Handheld mobility devices, the security and functionality of said devices never seem to dull. Of recent, we have two references you may want to read more about. First is a writeup from ComputerWorld, the second is announcement from PayPal.
Jon Espenschied has a nice writeup in ComputerWorld, titled "Ten dangerous claims about smart phone security". This is an excellent primer for anyone who thinks his or her smartphone is safe. His 10 claims are as follows:
1. It's just a phone with cool features, right?
2. It's stable, just like any other purpose-built appliance.
3. Communications are encrypted from end to end.
4. The connection's secure unless I use Wi-Fi in a cafe.
5. E-mails and messages are secure from prying eyes.
6. Using a mobile phone constitutes out-of-band communication.
7. I trust the integrity of data and applications on a smart phone.
8. Information deleted from a smart phone is gone, right?
9. Spying on my smart phone is hard.
10. Abuse is minimal because the network and phones are constrained.
In other news, PayPal is gearing up to deploy a mobile payment service. According to CNET and the WSJ, PayPal will launch a service this year, enabling users to pay for transactions using a smartphone. More specifically, person with web-enabled handhelds will have a specific application allowing them to pay for transactions using their PayPal account.
Back at RSA, when I participated on the SmartPhone Insecurity panel, it came to my attention that people really do use their phone to surf and purchase items. I was amazed to see more than half of the audience had purchased something from the Internet using their handheld in the last month. Personally I find the form factor and medium of a handheld too annoying to do any serious shopping.
Comments (1)
The last portion of your post caught my attention. Having just purchased a smart phone, I find myself rather interested in the subject of smart phones and smart phone security. Finding phone set to accept all incoming bluetooth connections by default, for example, frightened me a little.
On the subject of making purchases via smartphone. I'm a cell phone software nut... I'd spent somewhere in the neighbourhood of $100 on games for my previous cell phone (which was just a cell phone) at the price of $5/game. I find them to be great distractions and "disposable" distractions. With my cell phone when I purchased a game, nothing was required on my end, except to click OK... My account was billed for the purchase and I could pay that securely at the end of the month. When I picked up the smart phone, I knew immediately that there was some software I wanted to acquire. I opened the browser and visited the Software Store... instead of being my provider, it was powered by a third party (Handago). I select the software, thinking my bill would show the charges for the software and proceeded with the purchase steps. The final step asked me to enter credit card information... I closed the browser and must now find another means of purchasing the software. People use these services frequently and it was a bit of a surprise. I couldn't imagine sending my credit card information freely over my cell phone... and was surprised to find that people actually did it.
Posted by Tyler Reguly | March 26, 2007 1:51 PM
Posted on March 26, 2007 13:51