« UPDATE: Nokia N97 US pre-order is a bargain! | Main | Nokia N71 Themes: The Eyes Have It »

May 12, 2009

Mobile Illusions, article 1: Phone security

by snoyt

This is article 1 of a short series about mobile illusions.

For many of us a mobile phone has become a very personal device with modern phones having extended communication and media features. They take pictures, video's, send and receive e-mail, sms. There is support for IM, geo-tagging and grand access to your social internet network via Twitter, Facebook, Hyves, YouTube etc. Image loosing such a phone either by theft or forgetfulness. Image it falling into the wrong hands.

A private phone

Your phone contains a full register of all your friends addresses and phone numbers and your intimate SMS's, e-mails, IM logs twits and personal notes. Not to mention buddytracking on google maps and similar? The satnav in YOUR phone can guide any thief quickly and easily to their houses while they are not there. Not to mention stalking, pestering and or simply 'fungames' from social misfits. It often has location-tagged photo's, saying where and when they were taken. Showing exactly where there there are expensive things to nick. None of this information is protected or encrypted on nearly any phones.

A secure PC

There exists a responsibility to keep personal information of your friends and family safe. Which is a reason my laptop and PC run full-disc encryption at home. You can steal my hardware, but that damage is insured. Sure, high-tech hackers may break through my firewall(s) and hack into my PC's. But it takes skill and more effort (read: cash and time) than it is worth to them. Besides my financial administration is runs from a junk free dedicated OS installed on a secure usb-stick. My PC is powered-off and boots directly from the usb-stick. Fat chance that it is hacked during those few minutes a week it is online for bank transactions and I install no unsigned software from unknown sources.

A secure Phone?

But what about my mobile phone? Hardly any of the big phone manufactures makes any noise about security as a feature. Silently, Nokia's latest market E-series introductions (E71, E75, E55 i.e.) now offer standard out-of-the-box support for device locking, remote device locking (also via SMS) and device and memory card encryption. This might even become more important with the introductions of financial transactions technology like NFC. More and more possibilities are introduced to make payments via your mobile phone. Already virusses have been found that send SMS or calls to make some cash of your phone. Luckily little success has been booked so far with these schemes and for now it seems safe. Still Symbian security has already been broken. So it seems only a matter of time until the s^$%t hits the fan. Your smartphone is a MIMD (mobile internet & media device) and as such is often fed all kinds of nasty web pages, scripts and media and software from an unknown origin. Should you really install software from an unknown source (even if signed) on a device meant to store private data and that can do financial transactions?

With mobiles getting pocket computer aspirations, so should mobile security get beefed up. Think about secure and reliable encryption of private data. The ability to run insecure and unsigned software and games in a sandbox, separated en shielded from the part that does the private and financial things. 

Security options

With the increasing technological options to make payments and money transactions via a mobile phone this becomes more and more essential. Some of these issues have been addressed by some features of some mobile phone manufacturers and some mobile OS manufacturers. Software signing and security certificates already exist, though memory encryption as a default option exists only for a few phones. 3rd party developper options exist but hardly useful or accessible for an average Joe intending personal use. Only Java seems to have a some security model for selecting access to different phone data and functions(phonebook, internet, sms, calling etc.).

Phone and future

Most mobile phone related manufacturers simply consider security an issue of "If we don't mention it, it does not exist". In other words, play dumb. This sadly never works. Security is a big issue, and it should be resolved now by the large manufacturers and Mobile OS designers (Symbian.org, Windows Mobile, Android). They should be scoring points from us now instead of loosing them later on. Apple streamlined the graphic user interface putting touch on the consumers map.Time to streamline security features I should say.

Nokia is already taking a step in the right direction but sadly not far enough and only for some devices. Why design a N97 to be the ultimate social connector and then forget about privacy? How important is touchscreen,  and 5 instead of 3.2 MPixels photos compared to reliability and security. How much value do you put on the knowledge that after your phone is lost or stolen the house will not be ransacked while you have an appointment with the dentist or find your kids pictures back on some crazies website.

Think about it the next time you shop for a new phone!


TrackBack URL for this entry:

Listed below are links to weblogs that reference Mobile Illusions, article 1: Phone security:



[commercial ref. deleted by editor] Personally, I find the built-in encryption on the E71 to significantly slow things down, particularly with some operations in some applications.
Snoyt here: Software encryption will certainly take more battery-power/time. Proper hardware encryption support should solve time issues and can reduce the cost in extra battery-power.

The comments to this entry are closed.


Editors Corner


Media Partners



Copyright © 2004-2021 Darla Mack "Darla Mack", "Mobile Diva" ™ Darlene McNeill
Design by Paul Mather @ mmcforums.net | Powered by Typepad