Access everywhere-secure nowhere? EU-Agency ENISA launches Position Paper on mobile eID security issues

Mobile eID-for better or for worse? Your mobile is fast becoming your new PC, wallet, identity card, but is it secure? The EU Agency ENISA (the European Network and Information Security Agency) launches a Position Paper on authentication issues for mobile

Heraklion, Crete, (PresseBox) - In the near future, we will pay our taxes, buy metro tickets or open bank accounts over our phone. Mobile devices, national ID-cards, smart phones and (Personal Digital Assistant) PDAs, will play an ever more important role in the digital environment. The mobile devices can act as an identity or payment card for online services. In Asia, there is already a growing demand for these services, particularly in Hong Kong, Singapore and Taiwan. The main driver in Asia is consumer interest for convenient, easy solutions, in as few devices as possible. In Europe, by contrast, the main driver is enhanced security with the mobile phone seen as a security identification tool for example in electronic ticketing, payment and even online banking.

But the use of mobile devices also brings new security and privacy risks. A user may continuously leave traces of their identity and transactions, even by only carrying the device in their pocket. There is an increase of stolen mobile devices containing key personal user information. Although secure components (based on smart card technology) exist, due to increasing complexity, mobile devices are now prone to attacks which before applied only to desktop PCs. Among the top ten "e-Threats" in 2008, BitDefender lists exploitation of mobile device vulnerabilities three times. The "E-Threats Landscape Report" tell us that mobile devices are increasingly targeted by new generations of viruses because of their permanent connectivity and the increasing use of SMS scams. Therefore, only seeing the use of mobiles as personal trusted and trustworthy devices should be approached with care. The Executive Director of ENISA, Mr Andrea Pirotti observes:

'New services and opportunities are being developed which many users will find beneficial in their daily life. We strongly believe that if these new technologies are applied the right way, they also constitute a big opportunity for secure, sophisticated authentication mechanisms vital to future applications and services.'

The ENISA Position Paper is available at:

Have your say! To influence the future of European Network and Information Security: please give your opinion in the online public consultation:

ENISA - European Network and Information Security Agency

The European Network and Information Security Agency (ENISA) is an agency of the European Union. ENISA was created in 2004 by EU Regulation No 460/2004 and is fully operational since September 1st, 2005. It has its seat in Heraklion, Crete (Greece). The objective of ENISA is to improve network and information security in the European Union. The agency has to contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market. ENISA assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future Community legislation. ENISA ultimately strives to serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information security.

Press releases you might also be interested in

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.