Date Added: Jan 2010
Mobile phones are increasingly used as general purpose computing devices with permanent Internet connection. This imposes several threats as the phone Operating System (OS) is typically derived from desktop counterparts and, hence, inherits the same or similar security shortcomings. In particular, the protection of login credentials when accessing web services becomes crucial under phishing and malware attacks. On the other hand many modern mobile phones provide hardware-supported security mechanisms currently unused by most phone OSs. In this paper, the authors show how to use these mechanisms, in particular trusted execution environments, to protect the user's login credentials.