ITU-T Work Programme

[2025-2028] : [SG17] : [Q6/17]

[Declared patent(s)] - [Associated work]

Work item:

X.1129 (ex X.mt-integrity)

Subject/title:

Security guidelines for mobile terminal integrity protection

Status:

Determined on 2025-04-17 [Issued from previous study period]

Approval process:

TAP

Type of work item:

Recommendation

Version:

New

Equivalent number:

Timing:

2025-04 (Medium priority)

Liaison:

Supporting members:

Egypt, Saudi Arabia, China Information Communication Technologies Group, China Telecom, vivo Mobile Communication

Summary:

The goal of mobile terminal integrity protection is to ensure that a mobile terminal behaves in an expected manner. That means, hardware, firmware and software (e.g. operating system, pre-installed apps) on the mobile terminal have not been compromised by any means or in any way. If an attacker compromises firmware or software, or modifies the configuration of hardware (e.g. ROM, retention cells), or changes the hardware (e.g. flash memory), the attacker could control or subvert functionality of the mobile terminal. When a mobile terminal switches on, it begins with a boot phase to verify hardware components and load one or more software modules. After that, the mobile terminal enters a runtime phase and reaches an operational state, in which the mobile terminal is ready for its intended purpose. In order to fix the vulnerabilities and weaknesses of firmware/software (FW/SW), the mobile terminal needs to be updated from time to time. This is called FW/SW update phase. Each of these phases is an opportunity for an attacker to introduce security threats to the integrity of mobile terminal. This Recommendation analyses security threats to mobile terminal during the boot phase, runtime phase and FW/SW update phase, and defines security requirements and provides security guidelines for mobile terminal integrity protection

Comment:

Reference(s):

[SG17-TD106-R1/WP2 (2025-12)

]