copy system; in 90% of cases the program is not deleted after a hard-reset.

Posted by: Anonymous | January 29, 2007 11:30 AM

I think its quite weird that, even though the Symbian S60 3rd edition is all the same code base, there is such fundamental differences in feature set based on the series. I mean additional software would be one thing but I would guess that something low level as remote lock etc. shouldn't be made series specific as it is a security feature that would benefit all phone models.

My 2 cents

Flosse

http://blog.2blocksaway.com

Posted by: flosse | February 24, 2007 01:50 PM

What if phone is switched on without the SIM card?
Can than the thief go into appliation manager and remove the Phone Guardian? If this is possible than there is no security to the phone.
Secondly if you enable lock if SIM changed in phone security it shall not allow any message to be sent in case of sim changes.

Posted by: Ajay | April 18, 2007 11:37 AM

Hi all,

today I read one interesed story abou this thema at this site:

Security CENTRAL Forum

http://www.SCForum.info

Posted by: kid | July 4, 2007 01:34 AM


Post a comment







«Back to previous page