We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Lock down your mobile phone

Security standards to offer better protection

A set of security standards designed to lock down mobile devices has been hammered out and is set to be unveiled at the CTIA Wireless IT and Entertainment show in Los Angeles next month.

Called the Mobile Security Specification, it is billed as the basis for a new generation of secure phones and mobile devices that will be harder to tamper with and more secure. The standards' backers include Nokia, Samsung and France Telecom.

The specification has been years in development, said Janne Uusilehto, head of Nokia product security and the chairman of the working group developing this technology. "It is a big deal. This is the first time that we have created such common security specifications for all handheld devices," Uusilehto said.

The specifications are built on work done by the TCG (Trusted Computing Group), an industry association that has already created similar standards for PCs, servers and networks.

Uusilehto's Mobile Phone Work Group expects to announce the specification on 13 September at the CTIA show, provided that the remaining minor details can be worked out. The specification will be published here.

The Nokia executive declined to say when his company or others will be producing phones that comply with the new specification, but he predicted that manufacturers would soon begin using the technology to lock down basic parts of their devices, such as the OS (operating system).

When these devices appear, they will make things more difficult for data thieves and mobile virus writers. Down the line, the technology could be used to build electronic wallets into mobile phones.

In general terms, the specification calls on hardware vendors to store protected information in a secure area of the phones called the MTM (Mobile Terminal Module). Similar to the Trusted Platform Module used in PCs, the MTM could be used to ensure that the phone's OS, applications and data have not been tampered with.

This type of trusted module could also be used by network operators to ensure that the phones on their network can't be used if they are stolen, said Mark Redman, a principal engineer with Freescale Semiconductor who is familiar with the specification. "That is probably one of the biggest concerns that the mobile phone operators have at this stage," he said.

Though some companies may be early adopters of the Mobile Security Specification, it could take years before users reap any benefits, said Roger Kay, an analyst with Endpoint Technologies Associates who serves as on the TCG's advisory council. "What typically will happen is that there may be some early adopters who start adhering to the specification before it's fully accepted," he said. "Just because [the TCG standard] promulgates, it doesn't mean that it's going to be adopted."

Even after years of development, there is still debate about whether trusted modules are the right approach for the PC industry, he said. "The most interesting, most advanced features are going to take years, because everybody has to agree to adhere to the new standard."


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite