When Your Mobile Phone Represents You
By Mike Masnick, Thu Oct 07 19:00:00 GMT 2004

As mobile phones have more advanced features for payments and identification, it raises some questions about the unintended consequences of your phone defining who you are and what you can do.

Police in South Korea this week broke up a crime ring that was using duplicated mobile phones to purchase items that were charged to the original subscribers. The crime was fairly simple. The group stole personal information from two agencies and received leaked phone codes from a handset manufacturer. They then created duplicate phones with that information, and proceeded to buy products with the phones -- with everything charged to the original subscriber. The group then took the goods and resold them on an auction website.

The crime, itself, isn't all that noteworthy. There may be many other, similar crime operations happening around the world. However, what it does highlight are some of the unintended consequences of mobile phone feature creep. Phones were, of course, originally intended as tools of communication. However, by adding in things like the ability to make purchases with mobile phones, the phones have become much more. In some ways, they're starting to define people: it says who they are and what they can do.

Obviously, that leads to plenty of questions about security. The subscribers who were scammed in the story above had no idea their mobile phone identities had been stolen. While identity theft has become a big story over the last few years, it still required gathering up all the right information -- much of it carefully guarded, with the knowledge it could be used for identity theft. Now, anyone who has your phone, or who can duplicate your phone can act as if they were you. While most of the recent mobile phone security fears have focused on viruses reaching mobile phones, it's the other, unintended consequences that tend to really take people by surprise.

In the Internet world, there's a growing number of extra security precautions to help make sure that the person sitting at the computer really is who he says he is. This includes things like fingerprint verification and devices that generate random numbers that need to be typed in. These ideas are starting to show up in the mobile device world as well, though they are still not widely deployed. As mobile devices morph into much more than just communications devices, it's important to step back and be aware of the potential downsides. That isn't to say these innovations shouldn't move forward -- but that everyone should be more aware of where the risks are, and look for potential solutions.