Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How Safe Is Private Cell Phone Data?

Paris - The recent hacking of Paris Hilton's address book-stored on the TV celebrity's Sidekick II smart phone and backed up by T-Mobile's server-has raised questions in the engineering community about whether personal data is adequately protected in the current generation of cellular products.

In Hilton's case, industry observers think the attack penetrated T-Mobile's server rather than the client phone from Danger Inc. Nonetheless, to stave off such attacks, chip vendors, subscriber identity module (SIM) card manufacturers and mobile-handset companies are already strategizing new security features in the next wave of phone and network designs.

While there are operator-specific implementations for protecting private data stored in a handset and in a network, a personal identification number (PIN) is one of the most common ways to safeguard personal information on the phone today. "If an intruder gains access to a user's telephone physically [that is, if it is stolen], the only defense against data theft is typically PIN-based security of the handset itself," said Mike Yonker, director of technology strategy at Texas Instruments Inc.

A step beyond the PIN, questions about mobile security abound. Where should critical information be stored-in SIM cards or handset memory? What sort of hardware/software blocks should be added to a handset for security? Does a secure protocol exist in the communication path from an individual SIM card to an operator's database? How should data stored by the mobile operators be protected?

Simple backup
Before debating data protection on a handset itself, some experts responded to the Paris Hilton case by asking why private data, like an address book, needs to be stored in a network operator's server in the first place.

  • 1