23/04/22Confidential
Security of Mobile Terminal & Cell Phone
McAfee Japan Yoshihiro Kato
Cell Phone Environment & Virus in Japan
23/04/22 Page 2
AGENDA
Cell Phone in Japan Now Transition of Internet Population in Japan
Virus Possibility in Cell Phone
Cell Phone Function & Service in Japan Approach to Cell Phone Security
Engineering Issues Required Functions Cell Phone Structure & Service Overview Cell Phone Security in Future
23/04/22 Page 3
Cell Phone in Japan NowCell Phone Subscriptions in
Japan (as of 30/Sep/04)
Total 83,834 (unit: 1,000)
Data Source: Telecommunications Carriers Association (TCA)
WW Cell Phone Shipment FCST (2004)
Total 479,400 (unit: 1,000)
Data Source: Japan Electronics and Information Technology Industries Association (JEITA)
・ Gartner FCST: 620M (Sep.2004)
3G Terminal: 24938
23/04/22 Page 4
通信種別
PDC
cdmaOne
W-CDMA
CDMA2000
Cell Phone in Japan Now
71%
Total Number 83,467,800 (as of 31/Aug/04)19%
3%
7%
Data Source: Telecommunications Carriers Association (TCA)
Categorized by Messaging Method
23/04/22 Page 5
Cell Phone in Japan Now
契約者数
NTTDoCoMo
KDDI
Vodafone
Other
Total 83,467,800 ( as of 31/Aug/04 )
19%
4%
22%56%
Contractors by Carrier
Data Source: Telecommunications Carriers Association (TCA)
23/04/22 Page 6
Transition of Internet Population in Japan
Transition of Internet Access
0
1000
2000
3000
4000
5000
6000
7000
2000 2001 2002 2003
万人
DSL Service
FTTH Service
CATV
Mobile Phone
Dial-UP
Data Source: Telecommunications Carriers Association (TCA)
23/04/22 Page 7
Web Access Service● Using Compact HTML
Mail Service● Mailing inside the carrier (e.g. Sk y mail)● Internet Mail
Contents Service● Various Contents Service: Game, MusicDownload
Communication Service● TV Telephone
Media Access Service● TV, Radio
Transition of Internet Population in Japan
23/04/22 Page 8
Transition of Internet Population in Japan (2)
--- Example: NTTDoCoMo Services ---
Cell Phone as Purse (FeliCa)
Bar-code Reading
● Shopping, Air-ticket, Cinema, Concert
● URL, Telephone No.
23/04/22 Page 9
Approach to Cell Phone Security
February 2001● Start Studying the Possibility based on the Original Idea Collaborate with Fujitsu BROAD SOLUTION & CONSULTING Inc
● Information Exchange with UK Engineering Team Difference from Smart Phone
April 2001
● Start Approaching to the Carriers Since May 2001
● Joint Announcement with NTTDoCoMo October 2003
23/04/22 Page 10
Virus Possibility in Cell Phone Java Implement
API false movement Expand App space and Data space
Additional communication device
SPAM mail
● Application Download function
● Memory-stick, miniSD
Other Communication method ● Bluetooth
● Image Data , Sound data
23/04/22 Page 11
Engineering Issues
Operating System
Developing Compact Engine
● Most makers adopts their original OS and they are closed.
● Symbian (NOKIA, MOTOROLA, Sony Ericsson: Europe & North America
Supposing the Functions to ImplementSupposing the Necessary System for Operation
● Linux (NEC …)
23/04/22 Page 12
Other Issues
Cooperation between Cell Phone Maker & Carrier
Secure Engineers● Micro i TRON Engineer
23/04/22 Page 13
Required Functions Interrupt of All I/O
Renewal Function of Defined Information
On-demand Operation
● Necessity of operation environment at lower layer
23/04/22 Page 14
Cell Phone Structure & Service Overview
Operating System Micro I TRON
Flash ROM
Driver (Sound Flash-Mem)
API Java VM
App
Data Area
App
App
Code Area
Internet
Com
mun
icat
ion
Storage
23/04/22 Page 15
Cell Phone Structure & Service Overview
Inter-net
Unjust Mail,Java etc.
Unjust Access
ASP System
CarrierPhone Network
Data centerData center
McAfee AVERTMcAfee AVERT
DAT
phonephoneMakerMaker CarrierCarrier
Customer D/B
Technical Information
23/04/22 Page 16
Cell Phone Security in Future
Offer Various Services ● Ticket Reservation, GPS
Multi Functional Mobile Terminal (PC?)
Expand to Other Devices such as Automobile
Connect to IP v6 Network(P2P Data Communication)
● Multi-CPU, Large-Memory
23/04/22 Page 17
Cell Phone Security in Future
Contents Access Control● Block Harmful Sites
Identify Every Individual (User)● Identify by Fingerprint or Code
Prevent Unjust code invasion / operation
23/04/22 Page 18
Mobile Virus – Concept Virus WinCE/Duts (Jul/04) Symbian/Cabir (Jun/04)
First Mobile Virus in the world Attach the body to the message via Bluetooth Infected by opening the attached file Infect to the specific series of NOKIA only
First WinCE virus in the world Copy itself to the opened file Infected by opening the infected file Infect to the recent CE PDA
23/04/22 Page 19
Thank you!