Access everywhere-secure nowhere? EU-Agency ENISA launches Position Paper on mobile eID security issues
Mobile eID-for better or for worse? Your mobile is fast becoming your new PC, wallet, identity card, but is it secure? The EU Agency ENISA (the European Network and Information Security Agency) launches a Position Paper on authentication issues for mobile
But the use of mobile devices also brings new security and privacy risks. A user may continuously leave traces of their identity and transactions, even by only carrying the device in their pocket. There is an increase of stolen mobile devices containing key personal user information. Although secure components (based on smart card technology) exist, due to increasing complexity, mobile devices are now prone to attacks which before applied only to desktop PCs. Among the top ten "e-Threats" in 2008, BitDefender lists exploitation of mobile device vulnerabilities three times. The "E-Threats Landscape Report" tell us that mobile devices are increasingly targeted by new generations of viruses because of their permanent connectivity and the increasing use of SMS scams. Therefore, only seeing the use of mobiles as personal trusted and trustworthy devices should be approached with care. The Executive Director of ENISA, Mr Andrea Pirotti observes:
'New services and opportunities are being developed which many users will find beneficial in their daily life. We strongly believe that if these new technologies are applied the right way, they also constitute a big opportunity for secure, sophisticated authentication mechanisms vital to future applications and services.'
The ENISA Position Paper is available at:
Have your say! To influence the future of European Network and Information Security: please give your opinion in the online public consultation: http://ec.europa.eu/...
About ENISA - European Network and Information Security Agency
The European Network and Information Security Agency (ENISA) is an agency of the European Union. ENISA was created in 2004 by EU Regulation No 460/2004 and is fully operational since September 1st, 2005. It has its seat in Heraklion, Crete (Greece). The objective of ENISA is to improve network and information security in the European Union. The agency has to contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market. ENISA assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future Community legislation. ENISA ultimately strives to serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information security.