Phones are rapidly moving to the forefront of our electronic connectedness (or really, they are already there), as opposed to being a sort of auxiliary device that can also do some things. The super-fast hacking of the iPhone's fingerprint scanner security feature got me thinking about some of the assumptions we make.
First, more ways to log in, perhaps unintuitively, makes a platform less secure. This is exactly analogous to having multiple doors into your house, all with different types of locks. A thief only has to figure out how to exploit one of those, and they are in. The key here is that any one door gives full access, as opposed to multi-factor authentications (ex: voice+fingerprint+passcode) where the thief has to go through ALL of the doors to get in. But really, let's assume a good thief can break through any of these doors and therefore we have to have a backup plan.
A technique to help users mitigate the loss/hacking of their phone is remote-wipe. Since we're talking about Apple, we'll keep using them as the example (though the concept should apply equally for any phone maker). I was debating if a thief could do something like:
1. Steal phone, turn it off
2. Turn on the phone in their underground lair where there's no cell signal
3. Take as much time as they want to hack the fingerprint reader using a print left on the phone by the original owner (** - what are the odds, actually?)
4. Connect to a firewalled internal network that blocks attempts to communicate with Apple's services (and therefore presumably could avoid the remote-wipe instruction)
5. Go party with data on the phone (email, pics, texts, ...), syncable by the phone (email, ... ), pushable by the phone (bank account app, perhaps ... ).
Turns out the iPhone can be put into airplane mode in iOS7 without even unlocking the phone, so steps 1 and 2 converge to "put phone into airplane mode". In this particular vein, the fingerprint is only valid for 48 hours after the last successful login (seems a pretty long time ... ), so the thief would have 2 days to replicate the fingerprint. At any rate, the remote-wipe may be easier to block than desired. At that point a user would have to resort to changing all their passwords, but that still leaves a thief access to anything cached on the phone (which would be quite a bit of personal data ... ). Hmm. Perhaps security features should be left as simple as possible?
** - I don't know how clear a print needs to be for a thief to be able to reproduce it. Just looking at my phone, I think there was one "good enough" one after I pulled it out of my pocket. For the scanner feature to be useful, it seems like a user would have to use their thumb, which is also a finger they are most guaranteed to place all over the rest of the body/screen as well.
No comments:
Post a Comment