Security
Mobile device security breaks out into several distrinct areas, and mobile OEMs seek standard solutions to the following issues:

• Wireless Network Security: While the wireless networks that carry mobile traffic are theoretically "closed," they can be compromised, both in terms of access to client and infrastructure devices, and to the streams of voice and data that they carry. This area, however, is usually the purview of carriers and operators, who present fairly well-defined requirements to handset OEMs. At present, OEMs seem content with how a Linux-based phone fits into their wireless (GPRS/CDMA) security implmentations. However, with the addition of Wi-Fi and Bluetooth to handsets, a new set of concerns arise, especially after accounts of phonebook cracking and other skullduggery via Bluetooth.
• Content Security: Handset suppliers have requirements to protect both users' personal content (phonebooks, e-mail, etc. and commercial content (movies, music, and other copyrighted material) that are increasingly ubiqutious on smart phones. While a range of strong encryption technology is readily available for Linux, OEMs aver that the same is not true for broader DRM and other content protection needs.
• Physical Access: Unlike the remote servers and clients that populate other networks, phones are by definition "handy" - that is, the so-called "black hats" can use physical means to crack device integrity and security. Opening the "clamshell" plastic that protects a phone's innards can also expose peripheral interface pins and allow probing and malicious signal injection. Phones can also be baked - literally heated up - and dropped, shocked, or similarly abused to induce failure modes that further enable circumvention of security precautions.
• Exploit Resilience: Security measures focus on limiting access, often creating a false sense of security on the devices themselves. Moreover, embedded toolkit makers usually ship their tools and platforms with the security minimized or disabled to facilitate development, leaving the final secure configuration and deployment up to OEMs, integrators, and their customers. Misconfiguring firewalls, failing to apply up-to-date security patches, leaving a single physical port exposed, or running multiple functions as root (all common with embedded applications) can lead to deploying easily exploitable devices, and both leaving the phones and networks open to compromise.

OSDL MLI - Bridging Gaps
In October 2005, OSDL launched its fourth and latest working group, the Mobile Linux Initiative. MLI includes members from all levels of the mobile telephony ecosystem - chipset makers, Linux distribution and platform suppliers, middleware ISVs, handset manufacturers, integrators, carriers, and operators. Dubbed "Carrier Grade Linux for handsets" by several OSDL members, MLI will strive to address the platform challenges described in this article "from the kernel up" to accelerate Linux adoption on mobile phones and other converged voice and data devices.

In contrast to other industry groups, MLI intends to focus on solution creation, not merely publishing APIs and new standards that can end up as unfunded mandates. To that end, MLI members are today marshaling resources to create unique implementations to meet handset OEM, carrier, and operator needs, to foster the advance of existing Open Source projects, and to open existing internal technologies for the benefit of the MLI audience and the community in general.

To learn more about OSDL MLI, membership and activities, visit www.osdl.org/lab_activities/mobile_linux. You can also join the open MLI mailing list. If your company participates in the mobile-wireless ecosystem, please also consider joining OSDL and contributing to the MLI working group.

MLI Mission:
To accelerate Linux adoption in the mobile space

• Identify and address technical and non-technical industry requirements
• Create and foster implementations in Open Source
• Advocate and explain industry needs to the kernel/Open Source community
• Promote mobile Linux (including educating carriers about the benefits of Open Source)
• Clarify legal and regulatory issues surrounding mobile phones as they relate to Linux and Open Source
• Enable and foster pre-platform developer ecosystem