Security issues for downloaded code in mobile phones

摘要

'Software defined radio' (SDR) is a technology that will appear in future generations of mobile phones, i.e. following the third-generation mobile phone technology that is currently being defined and developed. Early versions of 'pragmatic' SDR will allow the terminal to be reconfigured at any level of its protocol stack. Ultimately, the 'pure' SDR technology will allow a mobile phone or terminal to have its air interface software configured or reconfigured by other software (or software parameters) that have been downloaded to the terminal, e.g. over the air, or from a remote server via the Internet and one's personal computer (PC). A number of security issues arise with downloaded code that implements the air interface functions, and these may not be obvious simply from looking at the way PC software is updated on-line today. This paper starts with an outline of the code that allows a mobile phone to operate over a particular air interface. This sets the baseline for a discussion of the security issues surrounding the change of this code from one that is fixed and downloaded once only, to code that is reconfigurable during the life of a product.