mobile security

NTT DoCoMo and Panasonic have announced a new phone: the P903i. What’s interesting about this phone in particular is the unique security features that are present.

It clearly defines a mechanism for each of the three authentications categories.

Something you have

The most significant feature is the small electronic key card which the owner must carry on his or her person in order for the device to function. The range can be set at 8, 20 or 40 meters. If the owner moves outside the predefined range, the phone will automatically lock.

Something you are

The other interesting security feature on this phone is biometric. The owner takes three photos (in natural and artificial light). The facial recognition software measures the unique distances between the owners facial features and, to add another layer of security, it even has the ability to check to see if the eyes are blinking. This ensures that a photo is not being presented for authentcation - which I am told happened at Bill Gates’ concept house a few years ago.

Something you know

If the keycard is lost the user is able to enter a one-time password to unlock the device. However, in order to continue using the security features, a new keycard will need to be subsequently purchased and registered to the device.

So if the owner looses or has their phone stolen, there is even a built in GPS module which allows the onwer to look up the whereabouts of their phone on the web. This service is rumoured to cost $2.50 per use. I will be interested to see if any or all of these authentication measures catch on with other manufacturers.

Powered by Gregarious (41)

I found an interesting link from the E-Series blog which gives instructions how to download Windows Messenger for Nokia, Motorola, SonyEricsson and Panasonic phones. Upon following the instructions and wading through loads of Chinese text, it appeared the files are plain http links which then redirect to the correct installer file.

So to ease the pain for those of us who aren’t fluent in Mandarin, I’ve made an easy list so you can download the relevant installer for your phone:

(right click and “save as”)

Nokia 3220 http://mclient.msn.com.cn/dl/386.jar
Nokia 3230 http://mclient.msn.com.cn/dl/543.sis
Nokia 3250 http://mclient.msn.com.cn/dl/544.sisx
Nokia 6020 http://mclient.msn.com.cn/dl/386.jar
Nokia 6021 http://mclient.msn.com.cn/dl/386.jar
Nokia 6030 http://mclient.msn.com.cn/dl/386.jar
Nokia 6060 http://mclient.msn.com.cn/dl/386.jar
Nokia 6070 http://mclient.msn.com.cn/dl/386.jar
Nokia 6080 http://mclient.msn.com.cn/dl/386.jar
Nokia 6101 http://mclient.msn.com.cn/dl/386.jar
Nokia 6102 http://mclient.msn.com.cn/dl/386.jar
Nokia 6111 http://mclient.msn.com.cn/dl/386.jar
Nokia 6125 http://mclient.msn.com.cn/dl/386.jar
Nokia 6131 http://mclient.msn.com.cn/dl/387.jar
Nokia 6170 http://mclient.msn.com.cn/dl/386.jar
Nokia 6230 http://mclient.msn.com.cn/dl/386.jar
Nokia 6230i http://mclient.msn.com.cn/dl/386.jar
Nokia 6260 http://mclient.msn.com.cn/dl/543.sis
Nokia 6270 http://mclient.msn.com.cn/dl/387.jar
Nokia 6280 http://mclient.msn.com.cn/dl/387.jar
Nokia 6600 http://mclient.msn.com.cn/dl/543.sis
Nokia 6630 http://mclient.msn.com.cn/dl/543.sis
Nokia 6670 http://mclient.msn.com.cn/dl/543.sis
Nokia 6680 http://mclient.msn.com.cn/dl/543.sis
Nokia 6681 http://mclient.msn.com.cn/dl/543.sis
Nokia 6682 http://mclient.msn.com.cn/dl/543.sis
Nokia 7260 http://mclient.msn.com.cn/dl/386.jar
Nokia 7270 http://mclient.msn.com.cn/dl/386.jar
Nokia 7360 http://mclient.msn.com.cn/dl/386.jar
Nokia 7370 http://mclient.msn.com.cn/dl/387.jar
Nokia 7380 http://mclient.msn.com.cn/dl/386.jar
Nokia 7610 http://mclient.msn.com.cn/dl/543.sis
Nokia 8800 http://mclient.msn.com.cn/dl/386.jar
Nokia 9300 http://mclient.msn.com.cn/dl/387.jar
Nokia E60 http://mclient.msn.com.cn/dl/544.sisx
Nokia N70 http://mclient.msn.com.cn/dl/543.sis
Nokia N71 http://mclient.msn.com.cn/dl/544.sisx
Nokia N73 http://mclient.msn.com.cn/dl/544.sisx
Nokia N80 http://mclient.msn.com.cn/dl/544.sisx
Nokia N90 http://mclient.msn.com.cn/dl/543.sis
Nokia N91 http://mclient.msn.com.cn/dl/544.sisx
Nokia N92 http://mclient.msn.com.cn/dl/544.sisx
Nokia N93 http://mclient.msn.com.cn/dl/544.sisx

Motorola A732 http://mclient.msn.com.cn/dl/380.jar
Motorola C381 http://mclient.msn.com.cn/dl/380.jar
Motorola C650 http://mclient.msn.com.cn/dl/380.jar
Motorola E375 http://mclient.msn.com.cn/dl/382.jar
Motorola E398 http://mclient.msn.com.cn/dl/382.jar
Motorola L2 http://mclient.msn.com.cn/dl/380.jar
Motorola L6 http://mclient.msn.com.cn/dl/380.jar
Motorola L7 http://mclient.msn.com.cn/dl/382.jar
Motorola ROKR E2 http://mclient.msn.com.cn/dl/384.jar
Motorola U6 http://mclient.msn.com.cn/dl/382.jar
Motorola V180 http://mclient.msn.com.cn/dl/380.jar
Motorola V220 http://mclient.msn.com.cn/dl/380.jar
Motorola V226 http://mclient.msn.com.cn/dl/380.jar
Motorola V3 http://mclient.msn.com.cn/dl/382.jar
Motorola V300 http://mclient.msn.com.cn/dl/382.jar
Motorola V303 http://mclient.msn.com.cn/dl/382.jar
Motorola V500 http://mclient.msn.com.cn/dl/382.jar
Motorola V600 http://mclient.msn.com.cn/dl/382.jar
Motorola V80 http://mclient.msn.com.cn/dl/382.jar

Panasonic MX6 http://mclient.msn.com.cn/dl/384.jar
Panasonic MX7 http://mclient.msn.com.cn/dl/384.jar
Panasonic SA6 http://mclient.msn.com.cn/dl/384.jar
Panasonic SA7 http://mclient.msn.com.cn/dl/384.jar
Panasonic VS2 http://mclient.msn.com.cn/dl/384.jar
Panasonic VS3 http://mclient.msn.com.cn/dl/384.jar
Panasonic VS6 http://mclient.msn.com.cn/dl/384.jar
Panasonic VS7 http://mclient.msn.com.cn/dl/384.jar
Panasonic X700 http://mclient.msn.com.cn/dl/543.sis
Panasonic X800 http://mclient.msn.com.cn/dl/543.sis

Sony Ericsson J300 http://mclient.msn.com.cn/dl/380.jar
Sony Ericsson K300 http://mclient.msn.com.cn/dl/380.jar
Sony Ericsson K310 http://mclient.msn.com.cn/dl/380.jar
Sony Ericsson K500 http://mclient.msn.com.cn/dl/380.jar
Sony Ericsson K506 http://mclient.msn.com.cn/dl/380.jar
Sony Ericsson K508 http://mclient.msn.com.cn/dl/380.jar
Sony Ericsson K510 http://mclient.msn.com.cn/dl/380.jar
Sony Ericsson K610 http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson K700 http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson K750 http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson K758 http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson K790 http://mclient.msn.com.cn/dl/384.jar
Sony Ericsson K800 http://mclient.msn.com.cn/dl/384.jar
Sony Ericsson S700c http://mclient.msn.com.cn/dl/384.jar
Sony Ericsson W550 http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson W550 http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson W600c http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson W700 http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson W710C http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson W800 http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson w810 http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson w850 http://mclient.msn.com.cn/dl/384.jar
Sony Ericsson W900c http://mclient.msn.com.cn/dl/384.jar
Sony Ericsson Z520 http://mclient.msn.com.cn/dl/380.jar
Sony Ericsson Z530 http://mclient.msn.com.cn/dl/380.jar
Sony Ericsson Z550 http://mclient.msn.com.cn/dl/382.jar
Sony Ericsson Z710 http://mclient.msn.com.cn/dl/382.jar

Enjoy!

Powered by Gregarious (41)

I was speaking with a colleague today and he said he’d read a report by J Gold Associates which details a possible flaw in Microsoft’s Push Email system. From what I understood, MS’s ActiveSync can only sync and encrypt data if it meets Microsoft ActiveSync standards. It is however is dependant upon which version of Exchange is being run and the version of Windows Transfer Data. Activesync itself utilises TLS/SSL for OTA data transfer, but the point being if your sync data does not originate from an MS or MS compliant application, you could end up with data being stored on your device unencrypted.

This is a prime example of the importance of having a layered approach to security on your mobile device fleet.

Powered by Gregarious (41)

Gone are the days when the network was bound by walls. Of course this is nothing new. Nowadays the network is a little different. We have (but to name a few) client to gateway VPN’s, remote access portals, webmail, push email, pull email, PIM and remote PIM synchronisation, SSH clients - all running on our PDA’s/mobile phones. That’s great isn’t it? You can pretty much get access to any information you want which is residing on some resource inside your corporate network from anywhere in the world. I think that’s pretty smart.

But what about the data itself? At a phenomenal rate, our mobile devices are becoming more and more powerful and having larger and larger storage capacities. As recently as three or even 2 years ago, this wasn’t really a big deal. The technologies involved in order to have such remote access capabilities were not very mature, there were not many solutions available and those that were available had a pretty high price tag and the mobile bandwidth that was available was not very good and was expensive.

Today the situation is different. High speed internet access (such as 3G) is widespread, the cost of your data plans from your phone service providers are flat rate and in many cases unlimited usage. Your mobile device now has the connectivity, the power and the applications which we have been wanting for years. Superb!

The problem comes from the fact we are human. We forget things, loose things - including our phones. This bbc article states that most adults loose their phones between 10pm and 6am (no need to guess what is the no.1 catalyst). It also goes on to say that a mobile phone is stolen every three minutes in the UK and that equates to over 578,000 phones a year.

How many of those belonged to your company? What files or email were on there? In who’s hands did that information end up in? Your competitors? What impact did this have on your company? Were you the one responsible for the phone being lost or are you ‘the guy in charge of phones’? What did you do from preventing this from happening? In retrospect, what could you have done?
Well fortunately, its not all doom and gloom. Some companies out there provide solutions so you can mitigate this risk. Remember - phones will be lost. We’re only human.

The first thing you should do if you haven’t done it already is modify your security poilcy. (Not having a security policy is outside the scope of this article, and if you don’t have one you should consider getting one).

Next, you want to be thinking about device encryption. There are many vendors out there offering solutions. To name a few, Pointsec, Utimaco and Kaspersky all have offerings, and there are many others too.

In addition, mobile antivirus might also be a good idea. Again, the usual suspects all have product offerings.

Powered by Gregarious (41)