Phones are getting smarter, with Web browsing, e-mail and media content becoming available to more of the cell-chatting populace; and with all the buzz around Apple Computer’s (AAPL) wireless device plans, 2007 is sure to be a year when more PC-like functions get absorbed into handsets. But will that mean more PC-like security headaches?
Probably. That’s why tech industry players like Spansion (SPSN) are devising ways to make sure a lost phone doesn’t become yet another vehicle for identity theft and virus proliferation. I chatted recently with Jeremy Werner, solutions delivery marketing manager for Spansion’s wireless systems division, about the Sunnyvale company’s plans to build security features into the flash storage media in phones. Its first security chips should be available for sampling in mid-2007, and shipping in volume at the end of the year.
I’m not convinced by Werner’s argument that phones will become the keys and wallet of the future; that sounds too much like the grandiose digital wallet plans Palm was spouting six years ago, before reality set in. But I can’t argue with the underlying trend: as the phone evolves into the most popular platform where human beings store personal information, it will become a target for criminals. So someone’s going to have to secure it.
Below, an edited transcript of my IM interview with Werner where we discuss how that might happen.
Fortt: Give me your sense of why cell phones need this level of security. Most folks aren’t afflicted with cell phone viruses at the moment. Why do I care whether there’s security built into my handset? What do I need to be protected from?
Werner: Most people likely think about security in the context of their PC – anti-virus, etc. We are focused more on prevention with our security technology than reacting after the fact like an anti-virus software program would. Imagine if when your phone was stolen for instance, it was rendered useless to the criminals and your data was protected. Most people probably don’t even think this is a possibility, but it is.
Fortt: Explain how that would work.
Werner: Our secure memory actually can recognize the user and only allow the system to use what’s in the memory (programs, pictures, contacts) once it can authenticate the user.
Fortt: How does it recognize the user?
Werner: This might be done through a PIN, a fingerprint swipe, or we’ve even heard of some algorithms being developed to recognize the rhythms of people’s gait. This of course becomes more valuable as the phone integrates other features as well.
Fortt: So you believe the average phone is likely to become what smartphones are today? Your average person doesn’t have much in his or her phone besides phone numbers and maybe a few random photos.
Werner: Not necessarily like a Treo or BlackBerry with a full keyboard, but certainly many phones will become more capable. In North America, Europe, Japan and Korea this is already happening. In developing countries where price is critical there will be a continued growth in simple phones, in communication-only devices. Certainly Japan is furthest ahead in adopting new technology. It’s harder to get that consistent rollout in the U.S. or Europe, but once you do, watch out.
Fortt: Yes, so in Europe and Asia, there are more advanced wireless communities. What’s happening on the security scene there, and how has that influenced your plans?
Werner: Yes, of course it has influenced our plans. U.S. consumers just finished a major cycle of phone replacement primarily driven by color screens and camera functionality. Next we will see the multimedia-driven replacement cycle, followed by the wallet and key replacement cycle. People will not want to use their phone as a payment and entry device unless they trust the security of the device and their privacy. And the retailers, banks and transaction services won’t sponsor and fund the transition unless they can be sure that they will benefit through increased transactions, speedier transactions and reduced fraud.
Fortt: So you’re anticipating a replacement cycle driven first by music and video, then by mobile commerce. And you’re preparing for that by building security into the phone’s flash. Can you talk about your embedded strategy and your SIM card strategy for security, and how they’re different?
Werner: We anticipate the market bifurcating into a low-cost market primarily in emerging markets (Russia, China rural, India, Africa) on the one hand, and the replacement cycle I described above on the other. In regards to the embedded strategy and the SIM strategy, they aren’t all that different. Our security product allows operators to extend the type of security they can achieve on a SIM card into the phone but with a more powerful engine that can be used for security and much greater densities.
Fortt: In that case, why would anyone use the SIM version rather than embedded? Is it just a GSM/CDMA thing?
Werner: We also enable a type of intelligent partitioning so some areas of the embedded memory can be under operator control and others under OEM control or bank control, enterprise control etc., all with the same types of security that you would see with a smart card or SIM card. SIMs have a long history of establishing trust and also a benefit in terms of being able to be configured outside of the handset, i.e. they are easily transferable physically. Of course CDMA vendors have proved you don’t need a SIM card. But SIM can be a nice feature and we have also announced a higher capacity SIM card product.
Fortt: Where do you expect to find your first customers for this? Are carriers demanding that handset makers build it in? Where will demand come from?
Werner: We are a member of OMTP (OMTP.org) and that is an operator-driven body that is standardizing terminal requirements for the operators. We have recently submitted a product profile which states that handset OEMs can meet the operator security requirements by using our products. Carriers won’t generally specify a particular implementation, rather focusing on security requirements of assets. This keeps the OEMs from jacking up prices, or not meeting demand and claiming it was because they insisted they use a particular product in their phones. The kinds of requirements we will see are such and such asset (code, data, key) needs to be integrity- and confidentiality-protected.
Fortt: Okay, so talk to me about cost. How much will your flash-based security add to the cost of the phone, and how do you think that stacks up against other solutions?
Werner: The cost will depend greatly upon how much memory is in the solution and how many features the OEM enables in the phone. We work closely with our customers to deliver an optimized solution cost. Often times we are integrating features from other parts of the system into our subsystem, thus we will take cost out of other parts of the phone. Thus it’s hard to quantify. Also we feel we are enabling entire new classes of phones, new features that are wholly dependent upon a robust security implementation. It’s kind of like saying how much cost does adding a screen to a radio add so you can watch movies.
Fortt: So by implication, this will be most cost-effective for phones that are already advanced – that already have a decent amount of built-in flash, for instance.
Werner: We will probably see the most traction early in mid end to advanced phones. If we look at media distribution the lack of good memory and hardware security has led to closed systems. For example let’s take the Apple iPod. Today you are pretty much locked into iTunes if you use an iPod because of the type of DRM (digital rights management) capabilities in the device – and I can understand this, because the only way today to truly build a secure system is to build a closed system. However, with memory security we can enable a broader interoperability between media players (phones) and media distributors by maintaining digital rights management security (OMA-2, WM10). That will be a benefit to users.
Fortt: The carriers aren’t exactly poster children for openness, however.
Werner: True, true. But on a separate note, whenever I leave my house in the morning I always make sure I have three things in my pockets: my wallet, keys and cell phone. We envision a day when you will be able to leave with only your cell phone and function perfectly well if not better than we do today. And if you lose your phone, your memories, keys, money, and personal information are protected because the security is physically built right into the memory itself. And we think this will permeate throughout the low to high end as it will truly revolutionize the way we move around the world and make transactions. Even if someone doesn’t watch TV on their phone, or send SMS they eventually will use their phones to open doors and make payments. Because if there is one thing I know for sure living in America, it’s that everyone shops.
Fortt: It’s my turn to say true, true. But I must say I’m skeptical about using my phone to open doors. Why would I want to do that?
Werner: Have you ever been to Hawaii?
Fortt: Yep.
Werner: Last time I was there I rented a condo from someone. Prior to getting there they sent me a key in the mail. It arrived six hours before I left San Jose. Then while I was there I started thinking, I wonder how many people never returned the key to this condo? I hope some crazy slasher killer guy doesn’t show up in the middle of the night with a key to our apartment – or some family with 12 kids looking for a place to crash. Now imagine instead of doing this, the owner could have text messaged me a key to the condo, with that key carrying an expiration date of three days. After three days it is no longer valid. No need to change the locks, mail back a key, etc. The same could be true if you had contractors or house guests, pet sitters, or you were checking into a hotel. If you lose your phone-key no problem – buy a new one and get a new text message. Your old phone was rendered useless, remember – so no risk of someone being able to use it to get into your place. OK, I’m done with my rant.
Fortt: You must admit, there are all sorts of security risks associated with text messaging a key to someone. Messages can be intercepted. I can’t imagine that a flash solution could completely erase those risks.
Werner: The key would be encrypted and only could be unencrypted by the target phone. It requires some shifts in infrastructure but it’s all possible. This is simple through a public:private key exchange protocol (PKI). And our memory actually does all of the encryption and decryption itself, so it won’t tax the system processing power.
Fortt: But it sounds like it also requires a world where your locksmith has an engineering degree, and you need a per-seat license to change your locks.
Werner: LOL. Well, it will require some changes in the way we do things, but your locksmith may be a tech support number you call to walk you through how to change your locks. I think the point you really bring up is what I refer to as the “Whole Product Concept” (stolen from Geoffrey Moore). But the point is that when we introduce these new products we need to make it easy for people to use, and that means going beyond providing only a piece of silicon.
Fortt: Yeah, I try to be a big-picture/real-world kind of guy. Comes from my years reviewing products for newspapers. I see what you’re aiming for, though. Maybe you can close by explaining how your method would protect software.
Werner: Our solution allows the handset OEM to partition the memory physically. Some of those partitions may be used for the OS, others for signed third-party software from a trusted source, and still others for shareware or other more suspicious providers. Each of these partitions will have different access requirements for reading or writing. Sometimes requiring OEM or Operator PKI authentication, other times requiring only user approval. In this way we can then do a virus rollback on the suspicious partition to eliminate SW that could be potentially damaging but protect the core functionality of the device.
Fortt: Sounds like you’re aiming for what security pros have been begging the technology industry to do for years: You’re baking security into the hardware from the beginning. We’ll see how it works. Thanks for the chat.