ARM Community: Would you rather lose your wallet or your phone? - ARM Community

I’ve just returned home from the Mobile World Congress in Barcelona where everything was going well until Wednesday evening after a dinner out with some of our ARM Ecosystem Partners. That’s when my pocket was picked on the Metro and I lost my wallet to a pair of local thieves. I quickly realized what had happened and phoned home to my wife who immediately called our card providers to alert them to the loss. Otherwise I was only missing a couple of loyalty cards, a college pass, some cash and the wallet itself, and fortunately I hadn’t been harmed in any other way.

The following morning I joined a long line of MWC attendees at the on-site police station to make an official report and realized how much worse it could have been. Aside from not being physically harmed, I hadn’t lost my phone which was what had happened to lots of other people. The inventory of stolen smartphones around the city was about as extensive and high-tech as you could get – Blackberries, iPhones, Nokias, Samsungs, HTCs and all the leading brands you’d expect attendees at MWC to be using, not to mention purses, wallets and laptops. And it made me realize how much more important my phone was, compared to my wallet. After all, I’d been able to call home immediately, I hadn’t lost any data, none of my secure information was missing and the wallet and cash I’d lost were insured. Most importantly, I could carry on working and communicating with colleagues and ARM Partners.

On the other hand, what happens when thieves look into all the smartphones they’ve just stolen? Is the phone password or PIN protected, can they crack the PIN, do they look through your contacts, emails and texts and what might they learn? I guess that in the worst case some victims are at risk of identity theft or having their Facebook accounts hacked or receiving spam and worse from people they’d rather not be hearing from. And of course, with Near-Field Comms (NFC) just around the corner, we’ll soon be using our phones as electronic wallets for currency to purchase small items or carry e-tickets.

I expect that in many cases the thieves would simply throw away the SIM, wipe the phone and sell it on, but it is concerning to think what could happen and how the threat would linger for many months. Which makes security in these devices an increasingly key feature, and it needs to be security that can’t easily be cracked by well-equipped operators in the international stolen goods market.

So this sequence of events has for me personalized the importance of our security activities at ARM such as our long-standing investment and commitment to TrustZone^TM; a technology built into the core of our processors for securing secret data, authenticating transactions, managing digital media rights and apps licenses, holding secure keys and so on. System designers can employ TrustZone as a foundation for security throughout mobile devices coupled with a well designed system architecture and boot mechanisms to enable products that can withstand being attacked over the air, through the keypad or via any interface connections for PC synch. That is, if users take the trouble to use a strong password* or PIN on their phones.

Operators and corporate IT departments can help as well: Now that smartphones have rich and sophisticated mobile software operating systems, it is possible to disable or wipe them as soon as they seen on the network after they have been reported stolen. And the mobile industry should be doing more to leverage the smartphones’ GPS capabilities so that the location of a stolen device can be tracked by the police. In addition to its TrustZone technology and SecureCore^TM processor products, ARM is also working closely with partners to develop and deploy secure services for mobile computing. For example, we are jointly developing secure solutions for electronic payment and online banking via mobile phones with Giesecke & Devrient (G&D); a market leader in banknote production and processing, smart card solutions for telecommunications and electronic payment, security documents and ID systems. Further ARM is also actively engaged in a European funded project named SEPIA which focuses on building secure payment platforms which can be certified by independent organizations to achieve a level of trust equivalent to that we see today in MasterCard and VISA payment cards. The project also included G&D, Infineon, BrightSight (a security certification organization) and the Technical University of Graz

Obviously, my recent experience leads me to pay more attention to mobile security and I’ll be exploring the security features very fully on the new smartphone I’m getting later this month. Meanwhile I’m pleased to be home after an otherwise successful week at MWC.

* A strong password shouldn’t be a word at all. It can be a combination of letters, numbers and keyboard symbols. It should be at least seven characters long as longer passwords are harder to guess or break. It should not contain your user name, real name, or company name. It should contain a mix of upper and lower case letters, numbers and keyboard symbols. And you should change it regularly.

Chris Turner, Product Marketing Manager, Processor Division, ARM, Chris works at ARM in the Processor Division's product marketing group where he manages the Cortex-R real-time processors. These processors deliver the enabling technology that runs communications inside mobile handsets and tablets - supporting the applications processor. If you just subscribed to an HSPA or LTE data service then you're almost certainly using a USB modem stick powered by these ARM Cortex-R processors. And, you'll find these same processors in just about every high performance hard disk drive, under the hood in automotive electronics and embedded in various other consumer and industrial applications. So, yes, you guessed it, he's into technology, knows his way around the semiconductor industry, understands computing, loves his job and never ceases to be amazed by the products and services that ARM delivers to users. Enjoy!