Access everywhere-secure nowhere? EU-Agency ENISA launches Position Paper on mobile eID security issues

Mobile eID-for better or for worse? Your mobile is fast becoming your new PC, wallet, identity card, but is it secure? The EU Agency ENISA (the European Network and Information Security Agency) launches a Position Paper on authentication issues for mobile

In the near future, we will pay our taxes, buy metro tickets or open bank accounts over our phone. Mobile devices, national ID-cards, smart phones and (Personal Digital Assistant) PDAs, will play an ever more important role in the digital environment. The mobile devices can act as an identity or payment card for online services. In Asia, there is already a growing demand for these services, particularly in Hong Kong, Singapore and Taiwan. The main driver in Asia is consumer interest for convenient, easy solutions, in as few devices as possible. In Europe, by contrast, the main driver is enhanced security with the mobile phone seen as a security identification tool for example in electronic ticketing, payment and even online banking.

But the use of mobile devices also brings new security and privacy risks. A user may continuously leave traces of their identity and transactions, even by only carrying the device in their pocket. There is an increase of stolen mobile devices containing key personal user information. Although secure components (based on smart card technology) exist, due to increasing complexity, mobile devices are now prone to attacks which before applied only to desktop PCs. Among the top ten "e-Threats" in 2008, BitDefender lists exploitation of mobile device vulnerabilities three times. The "E-Threats Landscape Report" tell us that mobile devices are increasingly targeted by new generations of viruses because of their permanent connectivity and the increasing use of SMS scams. Therefore, only seeing the use of mobiles as personal trusted and trustworthy devices should be approached with care. The Executive Director of ENISA, Mr Andrea Pirotti observes:

'New services and opportunities are being developed which many users will find beneficial in their daily life. We strongly believe that if these new technologies are applied the right way, they also constitute a big opportunity for secure, sophisticated authentication mechanisms vital to future applications and services.'

The ENISA Position Paper is available at:
http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_mobile_eid.pdf

Have your say! To influence the future of European Network and Information Security: please give your opinion in the online public consultation:
http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=InfsoNis

Source: ENISA - European Network and Information Security Agency
<>