|
» Subscribe » Favorite Links » Freeware & Trials » S60 devices » Hints and tips » About this blog |
» analysis (1) » news (2) » reviews (2) |
|
» Phone Guardian by Symbian Guru » TARM - Terminal Administration Rights Model |
|
» September 2007 » December 2006 |
|
|
Subscribe RSS 2.0 feed |
Subscribe Atom feed If you wish to receive email notification, please here » |
I was asked to review Phone Guardian from Symbian Guru. This is a neat little security application which contains a couple of nice features. After installing to the phone, the user is required to set a master password and from the applications GUI the user is able to configure the application and set some custom parameters.
These features include:
1. The option to have the guard enabled or disabled
2. To have the phone automatically lock when the SIM is changed, or when an SMS is sent to the device, or both
3. Alarm on or off
4. User configurable lock message (free text field)
5. User configrable phone number where to send SMS's in the case an alarm condition is triggered
6. A configurable autolock period.
So how did I get on? I tested Phone Guardian on a standard Nokia E61 with the latest firmware. The Installation process was straightforward and easy and I set a master password. With regard to the configurable options, I set the guard enabled, the lock mode to activate on SIM change or SMS (both), configured another phone number in the alarm SMS field.
Then the fun part. I switched off the phone, inserted another SIM and rebooted. The normal boot process followed, I entered the SIM PIN the splash screen came and went and the main UI loaded. Then the phone started emitting this horrendously loud alarm noise with the lock code prompt! After a few seconds an SMS arrived on my other SIM.
The information contained within the Alert SMS is of real value since it contains useful information from every different SIM which is inserted into the phone. Information includes the date and time, the SIM ID, the phone IMEI and the CELL ID. The other thing I like about this feature is that a thief/finder of your phone is unlikely to be aware this software is running on your device and so they are probably oblivious to the fact their phone number is about to be sent off over-the-air - and at their expense too!
Areas where I think this software could be improved include the ability to lock access to the filesystem. With a pair of earplugs inserted and the alarm sounding, I plugged in a USB data cable to my PC and to the phone's pop-port and I was still able to dump the contents of the phone and memory card. So the ability to lock the filesystem is clearly a must. I was also able to perform a low level format (3 * and green phone button). Although the data is all wiped (bonus), once this is done the phone is still of value to the thief as all the default settings are restored.
At this point I want to mention some of the software security features that are already in S60.3, such as remote lock and lock on SIM change (Menu > Tools > Settings > Security > Phone and SIM > Allow Remote Lock). So if this feature were to be used in in conjunction with Phone Guardian, you would have a cheap security solution with the possibility to do a real remote lock (the native remote lock also locks file system access and stays locked - even if a low level format is performed).
However for Phone Guardian, this is version 1.0 and a good first attempt, so it will be interesting to see what enhancements will come in future versions. More info from Symbian Guru
I thought I'd write about some of the new security features currently available in E Series phones - Terminal Administration Rights Model or TARM for short. I did a search on the internet and it didn't really yield many useful results so I hope this post will help raise awareness - because for enterprise security administrators, these features are great.
Let's take a typical scenario. You are responsible for security in your organisation and this includes a 5,000 mobile device fleet. Your mobile carrier offers Intellisync Device Manager (or maybe you even have a DM server in-house?) If the phones your employees are carrying are E Series devices then you have a host of great advanced security features at your fingertips.
You can for example enforce client application settings, such as removing the ability for an end user to disable their anti virus settings or removing the ability to uninstall applications.
In the UK, a mobile phone is lost or stolen every three minutes. For businesses, this is a growing concern we are storing more and more corporate data on our phones, and individuals typically posses one phone for both their business and personal life. My two personal favourites are Device Lock and Device Wipe. In the event a device is lost, borrow the nearest phone, call your operator or helpdesk and request your device be locked or if you are absolutely sure, wiped. And thats it. The result? You lost a $500 phone instead of your phone and the corporate roadmaps for the next 6 months or details on an unannounced product. Other interesting controls include Settings Enforcement and Corporate Policy Deployment. These features restrict the users ability to install applications, perform functions or modify the terminal settings in a way which could alter the terminal configuration in a way that might make it noncompliant with your security policy.
For more information on TARM and Device Management, follow this link