A bill has been presented to the Canadian House of Commons that apes the wiretapping rights found in the American Patriot Act. Bill C-285, according to analysts, could sour businesses like Research in Motion, who depend on having a locked-down wireless infrastructure. The purpose for The Modernization of Investigative Techniques Act reads:

The purpose of this Act is to ensure that telecommunications service providers have the capability to enable national security and law enforcement agencies to exercise their authority to intercept communications, and to require service providers to provide subscriber and other information, without unreasonably impairing the privacy of individuals, the provision of telecommunications services to Canadians or the competitiveness of the Canadian telecommunications industry.

The wording is obviously very sensitive to the Canadian telecommunications industry, but let’s not sugarcoat it – Bill C-285 would have a serious impact on the trust customers have in Canadian businesses. BlackBerry (NSDQ: RIMM) is the biggest target, since all of its users worldwide have their communications funnelled through RIM’s Waterloo, Ontario servers, but plenty of other Canadian wireless corporations, like carriers, are equally at risk. It is a double-edged sword though – law enforcement bodies would be able to do their job much more easily without all the red tape, and it is well-established that BlackBerrys are one of the favourite toys of criminals (I mean, aside from guns). Is that worth sacrificing consumer confidence and privacy? It’s a tough call.

The bill still has a ways to go before it sees the light of day, however: Liberal MP Marlene Jennings brought the bill back after being shot down in 2006 before election time, and it has only just been tabled again. Whether or not it makes it through the House of Commons and onto the Senate will be seen soon enough. I’ll try to keep tabs on the bill personally, living in the national capital and all.

[ITWorldCanada via BlackBerryRocks]

We only see biometric fingerprint scanners in mobile here and there, but this new one from Sonavation called the SonicSlide STS3000 is apparently the thinnest of them all. This sucker actually uses ultrasound to scan, which apparently cuts down on interference traditionally plaguing semiconductor-based fingerprint scanners. Some of the technical specs include:

• Industry Leading Accuracy
• 500 DPI
• Finger Image Capture: 20 cm/sec
• Low Power Consumption
• Highly Durable (>10M rubs)
• Image Zone: 9.6mm x 0.4mm
• Advanced COF Module:  35mm x 17mm x 1.15mm
• Interface: SPI, 8-bit parallel bus
• Operating Temperature Range:  -30 to +85 C
• Supported Mobile Operating Systems:  Symbian, Windows Mobile, Android

Although Windows Mobile, Android and Symbian are the only supported platforms, I’m curious why these guys have a BlackBerry (NSDQ: RIMM) on their front page…

[via Cellular-News]

CanSecWest has wrapped up, and although there was plenty of action in the Pwn2Own contest for their desktop browser bracket, there was nary a peep from the mobile section – BlackBerry (NSDQ: RIMM), Windows Mobile, Android and iPhone all emerged unscathed. It’s a little crazy when you consider these talented programmers could bust their way into all of the big names (except for Chrome, apparently), and yet not put a dent into the mobile software. Of course, it’s a vastly different ecosystem than desktop computers so there are bound to be some limitations that not even a $10,000 prize could motivate them to surpass.

The mobile platform is limited by both memory and processing power. What that generally amounts to is that the vulnerabilities do exist, but actually exploiting them is complicated and unpredictable. There are additional variables which can be show stoppers just between the hardware manufacturers’s themselves, or the carrier network the phone is associated with. These are just a few examples, and lack of known debuggers for many of the platforms adds limitations.

While it might be safe to call mobile software secure for the time being, I think it’s safe to say the gap between laptop and smartphone is closing, and as handsets expand in function, so will the security holes.

[via TippingPoint]

The BBC is reporting that Security firm Credant has done some research, and found out that many users store data on mobile that easily be used for ID theft if those devices were stolen!

For example, apparently only 60% of users have a password running on their devices. If we consider the fact that devices are now more capable, and more connected, it’s a mildly scary thought – and probably a fear of most IT depts in numbers of companies!

But what about this sensitive data on mobiles? What does it consist of? Well, The BBC, who picked up this research, noted that amongst other things, bank details accounted for 16% of the sensitive data on the personal front. At a very similar percentage, but in the work sphere, apparently work documents were turning up on Mobile devices!

Right now (in the UK anyway), news coverage revolves around the theft/loss of (a) Laptops, and (b) USB memory sticks – there have been many high priority cases in the last 12 months – but how long before the data becomes more commonly lost or stolen from mobile devices – with their plethora of connectivity mediums, they are the perfect digital luggage accessory for the thief for example!

Let us know your feelings on mobile security and data loss – mine are that if it’s corporate use adequate measures should be employed by an IT dept, and if it’s personal, then you HAVE TO use your common sense – whether that’s obfuscating the data you keep, or not keeping the data on there, is of course up to you!

You can read the full BBC article here.

[Via: The BBC]

Running concurrently with their desktop browser hacking challenge (where one clever programmer broke down Safari in 10 seconds), the Pwn2Own contest at CanSecWest will also be testing the security of mobile operating systems. If they can break through any of the five big platforms (Android, BlackBerry (NSDQ: RIMM), iPhone, Symbian and Windows Mobile), reps from those companies are will to shell out $10,000 for rights to the code. It might be more than the $5,000 and prizes they’re giving out for the desktop hackers, but it’s certainly nowhere near the $100,000 that such exploits can fetch on the black market. It’ll be interesting to see what these hackers can dig up… Here’s a run-down of the Pwn2Own itinerary:

Phones (and associated test platform)
* Blackberry(TBA)
* Android(Dev G1)
* iPhone(locked 2.0)
* Nokia (NYSE: NOK)/Symbian(N95-1)
* Windows Mobile (HTC Touch)

Day 1 (Raw functionality out of the box, users configured for service) post phone, post email
* SMS
* MMS
* Email (arrival only)
* wifi on if default
* bluetooth on if default
* Radio stack

Day 2
* All of Day 1
* Email/SMS/MMS (reading only – no secondary actions)
* wifi on
* bluetooth on (not accept pairing by default. Paired with a headset. pairing process not visible)

Day 3
* All of Day 1 and 2
* one level of user interaction with default applications
* bluetooth on (not accept pairing by default. Paired with a headset/other devices upon request. pairing process visible)

What is owned? Must demonstrate…
* loss of information (user data)
* incur financial cost

[via ElectricPig]

BlackBerry (NSDQ: RIMM) has tended to be device of choice for suits, lawyers included, but apparently that’s changing.  A few firms, notably Chapman and Cutler who have been sporting Apple (NSDQ: AAPL) products since 1992, have over half of their staff using iPhones. Corporate network access through web-based utilities is more than satisfactory with the iPhone’s ample Safari browser, and the recent Exchange support makes it a passable e-mail device. Chapman and Cutler are what you might call an extreme example, however – most firms simply offer the iPhone as an alternative for those interested, but the lack of security options, battery life, and e-mailing capabilities remain a deterrent for most lawyers.

“Coming from the BlackBerry world, you get used to the conveniences they have refined,” says [David Gregson, chief information officer at Kilpatrick Stockton]. “A BlackBerry is really an e-mail device with a phone added on, where the iPhone is a phone with e-mail added to it. You can’t search through e-mail or cut and paste, like you can on a BlackBerry. You can only sync with your inbox, not with subfolders. You can’t set priority when sending messages. Attorneys are going to be disappointed if they are real power users.” Kilpatrick currently has no plans to deploy iPhones firmwide, although it has recently given them to two partners in New York who work with Apple.

[via National Post]

There’s an interesting piece on mobilemarketingmagazine.co.uk, where the CTO of a company called UMU Mobile makes a statement about people needing to be more vigilant about the security on their Mobile devices.

Peter Harrison says that since the advent of mobile devices are more capable, we are at risk of a virus causing major damage – such as file wipes, hard resets, or unexpected call charges. He says that the advancement in Operating Systems, and also wireless network types, means it’s now easy and lucrative for malware writers to exploit devices. His final thrust, and not unexpected given he works for a Mobile Security company, is that we should consider some sort of firewall and anti-virus equivalent for our smartphones.

Well I’ve got to say I’m really not on board with many of the arguments that are made. Having myself worked for a Mobile company with an AV offering, it became clear to me that much of what is malware is created by hobby-hackers, and even then, it’s not that common.

In addition, the mobile companies are seen as more of a gatekeeper to subscribers than say ISPs are for fixed-line InterWeb users, and so there’s an expectation that my service provider will stop viruses getting in to the mobile network. Given the lack of viruses that have gone mainstream, and the fact that Series60 has unfortunately borne the (small) brunt of smartphone viruses so far it seems, are the rest of us really that bothered at the moment? Will we be in say 18 months time? Doubt it.

But what say you IntoMobile readers? Should we be wary?

[Via: mobilemarketingmagazine.co.uk]

Anyone in retail will know how commonplace theft is these days. Five-finger discounts are sometimes hard to combat, especially in the electronics industry. With that in mind, Rogers (NYSE: RCI) is going to begin use immediately of an EIR, or Equipment Identity Register. This register will log reports of stolen devices and stop them from being used. If a device is stolen and the IMEI can be identified, Rogers will input the device to the registry which will therefore prevent it from being used on over 40 GSM networks worldwide…So if you steal a device from a Rogers retailer, or have your device stolen… Chances are you’re out of luck, buddy!

Make the jump for more info via an internal document from Rogers.

Thanks to BGR on this one, as this report comes direct from one of their Rogers ‘ninjas’.

Read the full article »

The T-Mobile (NYSE: DT) Sidekick has topped Boston’s list of stolen gadgets, accounting for 14% of all robberies in the area – more than 300 cases in 2008 alone. While it’s not surprising that the Sidekick is a popular target, most steal-worthy toys are top sellers, like the iPhone; the Sidekick, however, has never broken the top five phones. We don’t have these things up in Canada, but having played with one briefly, I can understand how them young whippersnappers dig the spring-loaded flipping screen and buxom texting capabilities.  Protecting against theft is tricky right now – biometrics still aren’t widespread, although patent filings from both RIM and Apple show that they’re interested in solving the problem. One thing’s for sure: higher-end smartphones will be seeing these security features way sooner than mid-range handsets like the Sidekick.

[via AP]

Sounds as though Visa has encountered a little bit of trouble today. Word is they’re being sued by a small US business for infringing a patent which covers the use of SMS messages used to alert spenders of transactions. Charge Notification Services Corporation (CNSC) out of Miami, Florida has taken exception to the service that Visa and some of their partners have recently been offering. Their patent covers charge card transaction authorization and/or notification in real-time via SMS to a mobile device.

Ivan Ochoa, CEO of CNSC commented:

“We are very sorry that it had to come to filing this suit…For months we’ve tried exhaustively to work with VISA with no results. We’re a young company but we have experience with this product and the credit card business as a whole. We have the knowledge and infrastructure to handle even the most extreme transaction volume. We’ve expended considerable resources on patent registration and product development.”

Should be interesting to see how this one turns out.

[Via: Cellular-News]