|Home | Out Now | Coming Soon | Advertise | WAP | Search | Blog
Firefox OS: will it be safe?
4th July 2012
Mozilla recently revealed manufacturer support for their new Firefox OS, with ZTE and TCL / Alcatel announcing that they will make handsets available for the platform in 2013.
But what exactly is the Firefox OS? At its heart it runs on a version of Linux, just like Android and very similar to Apple iOS which (like Linux) is derived from Unix. Joining them in the Unix/Linux based OS world are Maemo, Moblin, LiMo, MeeGo, Tizen and Bada. So clearly, this platform seems to be a good one to run mobile devices on.
Piled on top of Linux are various layers including Gonk (which supports the software/hardware interface layer), Gecko (which is the main software layer) and Gaia (which is the pretty bit that runs on top). This is a pretty standard arrangement familiar to computer scientists everywhere.
What makes the Firefox OS a little different is that the operating system is designed to let web-based applications to directly access all the features of the phone - in Mozilla's own words:
The Firefox OS for mobile devices is built on Mozilla’s “Boot to Gecko project” which unlocks many of the current limitations of web development on mobile, allowing HTML5 applications to access the underlying capabilities of a phone, previously only available to native applications. Telefónica’s Digital unit joined forces with Mozilla earlier this year to take this work and showcase a new phone architecture where every phone feature (calling, messaging, games, etc.) is an HTML5 application.
This is all very cool, because potentially these HTML5 applications can do far more than a web application could do on another phone, and it largely removes the need for downloadable applications completely.
But here's the problem - there's a reason why rival vendors aren't doing this already, and that reason is security. The modern approach to browser and operating system design is to "sandbox" the browser as much as possible from the operating system to protect it from malicious web-based code. At any one time there are thousands of infected legitimate websites online, waiting for unsuspecting visitors.
Now, the folks at Mozilla have probably thought of this and they've implement this and that to try to stop it happening. But history shows us that this is very difficult to do. Microsoft's ActiveX platform and Oracle's Java environment were both designed to extend the capabilities of web browsers, but they both introduced huge security holes that are now regularly exploited by the bad guys. ActiveX died a death when Internet Explorer started to lose market share to the Firefox and Chrome browsers, and Java is so fundamentally broken that the opinion of many IT security experts is that you should simply get rid of it.
Smartphones are being increasingly targeted by hackers and criminal elements because they are essentially fully featured pocket computers that can be used for almost everything that a laptop or desktop computer can do. Do you do your banking or shopping on a smartphone? Then you could be at risk. Hackers can access your email and social networking sites to spam junk email to your friends and family. And because smartphones are usually always connected to the internet via 3G or WiFi then they could even be used to host illegal material or attack other computers.
Right at the moment smartphone only have a limited risk of infection from this sort of attack, but increasingly internet usage is moving to smartphones and tablets and away from traditional PCs. Increasingly there are rich pickings for the bad guys, and perhaps Mozilla's Firefox OS might just make it too easy for them to get their way.
|Home | About Us | Links
Copyright (c) 2014 - Unauthorised copying is prohibited by law.
Use of this site means that you agree to our privacy
and cookie policies.