I was interested in getting some rough numbers on publicly disclosed vulnerabilities in Symbian and Windows CE/Mobile platforms and applications. I cannot say with any degree of confidence that what I present below is reflective, simply due to the fact that different bugs get categorized under different vendors, platforms, or keywords. What I can document is the method I used to arrive at the below numbers. I used cve.mitre.org and did the following:
• searched by vendor, platform for Windows Mobile & Windows CE• searched for keyword MMS picking out those relevant• searched for keyword SMS picking out those relevant• searched for keyword Symbian• searched for keyword Nokia picking out those relevant
So the summary is that there are 16 for Windows CE/Mobile and six for Symbian. I guess this demonstrates people are finding vulnerabilities in these two platforms. If we take out the third party applications on Windows CE/Mobile (i.e. those outside of core functionality) we get nine, versus Symbian’s six. Once we do this the numbers are pretty close.
Below are all the CVE’s I found – make of it what you will. As I said the method I used to come up with these numbers isn’t the most sound, but at least hopefully it is indicative. What it also shows us is that Bluetooth was the biggest nightmare to-date for handset manufacturers. We can also see that there seems to be an increasing number of bugs in recent years.
Hopefully this upward trend and the range of software components vulnerabilities are being found in will make everyone more aware of the need for security in this space before it’s too late.Windows CE/Mobile
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5493 - SMShttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5460 - ActiveSynchttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3445 - 3rd Party VoIPhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3362 - 3rd Party VoIPhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3351 - 3rd Party VoIPhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2883 - 3rd Party Securityhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0878 - Browserhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0685 - Browserhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0674 - JPG Parsinghttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0111 - 3rd Party Image Processinghttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6908 - 3rd Party Bluetoothhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6902 - Bluetoothhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4614 - 3rd Party Securityhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4132 - MMShttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4131 - MMShttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2001-0162 - Networking
Symbian
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0523 - Bluetoothhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0521 - Bluetoothhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4464 - Browserhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0797 - Bluetoothhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-1809 - Bluetoothhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0681 - Bluetooth