EDITORIAL: In 2015, security will start with the handset.

security on the phoneContactless Intelligence Weekly News Review Editorial – Week 51 2014:

It’s that time again, when I find myself typing the last editorial post of the year. A candid review of the past twelve months springs to mind and this year has certainly had its real breakthroughs. Some of the true winners this year, in our opinion, were Transport of London and Apple. Their announcements really stood out and had real impact on the industry as a whole.

Transport for London introduced contactless payments for London’s public transportation system and, in doing so, brought contactless payments into the mainstream. Apple finally released a phone that was both NFC enabled and supported their own mobile wallet – Apple Pay. This, for many, was an enormous step forward in bringing the public focus back to mobile payments and the idea of a mobile wallet. We shall have to wait and see what will happen when the Apple Watch is released early next year (and joins other similar available items in the market) and how wearables will start to factor into the equation. Ultimately though, it will mean a further reluctance on users behalf to part from their precious smartphone or, as is quickly becoming evident, their social/economical lifeline. The phone is becoming more than a mere phone.

So, with that sentiment in mind, the focus of the end-of-year editorial is not a “Best of 2014” but on what I think will be the most important subject for 2015. Namely the rise of the BYOD (Bring Your Own Device) in corporate environments and the need for further security in and around the smartphone. If we, as an industry, are driving users to load cards and wallets and whatever onto their phones, then we can hardly be surprised if those same individuals will both carry and expect to use their devices within a work environment. The German industry association BITKOM sees a growing trend in the use of personal devices at work: According to their BYOD survey, 43% of German ICT companies allow their employees to connect to the corporate network using their own devices. The motivation for such a choice is that 81% are hoping for a higher employee satisfaction, 74% expect more efficiency and about 40% want to be perceived as a modern employer. In this way the need for security both for the individual and for organisation in whose environment they operate will become of paramount importance.

It’s not just employers who are looking at the smartphone and their ubiquitous involvement in everyday lives. Governments, too, are looking to make their citizen documentation available within a smartphone environment. Only last week I saw a piece that claimed driving licenses were coming to an iPhone near you in 2015. Says Josh Smith on ‘Gotta be Mobile’, “We already carry credit cards on iPhone and Android devices with Apple Pay, Soft Card, Google Wallet and other secured services and the Iowa Department of Transportation is investigating the right way to deliver an e-driver’s license on iPhone and Android. This new driver’s license would be in addition to or even in place of a traditional plastic license. Combined with Apple Pay, the iPhone could actually serve as your only wallet for many trips. This is not just a backup driver’s license on your iPhone, but the real deal that you could use anywhere you need a state-issued ID. That includes traffic stops, air travel and even when you are carded at bars or liquor stores”. “We are really moving forward on this,”DOT Director Paul Trombino told the The Des Moines Register, adding, “The way things are going, we may be the first in the nation.” Iowa and many other states already allow drivers to show electronic proof of insurance, so adding Android and iPhone driver’s licenses are a logical next step. I should also use this moment to remind readers that next year we will be hosting the Silicon Trust’s Mobile ID Forum during the Contactless Intelligence Conference (29.04.2015) that will look further into such topics.

Late 2013 and early 2014 saw the introduction of Host Card Emulation (HCE) as a software/cloud alternative to an embedded secure element within the handset or SIM. This year we saw the spotlight fall upon Tokenization (again, pushed by Apple and backed by such heavyweights as Visa, MasterCard and American Express). The need for increased security while carrying out a payment transaction is one that is accepted and well understood but we may be about to move beyond that and to embrace the need for security in ALL online/offline interactions. Last week, Global Platform released an infographic (available below) that looks at the TEE (Trusted Execution Environment). As Global Platform says, “The richness of today’s connected devices such as smartphones, tablets, set-top boxes and televisions, is bringing new challenges to service providers wanting to protect their offering against hackers and malware attacks. At the same time, an increasing number of applications are hosting sensitive, personal and confidential information that could have significant consequences if compromised. Such applications require more protection than can be offered by software solutions alone. This is where the trusted execution environment (TEE) adds value.” The infographic looks at the TEE’s use cases to protect services in connected devices (premium content, mCommerce/mPayments and enterprise/government environments) and the market issues that are driving demand for this innovative technology.

But the question of securing the actual smartphone is one that will refuse to go away anytime soon. Particularly as the jury is still out on wether the solution should be entirely software or hardware-based, embedded or removable, or a mixture of all. There are a variety of security companies working in this area such as Certgate or Go-Trust and, of course, there is Silent Circle’s Blackphone, voted ‘One of the Top Ten Technology Breakthroughs of 2014’ by MIT Technology Review. Generally speaking, in 2014, the industry started to get organised in terms of security standardisation: the FIDO alliance is growing from strength to strength, the GSMA is getting involved… So 2015, in our opinion, will see a lot of movement and roll-outs in the area of data protection, privacy, security vs. convenience, two-factor authentication, to name a few. If implementors, from retail to governments, encourage users to engage in handset-based digital interactions such as payment, loyalty, marketing, transport, ID verification and eGovernment services etc., the personal handset WILL become an increasingly attractive target for hackers. I do not think that I am being unduly negative when I say that I expect to hear about the first smartphone operating system hack next year. If we wish the future to be mobile then we should take steps to ensure that it is also safe and secure.

So there you have it; a topic that I expect to delve further into next year. This is the last Contactless Intelligence editorial of 2014. So all that remains for me to do is to wish all our partners, contributors and, of course, our readers a very Merry Christmas and a Happy and Prosperous New Year!

Steve Atkins
Contactless Intelligence

Tags: , , , , , , ,

Categories: Editorial, Other, Security

CONNECT with Contactless Intelligence

Connect with us here

Trackbacks/Pingbacks

  1. Can you trust your handset? | Cyber Matters - June 16, 2015

    […] article “In 2015, security will start with the handset” looks at some of the progress needed in making the handset trustworthy. But this seems a […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: