Results 1 to 7 of 7
Like Tree2Likes
  • 1 Post By GMMan
  • 1 Post By GMMan
  1.    #1  
    The FCC released a customizable smartphone security checker today that gives you the top 10 things you can do to secure your phone's OS. Here's the link:

    http://www.fcc.gov/smartphone-security

    Not surprisingly WebOS is not on the list. I'm thinking that the community should release our own top 10 things that WebOS fans can do to secure their phone. Any takers?
  2. #2  
    Quote Originally Posted by mjensen71 View Post
    The FCC released a customizable smartphone security checker today that gives you the top 10 things you can do to secure your phone's OS. Here's the link:

    http://www.fcc.gov/smartphone-security

    Not surprisingly WebOS is not on the list. I'm thinking that the community should release our own top 10 things that WebOS fans can do to secure their phone. Any takers?
    well currently we have pretty strong security through obscurity.

    I guess turning off Dev Mode is a step.
  3.    #3  
    Great start! Thanks Xandros9. I guess enabling a pin for your start up screen would be another security feature.

    Once we've got a list maybe I'll edit the OP with a top 10 list.
  4. #4  
    Quote Originally Posted by xandros9 View Post
    well currently we have pretty strong security through obscurity.

    I guess turning off Dev Mode is a step.
    Actually it's impossible to make webOS impenetrable as long as there's physical access. Dev Mode can be enabled by booting from installer ramdisk and adding the novacom marker back in. PIN lock can be disabled by removing the file with the encrypted PIN. The PIN itself can be decrypted if the encryption key is known (it involves a constant, and maybe the nduid, which is easily obtainable). webOS CE has the PIN lock algorithm changed into a hash, so at least that's a bit more secure. (The PIN is, if it exists, used by Key Manager to decrypt account credentials.)

    The DB and file cache partitions are encrypted, but they're only somewhat secure if the device itself was not operational.

    So the most physically secure devices would be a TouchPad Go (no public Doctor), and a device running Luna CE (hash instead of reversible encryption). For all other devices, credentials can't be read, but existing data can still be read.
    dignitary likes this.
  5.    #5  
    Wow GMman, I'd heard WebOS wasn't very secure but I didn't realize just how porous it is. What about remote erase if you lose your phone? Can that be easily bypassed or defeated?
  6. #6  
    Quote Originally Posted by mjensen71 View Post
    Wow GMman, I'd heard WebOS wasn't very secure but I didn't realize just how porous it is. What about remote erase if you lose your phone? Can that be easily bypassed or defeated?
    At least on the TouchPad, it uses a service for wipe verification. Supposedly if the service is deleted the device can't wipe. However, the service is only a component, and I haven't looked into the entire system.
    dignitary likes this.
  7. #7  
    Quote Originally Posted by mjensen71 View Post
    Great start! Thanks Xandros9. I guess enabling a pin for your start up screen would be another security feature.

    Once we've got a list maybe I'll edit the OP with a top 10 list.
    Enabling a PIN can be an issue in itself due to a bug that can cause the phone to wipe itself when it gets bumped a few times in the user's pocket. So, tread carefully

Posting Permissions