Securing Smart Phone Data
Indian Government Wants Blackberry Keys
The recent issues between RIM and India bring Smart Phone security under the microscope. RIM offers “secure” email and text messaging. It’s secure because it is encrypted, and because it routes through RIM servers. RIM holds the encryption keys. India doesn’t like that, and it wanted RIM to make the keys available to the Indian government, so that the government could decrypt and read the messages.
To my knowledge this type of encrypted messaging is currently a RIM exclusive. No other cell handset supplier offers this service. And, it’s one of the main reasons corporations are comfortable sending their internal mail to BlackBerrys, and not to the generic phone.
I assume that in the US, at least, the government doesn’t have RIMs encryption keys. Further, RIM might decrypt particular traffic in response to a search warrant, but that warrant would be the extent of the activity.
So, if you are in India and you have a BlackBerry and you are concerned about message security, what can you do? (Likewise, if you are in the USA, and you are paranoid security conscious, what options do you have?) Make the jump…
Well your options are good, but limited. If you use BES, and your organization (or hosting partner) supports it, you are in luck. RIM now offers FREE S/MIME support. That means you can use your own encryption keys. If you only have BIS, S/MIME isn’t an option. A third party encryption solution is required.
A Texas company (and LiveBolt partner), Media Sourcery, specializes in secure distribution and collection of confidential information. They offer a secure smart phone application (Mobile Data Messenger) that currently works with XML form data. The application will allow you to send or receive encrypted traffic entered into a form (the form can look just like an email message, with to, from and body fields) to another Data Messenger user (or system) for retrieval (or processing).
I spoke with Media Sourcery, and they said their upcoming version offers bi-directional, confidential data exchange, does not require forms, and would work with any file type you care to send. They currently have the ability to send encrypted photos (taken by the BlackBerry camera). The newest BB OS includes viewers for .doc and .ppt files, so the capability becomes immediately more useful.
The other good thing about a third party solution like that of Media Sourcery (which is Java based) is that it will work on other smart phones (think Nokia, which has 40% of the market for smart phones). Nokia currently has no secure messaging capability, as far as we know. PGP for Mobile devices only supports Windows Mobile and Blackberry. A good third party security solution will support your organization’s broad mix of endpoints, and make them all secure.
Here’s to hoping that RIM doesn’t give away the keys to the kingdom. But if they do, we have a few options for securing our mobile email — we just have to do it ourselves.
Filed under: Mobile Access, Privacy, Security, encryption
Thanks - good article
Smart phones are mobile phones with advanced features, generally combining standard communications capabilities with rich data applications and enhanced connectivity. As such, smart phones have as much in common with computers as they do with mobile phones. Smart phones often have fully enhanced applications that allow them to perform tasks that are above and beyond the functions of a regular mobile phone that us supplemented only by sandboxed applications.
Over the last decade, smart phones have been gaining in popularity and functionality. Data theft from these devices have not been too difficult and have resulted in global mobile phone companies looking to determine more effective means of not only securing the data on these devices, but also managing which devices the data should be allowed. Aside from Meta-Data tags on the actual data, what other types of effective mechanisms exist to manage and protect the data?