Let's Keep It Confidential
The smarter cell phones get, the easier it will be to attack them
By CHRISTINE WHITEHOUSE
 |
Ingram Pinn for TIME
| Back in June, virus hunters found themselves confronted with what may have been the first attempt to infect mobile phones. Somebody calling himself Timofónica — timo is Spanish for prank — sent an SMS (Short Messaging Service) message to a small number of subscribers to Spanish giant Telefónica's mobile phone network telling them that the company was ripping them off. Timofónica was relatively benign: mobile phones can't run executable programs yet, so the virus couldn't replicate itself. But doomsday prophets lost no time in warning wireless users that they are likely to be prime targets for the next generation of online troublemakers.
Today's cell phones may be reasonably safe but tomorrow's smarter phones will be more vulnerable. In the not-too-distant future your phone may be used as everything from an electronic wallet to a digital ID to a terminal for a reservation system. The more powerful and versatile a phone becomes, the less secure it will be. And the sheer number of people who will be using mobile devices — 530 million by 2001, according to The Strategis Group — means the potential to create havoc, for thrills or financial gain, will be enormous.
Finnish software company F-Secure, one of the first to be alerted to Timofónica, devised an antivirus program to combat it within hours. The firm is taking a proactive approach to securing mobile devices against hackers and viruses. Last month, F-Secure announced the development of the world's first antivirus products for mobile phones and pdas. Using mobile scanner technology, F-Secure researchers are able to analyze and "disinfect" viruses as soon as they are detected. Antivirus updates will be sent to users through the airwaves the instant they become available.
But more troublesome is the question of ensuring that transactions made over mobile phones cannot be intercepted — security is a prerequisite if mobile commerce is to take off. Although gsm phones require pin codes and built-in protocols for activation, fully-fledged wireless commerce requires a higher level of certainty. Many European companies that specialize in developing secure solutions for mobile devices are well placed to cash in on the demand. Finland's Sonera SmartTrust, Germany's Brokat and Ireland's Baltimore Technologies are leaders in the development of a technology known as public key infrastructure (PKI), which uses strong encryption to guarantee confidentiality and digital signatures to ensure authenticity. This form of encryption relies on a public key and a private key for a transaction to be completed. The private key identifies the consumer wanting to buy, say, a book from an Internet retailer, while the public key holds the identity of a business like Amazon.com. The private key can also be used to create and verify a digital signature, which is as legally binding as a pen-and-ink one.
Companies like Sonera SmartTrust have a head start on their American competitors for the burgeoning mobile security market because they have an understanding of the wireless market and its technical complexity. U.S.-based firms like VeriSign and Entrust have until now focused on providing fixed line security. And because of that early lead, "everyone else will be playing catchup for some time," says Tim Sheedy, senior mobile analyst at International Data Corporation (IDC). But Ross MacMillan, software analyst at Morgan Stanley Dean Witter in London, thinks that the market will remain in flux in the absence of an agreement on an open standard that works and is user-friendly. "All sorts of ideas are being played with, from embedded security to over-the-air service delivery," he says. Mobile operators would prefer that security be in the network, while handset manufacturers are looking at integrating the technology into terminals. Various alliances have sprung up between the major players to try to accelerate what IDC's Sheedy thinks will be "a long, slow process."
A big challenge lies in overcoming the technical obstacles peculiar to the wireless world — a handset's limited memory and restrictions on the amount of data which can be transferred. But the biggest challenge will be to make the system user-friendly. "We have to balance security and ease of use," says Guy Singh, a product manager at Baltimore Technologies. "A customer isn't going to spend half an hour [booking] cinema tickets online. He'll call instead."
Analysts say it will be 2003 before transactions can be made in a relatively secure way. Until then, forget about troublemakers like Timofónica. With more mobile phones than cars being stolen in some European cities, right now you're more likely to be the victim of a "phonejacker" than a hacker.
TIME Digital table of contents
TIME Europe home
More stories from TIME Europe and related links
E-mail us at mail@timeatlantic.com
|
|
|
