Better security for mobile phones

Chipmaker Texas Instruments and chip designer ARM are working together to beef up security for handhelds following the emergence of the first virus to target cell phones.

Dave Steer, ARM director of segment marketing, said the two companies, both dominant suppliers and designers of cell phone chips, are "burying the security into the hardware" where it's tougher to get at.

Cell phones are typically secured by software that encrypts subscriber identity or the unique ID number of the phone. But increasingly savvy cell phone hackers have turned these once tight security measures into loopholes.

Because ID numbers are used as security gates for cell phone services, they can compromise customer accounts if they fall into the wrong hands. Cell phone hacking is a problem in Europe, for example, where thieves steal phones, change the phone identification number, then resell them after filling them up with pre-paid phone minutes.

In theory, consumers should be able to call up their operator, add the phone to a list of stolen equipment and have it deactivated. But that process breaks down when people can "crack these things and change these numbers", Steer said.

A hardware approach means hackers have to reprogram chips, which is much harder than untangling encryption, according to a TI representative.

The companies' announcement follows reports of Cabir, the first-ever cell phone virus, which surfaced approximately two weeks ago. The virus apparently uses the Bluetooth short-range wireless feature of smart phones that run the Symbian operating system to detect other Symbian phones. It then transfers itself to the new host as a package file.

Cabir poses little threat because the user of a targeted phone has to approve a download from an unknown source. But future viruses for cell phones won't be as timid, Steer said.

Ben Charny writes for CNET News.com