September 27, 2005 4:00 AM PDT

New security proposed for do-it-all phones

As mobile phones become digital do-it-alls, handsets need better protection from hackers and from unauthorized access when they're lost or stolen, says an industry group proposing new, hardware-based security standards for the devices.

The Trusted Computing Group (TCG)--backed by big names like Nokia, Motorola, Intel, Samsung, VeriSign and Vodafone--plans to unveil its plan Tuesday at a conference sponsored by the Cellular Telecommunications & Internet Association. The TCG has already developed similar specifications for PCs and servers.

In addition to voice calls, cell phones are increasingly used for taking pictures, keeping a calendar and sending text messages and e-mail. In the future they could replace wallets, say industry pundits, with consumers whipping out a specially equipped phone instead of a credit card to pay for a purchase. That would make securing the gadgets even more important.

Locking up cell phones

The Trusted Computing Group provides 10 examples of what its plan for hardware-based security could enable in mobile phones.

1. Platform integrity to ensure the hardware and software are in a state intended by the manufacturer.

2. Device authentication to protect and store identities of users and bind the device to the appropriate user.

3. Digital rights management to protect content on the phone.

4. SIMlock/device personalization to ensure a device is locked to its network and can't be easily stolen.

5. Secure software download to enable the safe download of updates, patches and other software.

6. Secure channel between different parts of the phone to prevent tampering by malicious software.

7. Mobile ticketing to enable the secure download of tickets and manage them.

8. Mobile payment to enable the secure execution of payments.

9. Software use to ensure software is safe, and if not, that it can be removed, replaced or not executed.

10. User data protection to allow users to prevent their information from being accessed or viewed by unauthorized people and to give users access to services or data that might not require personal information.

Source: Trusted Computing Group.

"Without proper security, mobile phones may become a target for hackers and malicious software," said Janne Uusilehto, senior technology manager at Nokia and chairman of the TCG's Mobile Phone Working Group. "The benefit of hardware-based security is that users can rely on their phone and (know) that private data is protected."

The proposed standard doesn't just protect user data. The security hardware also enables copyright protection, according to the TCG, a feature demanded by the entertainment industry. This so-called digital rights management technology could mean access to more exclusive content on cell phones, but it could also limit the content that will play on devices.

Additionally, says the TCG, cell phone operators could use the technology to get more control over the devices they sell. Operators would get a better way to lock devices to their networks and tighten control over which services and software can run on the gadgets. But user-rights advocates complain that such things limit consumers' choice and freedom.

The TCG's plans call for mobile handset hardware to support features similar to those of the Trusted Platform Module. The TPM is a security chip designed for PCs and servers that enables a variety of security features, including authentication, protected storage and secure e-mail. The TPM technology will need to be adapted because mobile phones are much smaller than PCs.

At the CTIA wireless event, the TCG will introduce its plans by sharing "use cases" for hardware-based security in cell phones. The group

CONTINUED:
Page 1 | 2 | 3

6 comments

Join the conversation!
Add your comment
Cell Phones-Virus'-and Hackers
There is a serious need to enable this type of secure technology for mobile devices like cell phones, pda's, and media managers.

I personally own a N-Gage QD and have used it extensively for almost a year now. Being a web developer I use the N-Gage QD to manage and run web applications from my cell phone.

I also manage all of my contacts, calenders, emails (yes, real email). Just about anything a real computer can do at my office, I can do with my phone.

Some might say, "How is this possible"?

For the non-geeks reading this that don't know about the Symbian Operating System (<a class="jive-link-external" href="http://www.symbian.com" target="_newWindow">http://www.symbian.com</a> ) you can cut and paste the fore-link and go check them out.

The rest of us geeks know that the Symbian OS is just that, an Operating System. Like a Mini Windows if you will, with the ability to cover over 90% of the same functions as a regular desktop computer, or laptop.

So if you can imagine, if this phone runs a full blown operating system, and I give you code and tools to create software for it. What do you think the end result will be?

I know for a fact the end result bear's that of a Window's Machine. It's only a matter of time. Time that it takes to learn about the code and how to manipulate it. As programmers and developers learn the code, they also learn the flaws.

Although we in the tech community would like to think that all geeks are do-gooders, this is far from the truth.

Hacker's, Virus writers, and Spyware vendors all create programs to gain profit. In the act of gaining this profit there is generally un-repairable damages that come as an effect of the actions portrayed by this kind of geek.

I can't guarentee that there isn't a virus on my N-Gage QD (<a class="jive-link-external" href="http://www.networkworld.com/news/2005/0407antivcompa.html" target="_newWindow">http://www.networkworld.com/news/2005/0407antivcompa.html</a>). Series 60 OS is what the N-Gage and N-Gage QD run for Operating Systems.

The article link above will back the need to keep certain technlogical advance's in the protected, private, sector of technology.

If we don't do something about our mobile technology we are sure to suffer the same fate as Microsoft and Windows.

~Justin
Posted by OneWithTech (196 comments )
Reply Link Flag
Cell Phones-Virus'-and Hackers
There is a serious need to enable this type of secure technology for mobile devices like cell phones, pda's, and media managers.

I personally own a N-Gage QD and have used it extensively for almost a year now. Being a web developer I use the N-Gage QD to manage and run web applications from my cell phone.

I also manage all of my contacts, calenders, emails (yes, real email). Just about anything a real computer can do at my office, I can do with my phone.

Some might say, "How is this possible"?

For the non-geeks reading this that don't know about the Symbian Operating System (<a class="jive-link-external" href="http://www.symbian.com" target="_newWindow">http://www.symbian.com</a> ) you can cut and paste the fore-link and go check them out.

The rest of us geeks know that the Symbian OS is just that, an Operating System. Like a Mini Windows if you will, with the ability to cover over 90% of the same functions as a regular desktop computer, or laptop.

So if you can imagine, if this phone runs a full blown operating system, and I give you code and tools to create software for it. What do you think the end result will be?

I know for a fact the end result bear's that of a Window's Machine. It's only a matter of time. Time that it takes to learn about the code and how to manipulate it. As programmers and developers learn the code, they also learn the flaws.

Although we in the tech community would like to think that all geeks are do-gooders, this is far from the truth.

Hacker's, Virus writers, and Spyware vendors all create programs to gain profit. In the act of gaining this profit there is generally un-repairable damages that come as an effect of the actions portrayed by this kind of geek.

I can't guarentee that there isn't a virus on my N-Gage QD (<a class="jive-link-external" href="http://www.networkworld.com/news/2005/0407antivcompa.html" target="_newWindow">http://www.networkworld.com/news/2005/0407antivcompa.html</a>). Series 60 OS is what the N-Gage and N-Gage QD run for Operating Systems.

The article link above will back the need to keep certain technlogical advance's in the protected, private, sector of technology.

If we don't do something about our mobile technology we are sure to suffer the same fate as Microsoft and Windows.

~Justin
Posted by OneWithTech (196 comments )
Reply Link Flag
All devices...
... that enable connectivity to and from other devices (including web servers, servers, PCs, etc.) should have security features.

Meanwhile, Windows is getting into Palm devices. So this news is timely...

:D
Peace.
Posted by Mendz (519 comments )
Reply Link Flag
All devices...
... that enable connectivity to and from other devices (including web servers, servers, PCs, etc.) should have security features.

Meanwhile, Windows is getting into Palm devices. So this news is timely...

:D
Peace.
Posted by Mendz (519 comments )
Reply Link Flag
"Trusted Computing" is about one thing, and it sure ISNT "security".
This is really about corporate-control, eliminating consumer-choice, and imposing DRM... period. Anyone who thinks differently, really should spend a few days reading about the "Trusted Computing Alliance". This "standard", is little more than a corporate wish-list of hard-DRM, and absolute control of all computing-devices, not by the devices-owner, but by the manufacturer, and other "corporate-interests, AFTER a sale.

I am so tired of this BOLD-FACED CHARADE. And, I am SICK of where computer-owners are currently being led by these LIES.
Posted by Gayle Edwards (262 comments )
Reply Link Flag
"Trusted Computing" is about one thing, and it sure ISNT "security".
This is really about corporate-control, eliminating consumer-choice, and imposing DRM... period. Anyone who thinks differently, really should spend a few days reading about the "Trusted Computing Alliance". This "standard", is little more than a corporate wish-list of hard-DRM, and absolute control of all computing-devices, not by the devices-owner, but by the manufacturer, and other "corporate-interests, AFTER a sale.

I am so tired of this BOLD-FACED CHARADE. And, I am SICK of where computer-owners are currently being led by these LIES.
Posted by Gayle Edwards (262 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.