To define security and assurance requirements for smartphones and tablets, mitigate potential risks and protect users, ETSI has released a world-class standard ETSI TS 103 732, called ‘Consumer Mobile Device Protection Profile’. The specification identifies key security and privacy risks for user data and provides appropriate protection.
“Following the excellent improvement in security achieved with ETSI EN 303 645 for consumer IoT devices, ETSI has been working on securing other consumer devices. ETSI TS 103 732 provides a complete solution to secure smartphones and tablets, minimizing privacy risks and maximizing user confidence that their smart devices protect their data" says Alex Leadbeater, ETSI cybersecurity chair.
The new ETSI standard specifies security requirements for consumer mobile devices. It ensures the protection of key user data such as photos, videos, user location, emails, SMS, calls, passwords for web services, and fitness-related data. It also has a broad coverage of security features including cryptographic support, user data protection, identification and authentication, security management, privacy protection, resistance to physical attack, secure boot, and trusted communication channels.
In addition, ETSI TS 103 732 defines the security assurance requirements based on common criteria and it is therefore also suitable for certification initiatives such as the European Cybersecurity Act. The standard was developed to support consumer mobile devices manufacturers to achieve security certification and offers a common methodology for evaluators to assess the security of consumer mobile devices.