so here is the output of nmap to my n800 on a local network.

debsilver:/home/epilido# nmap -v -sS 192.168.1.115

Starting Nmap 4.68 ( http://nmap.org ) at 2009-09-07 18:04 EDT
Initiating ARP Ping Scan at 18:04
Scanning 192.168.1.115 [1 port]
Completed ARP Ping Scan at 18:04, 0.13s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 18:04
Completed Parallel DNS resolution of 1 host. at 18:04, 0.01s elapsed
Initiating SYN Stealth Scan at 18:04
Scanning Nokia-N8xxxxxxx (192.168.1.115) [1715 ports]
Discovered open port 22/tcp on 192.168.1.115
Completed SYN Stealth Scan at 18:05, 3.94s elapsed (1715 total ports)
Host Nokia-N8xxxxxxx (192.168.1.115) appears to be up ... good.
Interesting ports on Nokia-N8xxxxxxx (192.168.1.115):
Not shown: 1714 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:19:4Fxxxxxxxx (Nokia Danmark A/S)

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.526 seconds
Raw packets sent: 1727 (75.984KB) | Rcvd: 1719 (79.070KB)


I installed ssh. This is by no means an indepth test but i do not find a bunch of open ports.....

The n800 was up and surfing google at the time
Epi

Why on earth would an internet tablet (or a pure desktop machine for that matter) have any open ports or any services listening on such ports?!?!

first and foremost, only "server" packages open ports and listen. "client" apps make outbound connections. if you install a server package, and start it, it will listen on the port that package is configured to listen on.

simply because a port is open and an agent is listening does not mean the device is insecure. your alarmist stance is not necessary. not every service is vulnerable to the myriad of issues that other OSes face.

moreover, i believe the iptables firewall is installed, and unless iptables is configured to allow a connection to the server that is listening on any given port, the connection will be rejected/denied based on the iptables policy.

remember, security is based on making the effort/risk cost more than the reward.

IMO, it is easier to "hack" the Palm Pre or the old iPhone (both had/have browser or email exploits) than the internet tablets. Yeah, if you go and stop iptables and change the root password to rootme or something, it might get hacked, but out of the box it is pretty locked down from the outside. If you have physical access to the machine, at least with the n810, its very simple to get root access.

Again, why iptables (iptables is much more than a firewall, but i'll treat it like one for the sake of this thread)?

There are no open ports!

This would be like trying to put a rock inside a safe (poor analogy ).

And, if I remember correctly, iptables is installed but not configured by default.

This only scans a subset of TCP ports, for a more complete scan you should add "-p1-65535", and repeat for UDP ("-sU"). Alternatively you can use netstat on the device, if you trust that it hasn't already been compromised and a rootkit installed ;-)

On mine it currently says:

• 53/UDP & 53/TCP are dnsmasq and nothing to worry about since it only listens on loopback.
• 22/TCP is openssh which of course isn't present in the default install.
• 1900/UDP is the UPnP Simple Service Discovery Protocol (SSDP).
• 7275/UDP is opened by /usr/sbin/supllistenerd.
• 39500/TCP is an XMPP account.
• 39400/UDP is a SIP account.

From the above list, the scariest one is 7275, since supllistenerd runs as root and it's a closed source component so can't be audited independently. Note that it's not in the default Diablo installation either though (comes from agps-ui).

There's two questions here:

One is what might be called the "default security level"; for the average consumer, there'll be no root access, no open ports etc. (as far as I know).

The other thing is security on a broader, conceptual level given that this device is also a phone. I can have root access. I can have all sorts of services running and open all ports. I can install software from sources the community here doesn't even know about.
While all of this is my responsibility (and therefore my problem) as far as my own device is concerned, it may cause troubles once some malware interacts with the cellular part.

So: Is there any special security built around the cellular part of the device? Or would it be accessible like anything else and could I, say, run a cron job that calls all of my contacts at 3:40am?

No UAC?!?
C'mon... Nothing like "The phone wants your permission to get HangLoose's call. To continue type the administrator password."

Tsk, maaan... half the fun is OVER.

Heh, "Windows has detected a left mouse click, click OK to continue."

It would be funny if it would not be so sad :P