Linux phone stack becomes more secure
Jul 26, 2007 — by LinuxDevices Staff — from the LinuxDevices Archive — viewsA la Mobile has added advanced security features to its embedded Linux stack for mobile phones. New security-oriented features in its Convergent Linux Platform (CLP) are said to include pre-boot OS signature checks, filesystem encryption, application sandboxing, and secure OTA (over-the-air) firmware upgrade capabilities.
The new security features, dubbed “Mobile Security Engine” (MSE), are said to operate “at the most fundamental layer,” and the company claims to have a “pending patent focused on the location of the security technology — at the bootloader and kernel levels.”
Convergent Linux Platform architecture
According to a la Mobile, MSE comprises:
- Pre-boot security checks to verify OS integrity; works with OTA firmware updates
- Filesystem encryption, with encryption keys stored in CMOS on the processor
- All applications in CLP stack are signed; unsigned applications can be run, but are sandboxed so they can not gain access to the telephony interface, filesystem, addressbook, and so on
Claimed benefits include protection from malware, malicious attacks, and unauthorized access.
Asked how pre-boot security and filesystem encryption could protect data, given that most phones are lost or stolen in a pre-booted state, a la Mobile explained, “A component of the Mobile Security Engine (MSE) allows for the handset vendor, or the enterprise customer, or the consumer to elect to 'lock' any files/items (e.g., contact list, corporate database, etc.). To unlock and gain access to the functionality and data, the user must enter a PIN/Password.”
Eight million phones will be lost this year, including 700,000 smartphones, according to research from In-Stat, as cited by a la Mobile. “Smart phones are a corporate data security breach waiting to happen and make headlines,” an unnamed In-Stat analyst reportedly wrote.
In a statement, CEO Pauline Lo Alker said, “Increased use of data-rich applications leaves mobile devices more vulnerable to a variety of security threats.”
The new MSE features are “built in” to CLP, rather than available as a separate option, the company said.
4br>Availability
A la Mobile's Convergent Linux Platform with Mobile Security Engine is available now for various XScale-based mobile phone application processors. Touted as the industry's only “complete” stack, it is said to include “all device drivers, Linux kernel and middleware, a browser, Java, Adobe Flash, and a core suite of applications such as messaging, push-mail, VoIP, firmware over-the-air update, and streaming multimedia.”
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.