How secure are current mobile operating systems?

Abstract

There are numerous initiatives to use mobile devices as so-called "trusted pocket signers" to produce electronic signatures. The actual signature is generated by means of a conventional signature card. The mobile device serves as the card reader, storage device for the document to be signed and as a display for the signature application. The operating system used on the mobile device has thus a pivotal importance to ensure the integrity and accountability of the electronic signature. Also mobile devices are used to provide mobile workers with access to the corporate backend. We examined the currently available mobile operating systems in regard to their security and conclude that not a single one is secure enough for "trusted" signing and only partially for secure backend access. We show two possible ways of how to make mobile devices more secure and possibly to enable something close to "what you see is what you sign". © 2005 by International Federation for Information Processing.