Group will unveil mobile security open specs

Mobile trust specs cover malware protection for mobile devices

I search, therefore I am. That was the rude lesson AOL subscribers learned last month when the Internet giant thoughtlessly released reams of data on searches that its users conducted. Sure, the users’ identities were removed, but as people quickly figured out, you can tell a lot about who somebody is by looking at what they’re looking for.

Now it turns out that those Blackberries and smart phones we drag around with us are talking, too. Mobile device security company Trust Digital reported last month that used smartphones and PDAs for sale on eBay can reveal reams of information — 27,000 pages, to be exact — about their former owners.

The company purchased 10 mobile devices from eBay and salvaged data, including personal banking and tax information, corporate client records, product road maps, computer passwords, and contact address books, the company said in a statement.

Most of the data was in the flash memory of the devices because the previous owners didn’t properly cleanse the equipment using a “hard reset” that would have erased the data.

With the use of multifunction mobile devices growing rapidly within corporations, mobile data leaks are already a big problem, and enterprises should be investigating software to secure data on mobile devices, Trust Digital said.

Luckily, the Trusted Computing Group (TCG) is on the job. At this month’s CTIA Wireless IT & Entertainment show, the group plans to announce new, open specifications to embed trust into mobile devices that will give added protection against data loss, as well as malicious code and spam, according to Mark Redman, principal engineer at Freescale Semiconductor and a member of TCG’s Mobile Phone Working Group, which is developing the new specification.

The specifications will cover areas such as user data protection and privacy, allowing users to protect personally identifiable information, address books, and other credentials from being accessed.

TCG isn’t saying when mobile devices will be made available with security based on the new specifications, but a six- to 18-month gap isn’t uncommon, said a TCG spokeswoman.