Phone makers seek to further lock down handsets

Initiative to make handsets more secure has met with mixed reactions

The Trusted Computing Group (TCG) is working on specifications for a security chip that could show up in mobile phones by the end of next year. 

The initiative to make handsets more secure has broad support from phone manufacturers, carriers and semiconductor makers.

But the plans have been sharply criticised by consumer advocacy group the Electronic Frontier Foundation as an effort to further limit consumers in what they can do with their mobile phones. 

At the CTIA Wireless IT and Entertainment tradeshow in San Francisco, the TCG spoke publicly about the initiative for the first time, and unveiled 11 applications that the security chip seeks to enable.

These include authentication, digital rights management, Sim-lock, controlling software downloads and software use, and the protection of user data and privacy.

"The mobile platform is being driven to more value-added solutions such as access control, e-commerce and content delivery," said Brian Berger, marketing chairman at the TCG. "Then hardware security becomes even more important."

A mobile phone is susceptible in theory to the same threats that face computers, he added, including viruses and denial of service attacks. Berger argued that security technology embedded on a chip could prevent such attacks from reaching the handset.

The TCG is a non-profit organisation which defines security standards for the high tech industry, including the Trusted Platform Module (TPM) security chip for desktops and laptop.

It also offers a standard for secure networks, and is working on a security chip specifications for servers.

The mobile chip will be similar to the TPM, which is deployed in several enterprise systems and is expected to be used in the Intel powered Apple computers that will start shipping next year.

In Apple's case the chip ensures that its OS X operating system is running only on Apple hardware. The chip also allows for the secure storage of passwords and enables the encryption of data.

One of its more controversial elements is that it can be used for digital rights management, limiting which web pages users can print or what digital content they can play.

Specifications for the mobile security standard are expected in the first half of 2006. The first proof of concept handsets are to follow later that year, Berger predicted. He also expects the technology to be integrated into other components of the phone.

A mobile phone group within the TCG will work on defining the specifications of the standard. Members of the group include France Telecom, Vodafone, IBM, Philips, Nokia and Motorola.

Nokia hopes to reduce the cost of developing the technology by working through the standards body, while an open standard will also lead several manufacturers to make the chip which in turn will keep down the price.

"The big benefit is a reduction in the cost of security functionality," said Janne Uusilehto, head of product security technologies at Nokia.

He predicted that the technology will cost $5 at most, meaning that the consumer would end up paying an additional $15 to $25 when buying the phone.

The Electronic Frontier Foundation, a non profit group that aims to protect the digital rights of individuals, slammed the initiative.

"This enables the carriers to further control their end users," Seth Schoen, staff technologist with the organisation, told vnunet.com. "Cellphones are already a disappointment to users."

He insisted that it is the business models used by mobile operators that determine what users can do with their devices, rather than technology. Schoen predicted that the security technology will only worsen these limitations.

Many of the user cases that the TCG presented can be looked at from two different angles.

A secure Sim-lock, for instance, is designed to render the device useless to a thief after the operator has disabled the account. But it will also prevent the user from switching to a competing operator.

The secure software feature can prevent spyware and other malware from being installed on the device, but can also limit the user to buying software only from carrier-approved stores.