Mobility is enabling a brave new world of social media applications, but making too much personal information available is a security risk.
Like many, I feel my productivity has risen with my smart phone and what its ecosystem enables. The work aspect is a given. But, in my personal life I no longer struggle with the cumbersome remote and DVR UI to program my favorite shows or select an on demand programs to view. Through an app developed by my cable carrier, my iPhone is the new remote. I no longer struggle with figuring out where to get good eats given Yelp, UrbanSpoon, etc. and, through Twitter, I will know where the next hot pop up restaurant will be.
Though I’ve embraced mobility and what it can enable, I’ve never signed up for Facebook due to security concerns (by the way, this was reaffirmed during a recent meeting with one of our security partners). Your personal information often is the key to unlock your investment, credit card, email, and banking accounts. With so many accounts, passwords are often not random (ideally 12 characters) and perhaps not even unique per account. The challenge question or in some cases questions (up to 3) are based on personal information. The most common are your mother’s maiden name, your first car, the name of your elementary school, your favorite teacher. Through information posted on Facebook, you provide hackers the keys to your financial and personal accounts.
With the emergence of the mobile wallet, the same security concerns exist. With so much of one’s private data including credit and debit card numbers stored on the smart phone, the mobile handheld must become a highly secure system to gain adoption of the new services and applications. A simple four digit numerical password to unlock the phone will take less than 60 seconds to hack. Losing a mobile wallet will be much worse than a real wallet given all the data stored. In addition, a mobile wallet is susceptible to a contactless attack. A much better security solution must exist that is independent of personal information that can be data mined.
A possible solution is using ones biometrics, for example fingerprint, to unlock the phone and to enable payment transactions. Semiconductor fingerprint recognition sensors already exist but may need to become economical to integrate into a smart phone. The biometric data must be stored in a secure element that provides a trusted environment for storing sensitive data or applications. The concept of a secure element consisting of a cryptography engine and non-volatile memory (NVM) element for code and keys exists already in the application processor. To support biometrics, the NVM capacity will need to increase, must be secure, and be enabled in bleeding edge process geometries driven by the application processor cost requirements.
Addressing the mobile wallet security vulnerability will be critical given the trend of Internet of all things. Productivity and security will need to go hand and hand. With 50 billion connected devices (mobile handheld to M2M) projected by 2020, each device will need to become smarter and more secure.
This topic is the subject of the Pavilion Panel “Is ‘Lifecare’ the Next Killer App?” That Kilopass developed for the Design Automation Conference. The panel is on Monday, June 4, 2012 at 11:30 a.m. in booth 310 of the Moscone Convention Center in San Francisco, Calif. Please plan to attend. Registration is free using the “I love DAC” option in the registration process at this link.
Linh Hong is vice president of sales and marketing at non-volatile memory IP vendor Kilopass Technology Inc.