Mobile phones: An ear full of worms

"We're glad that mobile phone vendors have opened their platforms," said Matias Impivaara, business manager for mobile security services at F-Secure. "The benefits users have from open platforms are much larger than the problems they face on the security side. Security is just something we have to prepare for."

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

You would expect to hear that from a company peddling antivirus software, but Impivaara has a point: Does anyone really want to abandon new mobile data services -- for security reasons -- to return to voice only?

Hardly. But as mobile phone makers and operators open the gate to the global Internet, they will need to get tough on security -- much tougher than they have been in the past when they enjoyed the protection of closed proprietary systems.

The good news: Plenty of activity on the security front is under way.

At the client software level, for instance, Nokia responded quickly to attacks on its new smart phones by signing deals with two antivirus software vendors, F-Secure and Symantec, for subscription services.

For the Nokia 6670, F-Secure provides on-device protection, similar to antivirus protection programs for PCs, with automatic over-the-air antivirus updates for a monthly fee.

Symantec has made its Client Security software available for the Nokia 9500 Communicator and 9300 smart phone, which use the Symbian operating system. Already a year ago -- in anticipation of problem -- NTT DoCoMo signed a contract for antivirus software from Network Associates Technology, the maker of the McAfee antivirus product line.

At the hardware level, for example, Texas Instruments (TI) is building a security platform from U.K. chip designer Arm Holdings into its next-generation mobile processors, following the introduction of hardware-based security in Intel's next-generation XScale handheld chips. Arm's hardware security platform, called TrustZone, could become a standard since Arm's core processor technology powers most mobile phones and newer handheld computers on the market today.

Leading mobile chipmakers plan to introduce a hardware-based security concept similar to the one pioneered by Microsoft in the PC world: the Next Generation Secure Code Base (NGSCB), formerly known as Palladium. Schemes put forward by Intel, TI and Arm call for a protected portion of memory -- totally separated from the rest of the processor -- in which applications can be verified and then run securely.

At the infrastructure level, operators have been installing a wide range of equipment to monitor and filter corrupt downloads and spam. These new messaging and content delivery servers are at the edge of their networks, where gateways open to the Internet. Other new virus detection and repair technology is also being deployed deeper inside the network. All of these new systems come on top of the authentication and control systems already in place in mobile phone networks that require users, form the start, to log on and identify themselves via the SIM (Subscriber Identity Module) card in their mobile phone.