Security Standards Pushed To Encourage M-Commerce
Oct 28, 2004 1:02 PM PT
A group of tech heavyweights have joined forces to push a mobile security specification they say will clear the way for a boom in m-commerce.
Wireless carrier NTT DoCoMo, chipmaker Intel and IBM said the spec they call "Trusted Mobile Platform" will protect mobile devices against viruses and other attacks and make transactions done on them more secure.
The platform includes specifications for hardware and software and will enable devices to be outfitted with different levels of security depending upon how they will be used. It is also meant to increase confidence about making mobile devices part of enterprise networks, by enabling a device's security level to be recognized and shared.
"This collaboration directly enhances hand-held architectures to provide the trusted capabilities vital for widespread adoption of mobile commerce and enterprise usage," said Sean Maloney, an Intel vice president.
"Mobile security is more than just protecting against new viruses, worms and attacks; it's about protecting critical business assets and information," Alistair Rennie, vice president of sales and marketing in IBM's pervasive computing unit, added. Bringing standards forward will help ensure that "security will become more embedded across a broad range of business system," he added.
So far, the spec has been published online, a process the companies hope will result in feedback and comment as well as scrutiny by other technology experts, said Intel spokesperson Amy Martin. After some feedback has been received and reviewed, the specs will be submitted to the relevant oversight bodies for their endorsement, she added.
To date, mobile devices have not been favorite targets of hackers and virus-writers, but many experts say it's only a matter of time before the number of devices in use makes them an appealing target.
In fact, a Trojan known as Brador discovered over the summer was believed to be the first instance of malicious code written specifically to target hand-held devices.
Sophos antivirus consultant Graham Cluley said the sheer volume of attacks on desktop machines and networks makes getting them under control more urgent and said early versions of PDA worms might be more of a distraction than a real threat.
"Most enterprises don't have enough security resources to handle just what's on the desktops, let alone any mobile-specific threats," he said. More sophisticated attacks against mobile devices are inevitable, however. "It's only a matter of time, but for now, the real threat remains the traditional virus and hack attack that comes in through desktop machines."
Still, a truly trusted security standard for devices could appeal to both enterprises that want to connect their mobile workers to a network and to consumers who want to use their mobile devices to make a range of payments.
Early visions of m-commerce, such as widespread use of mobile devices as point-and-click payment tools, have yet to evolve in part because of security concerns.
"People who use the Internet and are sophisticated about it know there's no guarantee of security in the wired Web," Cluley said. "Asking them to take it on faith that they can do risky transactions wirelessly is still a big jump for most people."