Paris Hilton Hacked. Are YOU Next?

Paris - The recent hacking of Paris Hilton's address book-stored on the TV celebrity's Sidekick II smart phone and backed up by T-Mobile's server-has raised questions in the engineering community about whether personal data is adequately protected in the current generation of cellular products.

In Hilton's case, industry observers think the attack penetrated T-Mobile's server rather than the client phone from Danger Inc. Nonetheless, to stave off such attacks, chip vendors, subscriber identity module (SIM) card manufacturers and mobile-handset companies are already strategizing new security features in the next wave of phone and network designs.

While there are operator-specific implementations for protecting private data stored in a handset and in a network, a personal identification number (PIN) is one of the most common ways to safeguard personal information on the phone today. "If an intruder gains access to a user's telephone physically [that is, if it is stolen], the only defense against data theft is typically PIN-based security of the handset itself," said Mike Yonker, director of technology strategy at Texas Instruments Inc.

A step beyond the PIN, questions about mobile security abound. Where should critical information be stored-in SIM cards or handset memory? What sort of hardware/software blocks should be added to a handset for security? Does a secure protocol exist in the communication path from an individual SIM card to an operator's database? How should data stored by the mobile operators be protected?

Simple backup
Before debating data protection on a handset itself, some experts responded to the Paris Hilton case by asking why private data, like an address book, needs to be stored in a network operator's server in the first place.

The reason: Operators prefer to "mirror" such data because it offers simple backup and recovery of the lost material if one's phone malfunctions, gets lost or is upgraded. This precaution also enables users to input data through a Web portal.

Today, an address book stored in a SIM is uploaded to an operator's server using the standard base protocol called 3GPP 23.048, said David Naccache, vice president for research and innovation at Gemplus SA. While operators' specific security measures vary, data is generally "not sent in the clear," Naccache said, since the data communication path is encrypted by a system such as triple-DES cipher block chaining. Although the protocol is publicly available, "keys used by operators to encrypt data in their databases" remain secret, he added. When requested by a SIM card holder with a correct PIN code, the address book is made available by the operator pulling out the key and sending the information. The SIM then decrypts the data, Naccache explained.

Asked whether the path between the SIM and the operator's server is a weak link, Naccache said, "To the best of my knowledge, any known attack [on that path] has been detected by the industry."

Even though certain standards may cover client-server security, a bigger question is whether the data itself needs to be secured separately on the client device and on the server, and if so, how.

Most phones today store an address book in both the SIM card and the handset, with no specific encryption done to it. (Hilton's Sidekick II, for example, comes with a SIM card.) Contact data on the SIM card is often copied to a phone's main memory, "as this greatly improves the responsiveness of the address book," said Edgar Langen, senior director for security and connectivity at Philips Software (Eindhoven, Netherlands). "SIM card access is inherently slow."

Langen added that address book data "in general is not stored in a protected manner on the phone."

A smart-card chip on the SIM card, in theory, could block access if a false PIN were repeatedly attempted, said Gemplus' Naccache. But the weakest link, in this case, could be the user. Based on forensic studies he has done, Naccache said that "30 percent of SIM cards and handsets are left unprotected by users."

Proponents argue that SIM cards inherently offer greater safety than a handset to critical private information. "If everything is equal, a SIM card-in general-is better because it's a self-contained, tiny device which is easily analyzable," said Naccache. Its smart-card chip can be analyzed by acquiring the electromagnetic emanations from a smart card or by using power, laser optics or voltage glitch injection. In contrast, the "odds are bigger" for security flaws in a phone, said Naccache, because a handset consists of so many hardware and software components supplied by various vendors.

Not everyone agrees with this assessment, however. Many proponents of integrating a security block onto a handset's application processor, for example, don't see a SIM-vs.-handset issue. Rather, it's a matter of the phone needing data encryption beyond PIN code protection.

"In either case, [hacking] would have been avoided if the phone had data encryption for both encrypting the information on the phone as well as protecting the encryption keys on the phone," said David Potts, senior vice president and general manager of SafeNet Inc.'s Embedded Security Division. Potts said the company's SafeZone products perform both of these encryption functions.

SafeZone is a hardware security foundation designed to let chip vendors integrate security cores into a range of processors. While conventional methods store static keys in a manner that is easily compromised, SafeZone provides what the company said was "maximum protection" by dynamically creating and storing root and content encryption keys, and handling certificates and credentials behind a security barrier. This enables applications to use keys without ever exposing them to the run-time system or other applications, Safenet said.

Texas Instruments, working with SafeNet, has begun integrating the technology into its Omap processors. Convinced that conventional cryptography-based software is not secure enough to forestall the rise in mobile-phone hacking and fraud, TI, along with Orange and with Trusted Logic, demonstrated a system-level wireless-security handset mechanism at the recent 3GSM World Congress. Featuring the Trusted Logic Security Module for a contactless payment application, the demo used Orange's OMA digital rights management (DRM) v2.0-compliant secure multimedia-content downloads, rights management, decryption and play technology. TI's own RFID technology was secured by 128-bit triple-DES cryptography as the air interface.

Intel Corp., for its part, is shipping to select customers a version of its Bulverde Xscale-based applications processor for mobile devices that includes a hardware security block based on Trusted Computing Modules. The PXA2705 combines hardware and software elements to give added security for transactions, said the company. Further, Intel said the Xscale can provide services such as trusted boot, secure storage of private information and cryptographic keys, and support for common security protocols.

"I think that, in general, all data on the device and from the device should be encrypted for protection," said TI's Yonker. "I believe this is a much greater system design issue that goes beyond the SIM." Philips' Langen said, "Security and data protection can be implemented without using SIM cards, although SIM cards allow for a higher level of security."

Cost of security
Of course, security imposes costs, said Gemplus' Naccache. To build resistance against physical probing or analysis on a handset, one needs to consider the power consumption that comes with the stronger processing power, as well as the infrastructure cost. Operators are deploying different security systems, including one-time password protection, he added. The question is whether your device-with the level of security you have now-serves your purposes.

The clear trend in the mobile industry is that more complex applications on handsets beget beefier security measures. TI's Yonker categorized security in five areas: terminal security (including secure boot, data security, SIM lock and so on); content security, involving digital rights management and the like; financial transactions, such as mobile payments; enterprise security (virtual private networks, antivirus safeguards and so on); and device management.

"Building blocks that are needed for DRM can also be used for securing private data," Philips' Langen suggested. He mentioned forward-locked (that is, unprotected) content in DRM implementations that is stored in phone memory in an encrypted form.

"That type of encryption can be applied to any type of data. Other mechanisms that are relevant are application authentication and application isolation," Langen added.