First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
Security pro: Time to rethink mobile device protocols
- — 21 November, 2007 10:02
Open source mobile broadband is doomed unless carriers, software developers and device manufacturers are willing to completely rethink how they secure mobile data, Mocana CEO Adrian Turner says.
Turner, whose company Mocana specializes in providing security to wired and wireless devices for companies such as Cisco, Dell and Siemens, says the type of antivirus software typically installed onto PCs will not work on mobile broadband devices, because it will hinder performance and greatly shorten battery life. While many network providers think they can detect malware through packet sniffing -- that is, decrypting packets, scanning them for malware and then re-encrypting them -- Turner says that this process can create latency problems.
"As we move toward this world of more open IP-based services, the security challenges will become enormous," he says. "If these things aren't solved the right way, initiatives like Android will fall flat because people will lose confidence in the platform to keep their data safe."
In Turner's mind, securing mobile broadband devices will require widespread collaboration among software developers, carriers and device manufacturers. Among the security measures that Turner thinks will be most important are patch management and certificates that will meld device identification with user identification.
Additionally, Turner says that his company is working on a method to detect malware that won't have the same crippling effects on battery life that most antivirus software has. Instead of manually scanning for malware in handsets, Turner says that the most efficient way to keep mobile devices free from unwanted software is to monitor the devices' applications themselves to ensure that they're running as they're specifically designed to run.
"Imagine a scenario where you've got an electronic wallet, and it's designed not to transmit personal information over a Bluetooth interface," he explains. "Once some malware has been introduced to the system to try to extract data over that personal interface, you'll be alerted that the software on that device isn't behaving exactly as it's intended to."
Turner's concerns about mobile device security echo the concerns expressed at a Mobile Internet World panel last week. During that discussion, panelists generally agreed that many next-generation mobile devices lack stringent security measures, because many companies don't want to invest heavily in security protocols for products that they aren't certain will be profitable. Turner says that even if carriers and device manufacturers did embed traditional security protocols into their handsets, they wouldn't be adequate to detect the more stealthy kinds of malware that is designed to mine for personal data.
"In the past, it's been obvious that there's malware running on a device," he says. "But now it's become very difficult to detect these things without a new type of approach."