New spec targets mobile phone security

Efforts to establish security standards for mobile devices were boosted Tuesday with the release of the Mobile Trusted Module (MTM) specification.

The specification offers a set of standards for mobile phone manufacturers and software developers to store data securely in mobile devices, such as smartphones and wireless PDAs (personal digital assistants).

The standards, issued by the Trusted Computing Group industry association, have been years in development. They are backed by numerous companies, such as Nokia, Samsung Electronics, and France Télécom, which are members of the Trusted Computing Group's Mobile Phone Work Group.

Like the Trusted Platform Module used in PCs, the MTM stores information in a secure area of the device to ensure the device's operating system, applications and data haven't been virtually or physically tampered with. It uses a system of "engines" within the device that report the state of their code so that their "trustworthiness" can be established.

Vendors can determine whether the MTM should be a discrete silicon chip or a system-on-chip implementation.

In addition to helping manufacturers and operators reduce the risk of virus attack and identity theft, the MTM can enable mobile payment and ticketing services.

Further information about the mobile phone security specification is available here.