Google is shaping Gmail into the ultimate communications hub. Today, the company announced that United States users will be able to make and receive calls within Gmail, providing they install the company's voice and video plug-in.

Users could already call and video chat with other Gmail users, but the new features allow them to call landlines and cellphones. Google says that calls to phones within the U.S. and Canada will be free for at least the rest of the year, and calls to many other countries will cost 2 cents a minute.

Google writes:

We've been testing this feature internally and have found it to be useful in a lot of situations, ranging from making a quick call to a restaurant to placing a call when you're in an area with bad reception.

Google previously made a foray in Gmail-to-phone communication with an experimental feature that allowed users to send text messages to phones. It was a smooth, impressive step toward blurring the lines between the different forms of communication that people use on a daily basis. However, abuse of the system (including an iPhone app that piggybacked on it in order to provide users with free text messages) pushed Google to limit its functionality.

By adding the ability to call phones, Google is pushing to set Gmail apart from other webmail services, and it probably means other communications systems will be centralized within that interface.

As cell phones become more like pocket computers, many people are calling for closer scrutiny of their security. Such people usually point out that today's phones are a lot like the desktop PCs of the mid-1990s. Attackers can apply a huge body of experience from attacking desktop machines when looking for a way into mobile devices.

However, some experts argue that mobile phones are actually simple enough to be vulnerable to attacks originally designed for embedded systems.

"The phone is a very stripped-down environment," says Benjamin Jun, vice president of technology at Cryptography Research, a security research company based in San Francisco, CA. "Which means that someone who's trying to attack the device generally has an easier time, because it's not as complicated as a desktop system."

To demonstrate this, Cryptography Research adapted a smartcard attack for use against today's smartphones.

About a decade ago, the company found that a technique called differential power analysis would allow an attacker to extract the cryptographic keys from a smartcard by analyzing its patterns of power consumption. As it turns out, Jun says, the same type of analysis will reveal the cryptographic keys that a phone uses to access a carrier's network or to secure data stored on the device. In contrast, such an attack would be hard to pull off on a more complicated device, simply because a laptop, for example, would run more programs at the same time and produce a lot more noise.

The smartcard attack called for the attacker to be in possession of the object, but, in adapting it for smartphones, the researchers found a way to do the same types of calculations based on leaked electromagnetic signals picked up with an antenna.

Jun believes attacks on mobile devices are particularly serious because these devices are being used to access high-value corporate data.

But the bad news has a flip side. Jun notes that, just as attackers have experience exploiting vulnerabilities on embedded systems, manufacturers have experience developing countermeasures. Because embedded systems have even more limited memory and processing power than today's mobile devices, he thinks these countermeasures would be relatively easy to translate to smartphones.

"The main question is whether protections can be done entirely in software or not," Jun says. Entirely software-based solutions would be cheapest to roll out, he notes. Hardware countermeasures, however, are readily available and have already been shipped in millions of smartcards.

Mobile phones are quickly becoming the de facto communication device for most Americans. I suspect this is true for two reasons: tens of millions of handheld devices are shipped every year, and my 64-year-old father now sends me text messages to make sure I'm okay.

So it's of no small import, according to this article in PC Magazine, that the Register of Copyrights announced last week that it is legal for mobile users to create software that enables cell phones to jump from one wireless network to another.

What does that mean, exactly? It means that your phone, which is typically tied to a specific service, can now be used with different networks if you decide to leave your carrier.

Prior to this ruling, the act of taking a phone with you after switching carriers was considered an infringement of the old carrier's property rights. Consequently, customers were often forced to either return or throw away their old phones--that, or pay exorbitant fees to get a new phone along with their new plan.

Of course, the mobile providers have dusted off the age-old argument that limiting consumer choice means that their networks will inherently be more trustworthy. Fortunately, the government agencies in charge of oversight have finally caught on.

From the PC Magazine article:

The carriers argue that activating un-approved phones--even if they're the exact same models they sell, like a Sprint RAZR on Verizon--will somehow damage their networks, or give a less-than-adequate experience. The first argument is the same nonsense AT&T used in the mid-20th century to force people to rent landline phones, and it's just as empty.

This ruling is made all the more important by this particular fact: mobile phones are now gateways to Internet-based calling, which means the always-on connection allows text messages, Web surfing, e-mail, and local, long-distance, and international calls that cost a few pennies. That's a radical change from traditional phone service.

The "open" movement is a great first step for consumers, but we haven't quite gone all the way. Anybody who has satellite cable and its accompanying DVR service will understand why that is important. For example: you have DirecTV and decide to purchase the company's digital video recorder because with rebates, you only pay the monthly service fee. However, two years later, Comcast comes to your town. You decide to switch from cable service providers. The problem: your DVR box doesn't work with Comcast, so now you have to rent another box, even though you have a perfectly good DVR sitting in your home.

In other words, the Register of Copyrights took a great first step in limiting the role of the Digital Millennium Copyright Act (DMCA)--the law that originally prevented consumers from upgrading their own mobile phones. Now the agency needs to take the next step: freeing all of our hardware.