A new set of security standards to lock down mobile devices has been agreed and will be formally announced next month at the CTIA Wireless show in Los Angeles.
Called the Mobile Security Specification, it is billed as the basis for a new generation of secure phones and mobile devices that will be harder to tamper with and more secure. The standards are backed by Nokia, Samsung and France Telecom, among others.
The specification has been years in development, said Janne Uusilehto, head of Nokia product security and the chairman of the working group developing this technology. "It is a big deal. This is the first time that we have created such common security specifications for all handheld devices," Uusilehto said.
The new specifications are built on work done by the Trusted Computing Group (TCG), an industry association that has already created similar standards for PCs, servers and networks.
The Nokia executive declined to say when his company or others will be producing phones that comply with the new specification, but predicted that manufacturers would soon begin using the technology to lock down basic parts of their devices, such as the operating system.
When these devices do appear, they will make things more difficult for data thieves and mobile virus writers. Down the line, the technology could be used to build electronic wallets into mobile phones.
In general terms, the specification calls on hardware vendors to store protected information in a secure area of the phones called the Mobile Terminal Module (MTM). Similar to the Trusted Platform Module used in PCs, the MTM could be used to ensure that the phone's operating system, applications and data have not been tampered with.
This type of trusted module could also be used by network operators to ensure that the phones on their network can't be used if they are stolen, said Mark Redman, a principal engineer with Freescale Semiconductor who is familiar with the specification. "That is probably one of the biggest concerns that the cell phone operators have at this stage," he said.
Though some companies may be early adopters of the Mobile Security Specification, it could take years before mobile phone users reap any benefits, said Roger Kay, an analyst with Endpoint Technologies who serves as on the TCG's advisory council. "What typically will happen is that there may be some early adopters who start adhering to the specification before it's fully accepted," he said, adding that "just because [the Trusted Computing Group standard] promulgates, it doesn't mean that it's going to be adopted."
Even after years of development, there is still debate about whether trusted modules are the right approach for the PC industry, he said. "The most interesting, most advanced features are going to take years, because everybody has to agree to adhere to the new standard."