keywordsCartes & Security 2010
The importance of mobile phones at CARTES & IDentification 2010
Date: Thu, 12/09/2010 - 18:28
With 440 million devices expected to be sold in North America, Europe, Asia-Pacific and Latin America in 2014, smartphones will become the mobile phone market's driving force. This strength is due to the enthusiasm of both the general public and business customers for multipurpose devices which also provide solutions for the protection and identification of data
Our phones now have as many uses as a Swiss army knife. This vital device is a payment card or card reader, method of authentication, pay per view TV decoder, mobile office, digital camera or camcorder, etc, thanks to the internet connection facilitated by its SIM card, and increasingly resembles a miniature PC. Obviously, this makes it a target for threats and attacks, and consequently it needs to be protected.
The British research and analysis company, Goode Intelligence, has recently published a study demonstrating that numerous companies which had previously considered personal and professional data stocked on a mobile phone to be relatively secure are no longer of this opinion. 27% of them have implemented secure back-up solutions for data, 47% methods of destroying information should devices be stolen, but 40% now envisage in the short term encoding this data and transactions carried out on their employees' mobile telephones. These systems are in addition to existing solutions defined by GSM standards to encode voice and data. Mobile phones are now the target of attacks and threats only too familiar in the world of the PC and the Internet (viruses, phishing and spyware) and must be protected.
Thousands of weaknesses identified
According to the software engineering firm Smobile Systems, 20% of the 48,000 Android applications available for download today have dangerous, easilyexploited weaknesses. Telephone manufacturers and the traditional PC protection products and systems suppliers (Symantec, EMC, McAfee, F-Secure etc) already offer their own solutions for the various mobile environments. In addition to the high-publicised operational features, the Apple iPhone's latest OS update (v.4) corrects around sixty weaknesses identified in version 3.
A boom is expected in mobile authentication services
Goode Intelligence expects to see a large increase in authentication services based on the use of a mobile phone over the next five years. Turnover for these is expected to be multiplied by 5 to reach $760 million in 2014, when the consultancy expects to see 114 million people using such a service. Companies such as Vasco or Valimo already offer solutions, some of which use SIM card security to generate signatures or OTPs (One Time passwords).
M-commerce and M-banking, the development of multi-application capabilities
Another example of the confidence inspired by mobile phone use: ABI Research predicts that in 2014, 400 million people will use their mobile phones to carry out financial transactions (transfer of funds, payment, accessing online banking services etc). For this type of application, especially P2P (person to person) payments in countries where not everyone has a bank account and where phone numbers are used in place of bank account numbers, SIM cards already play an essential role in the authentication of transactions.
However, security is the sum of many parts. The arrival of local, non-contact payment and the development of pay-per-view TV on mobile phones are difficult to reconcile with the fact that the devices are open to all IT threats. "We can see a strong movement towards the integration of all aspects of mobile security" explains the laboratory manager of a large smartcard manufacturer.
New solutions for improved security
The arrival of new generations of SIM cards, capable of hosting several applications including some which are very sensitive such as distance payment, local payment by NFC and transport has been accompanied by new security requirements which also extend to the telephone itself. Large smartcard manufacturers therefore offer secure operating environments for several mobile phone operating systems, and a large range of products and solutions (SD or micro-SD cards and stickers) to reinforce the security of applications integrated into the phone. All of them (Gemalto, Giesecke & Devrient, Oberthur Technologies and Morpho) also offer TSMs (Trusted Service Managers) to complete their range of OTA (Over-the-Air) solutions.