Nokia Gets 007-Worthy Software for Smartphones
By Eric Lin, Tue Aug 24 23:30:00 GMT 2004
Addressing security concerns is a necessity for mobile device manufacturers looking to win over the enterprise sector. Nokia has partnered with Pointsec to offer encryption for its smartphones.
Security fears have always been one of the strongest arguments against mobile devices in corporate environments. VPN clients allayed fears that a lost mobile device would lead to a breach in network security, however data security still remains an issue. Corporate security officers worry that a stolen or misplaced device could reveal sensitive data because of email or documents stored on it. Initially these concerns were primarily limited to PDAs, as Microsoft and PalmSource each touted their security features as well as add-on encryption and security software for each of their platforms to corporate IT and security experts.
As smartphones replace PDAs and corporations replace road warriors' laptops with smartphones, the data on smartphones has come to the forefront of security concerns. Now that smartphones from the Blackberry to P900 and Treo 600 have become powerful enough to manage a higher volume of email as well as office documents, concerns are at an all time high. Although legitimate, they are susceptible to over-hype with "security warnings" being issued about device from PDAs to USB keychains to iPods.
Most security experts believe a password is not enough to protect a device, even if the user actually protects his device with one, it can often be cracked or worse yet, bypassed. Nokia is the first smartphone maker to directly address these concerns on handsets by announcing it will offer encryption technology for series 60 and series 80 devices from Pointsec. This application will use 128 bit encryption to encode user data - email, documents, appointments, even SMS and MMS on the fly. To ensure the encryption is actually used, it will automatically timeout to an encrypted state in case a device is left unlocked or unattended.
Encryption can take quite a toll on processors. The Pointsec system works around this by decrypting information in a user specified order, but it can jump to more urgent data if the user tries to open a file that's still waiting for decryption. Although it seems like overkill, sadly encryption is probably the only solution that will make corporate security chiefs happy for the time being. Fingerprint sensors, which have been recently introduced in a few Korean and Japanese handsets sounded like a viable alternative. However only a week after an LG handset with a fingerprint sensor to prevent unauthorized use of the built-in bank chip was introduced, it was discovered the system defaulted to less secure PIN code after three failed attempts to read a fingerprint.
Other hardware-based security technologies are being developed, but none are ready for deployment. Until these are ready, smartphone manufacturers and possibly platform developers will have to continue to offer software security solutions if they want to crack the corporate market, or even retain their reputation among the consumer users if mobile banking continues to catch on.