Ten Dangerous Beliefs About Smart Phones

jcatcw writes "According to Computerworld, lots of assumptions about the security of smart phones are wrong, and any high-value targets, such as political candidates or organizations with valuable data, should treat them carefully. They are not, contrary to common beliefs: just phones with cool features: 'A phone call over a landline used to be an acceptable method for communicating out-of-band administrative information. For example, a system administrator might call you back at your desk to verbally give you a new password (which you then changed, right?), This worked because the desk phone was isolated from the network and system resources to which you were being given access. Not so anymore. If you lose your smart phone and IT calls you back on that mobile number to confirm the trouble ticket, is it a meaningful method of verifying the identity or location of the person who answers?'"

Fortunately some are taking this seriously

To anyone involved with security and operating systems, this is like a big "duh!". Fortunately, some people who are experts in this area are taking this problem seriously.

First, you start with the library which talks to the Telecommunications chip. And you make absolutely certain that security is the top priority (ala OpenBSD):
            http://libgsmc.sourceforge.net/

Second, you add a completely Open Source effort, for both the hardware and the software.
            http://hbmobile.org/

Experience and history has shown that there's no other solution for secure solutions.

Now there are other Open Source efforts out there, most notably OpenMoko and TrollTech's Green Phone. But neither of these efforts have impressed me as taking security seriously. They certainly haven't said as much. They are both doing an otherwise excellent job, but I do wish they'd change their attitude here.