Securing Cell Phones

Continued from page 1

Phones with hardware security aren't yet available to consumers, Raghunathan says, but he expects that the first versions of these will appear within the next year or so. One of the driving forces behind hardware security is the Trusted Computing Group, a consortium of technology companies including Intel, Microsoft, IBM, and Hewlett-Packard. One of the organization's goals is to establish hardware-security standards for phones. While secure hardware could provide users with benefits, there is some disagreement regarding who would have access to the hardware. Some groups, including the Electronic Frontier Foundation, argue that with trusted computing, consumers might have less control of their devices than service and content providers do. For instance, content providers might use the platform to create unbreakable digital-rights management software to lock a downloaded song or video onto a device.

Some experts believe that the companies that make mobile phones and software can solve many of the security issues. By incorporating better software practices so that security is integrated from the first day the software is written, companies can do a lot to keep viruses to a minimum. However, because it costs money to make phones more secure, and because it's a feature that isn't readily visible to a consumer (unlike a three-megapixel camera, for example), security is often an afterthought. "The real failing is that the vendors didn't learn the PC lesson and design better operating systems," says Steven Bellovin, a professor of computer science at Columbia University, in New York. "It's not like they weren't warned."

Even so, mobile virus and malicious software attacks have been minimal within the past few years, possibly because the industry is broken up into many different cellular service providers and software and hardware manufacturers, says Richard Ford, a professor of computer science at Florida Institute of Technology, in Melbourne. This means that for a virus to make a large impact in the industry, it would need to be rewritten a number of different times to work on various devices. Unlike the PC world, there is no big cellular target yet, although thanks to the iPhone's initial buzz, it may be developing a bull's-eye. "Hopefully the next year will be quiet," Ford says. "Quiet is good, but I think that sometime in the next three to five years, we're going to see a nasty outbreak."