CTIA: New specification to lock down mobile phones
A new set of security standards designed to lock down mobile devices has been hammered out and is set to be unveiled at the CTIA Wireless I.T. and Entertainment show being held in Los Angeles next month.
Called the Mobile Security Specification, it is billed as the basis for a new generation of secure phones and mobile devices that will be harder to tamper with and more secure. The standards are backed by companies such as Nokia Corp., Samsung Electronics Co. Ltd., and France Telecom SA.
The specification has been years in development, said Janne Uusilehto, head of Nokia product security and the chairman of the working group developing this technology. "It is a big deal. This is the first time that we have created such common security specifications for all handheld devices," Uusilehto said.
The new specifications are built on work done by the Trusted Computing Group, (TCG) an industry association that has already created similar standards for PCs, servers and networks.
Uusilehto's Mobile Phone Work Group expects to announce the specification on Sept. 13 at the CTIA show, provided that the remaining minor details can be worked out. The specification will be published here.
The Nokia executive declined to say when his company or others will be producing phones that comply with the new specification, but he predicted that manufacturers would soon begin using the technology to lock down basic parts of their devices, such as the operating system.
When these devices appear, they will make things more difficult for data thieves and mobile virus writers. Down the line, the technology could be used to build electronic wallets into mobile phones.
In general terms, the specification calls on hardware vendors to store protected information in a secure area of the phones called the Mobile Terminal Module (MTM). Similar to the Trusted Platform Module used in PCs, the MTM could be used to ensure that the phone's operating system, applications and data have not been tampered with.
This type of trusted module could also be used by network operators to ensure that the phones on their network can't be used if they are stolen, said Mark Redman, a principal engineer with Freescale Semiconductor Inc. who is familiar with the specification. "That is probably one of the biggest concerns that the cell phone operators have at this stage," he said.
Though some companies may be early adopters of the Mobile Security Specification, it could take years before cell phone users reap any benefits, said Roger Kay, an analyst with Endpoint Technologies Associates who serves as on the TCG's advisory council. "What typically will happen is that there may be some early adopters who start adhering to the specification before it's fully accepted," he said, adding that "just because [the Trusted Computing Group standard] promulgates, it doesn't mean that it's going to be adopted."
Even after years of development, there is still debate about whether trusted modules are the right approach for the PC industry, he said. "The most interesting, most advanced features are going to take years, because everybody has to agree to adhere to the new standard."
IDG News Service
Build your tech library with our book giveaways.
Windows PowerShell 2.0 Unleashed
By Tyson Kopczynski, Pete Handley, Marco Shaw; Published by Sams
Windows PowerShell Unleashed will not only give you deep mastery over PowerShell but also a greater understanding of the features being introduced in PowerShell 2.0–and show you how to use it to solve your challenges in your production environment. Enter now!
Ubuntu Server Administration
By Michael Jang; Published by McGraw-Hill Osborne Media
Realize a dynamic, stable, and secure Ubuntu Server environment with expert guidance, tips, and techniques from a Linux professional. Ubuntu Server Administration covers every facet of system management -- from users and file systems to performance tuning and troubleshooting. Enter now!
