backtop

Print 8 comment(s) - last by FITCamaro.. on Mar 19 at 4:34 PM
Although some people password protect their phones, not enough is being done to stop possible data breaches

As more mobile phone owners begin to sign up for data plans allowing them to connect to the internet, they're also possibly opening themselves up for future security problems, analysts believe.

The Credant survey also revealed 24 percent of those surveyed store their PIN numbers and passwords; 16 percent have their bank information stored; and 11 percent keep their Social Security numbers and tax-related information saved; with 10 percent permanently storing their credit card information.

A recent survey conducted by security firm Credant indicates six in 10 people use passwords to stop unwanted entry into mobile phones, although security leaks are still possible.  Virtually everyone -- 99 percent of people -- uses their phones for work-related business, with as many as 26 percent of them being warned by their employer to stop the practice.

Even with so many people using passwords, up to 80 percent of mobile phone owners are at possible risk for identity theft.

"If you are ever going to store sensitive information on your mobile phone you must ensure it's protected by a good password - or even better a pass-phrase," Sophos Senior Technology Consultant Graham Cluley told the BBC.  "It shouldn't be a simple word like password or a dictionary word, or something easy to guess if someone knows you.  If there's the option, you should encrypt the data on your phone as well.  If nothing else you don't want someone who steals your phone making phone calls."

Security experts are growing increasingly concerned about how skilled thieves can learn confidential information of a company through unprotected smartphones.  Both companies and individual users have to be more vigilant and ready to deal with safety issues to avoid major security risks, especially as more people begin to use their smartphones for work-related activities.

Analysts said it's up to the user to deal with safety issues, and warns it'd be improper and possibly intrusive if phone manufacturers or service providers are requested to add another layer of security.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Biometrics
By FITCamaro on 3/19/2009 9:37:21 AM , Rating: 2
Phones in Asia have fingerprint sensors that, among other things, can unlock the phone and enter passwords. Looks like we need them too.

We're about 4 years behind Asia on that. If not more.




RE: Biometrics
By AvidDailyTechie on 3/19/2009 11:20:29 AM , Rating: 2
as far as phone tech goes in general, I believe I've seen people stating (on DT) that we're 2-3 years behind Asia in phone gadgetry...

I'm not too sure about these 'fingerprint sensors'...


RE: Biometrics
By omnicronx on 3/19/2009 11:38:24 AM , Rating: 2
I'd say we are more behind than that. I remember 4-5 years ago hearing about phones being used as credit cards. We are still years behind that kind of technology.


RE: Biometrics
By FITCamaro on 3/19/2009 11:50:41 AM , Rating: 2
Yup. In Japan they can swipe their phone over RFID readers to pay for things. Even swipe their finger on the fingerprint sensor on their phone, which sends a signal to a vending machine for a specific snack, and purchases it.

The fingerprint sensors can also be used as a mouse on the phone to navigate the screen. It worked pretty good 3 years ago so by now I'm sure its better.


RE: Biometrics
By KristopherKubicki (blog) on 3/19/2009 12:02:51 PM , Rating: 3
As a student of DJB ( http://cr.yp.to ), let me tell you biometrics are for convenience and not security.

Let's say you leave a fingerprint on a glass. If someone lifts that fingerprint, they can just print a black and white relief on a piece of paper and fool the scanner with it. Go ahead and try it -- it works pretty much every time.

So what do you do when your fingerprint has been had? At least with passwords you can change it.


RE: Biometrics
By omnicronx on 3/19/2009 12:33:26 PM , Rating: 2
Unless you are using long passwords on your cell phone, its nothing more than a first layer of defense that will deter most users. I see biometric scanners in the same light, it would be just as easy to crack a 4-5 digit pin that people are using on their cell phones, than lifting a fingerprint and fooling the scanner.

The point is any kind of protection is better than nothing. Even a complete moron can find a cell phone and open emails that turn out to be confidential pretty easily.

Biometrics would at least allow fast access to the device, while still kind of keeping security in mind.(although as you stated, not really ;) )


RE: Biometrics
By FITCamaro on 3/19/2009 4:34:43 PM , Rating: 2
The fingerprint sensors that the company I worked for made used a very small strip of material that generated an electric field which went into the finger and could read the living cells under the dead outer layers of skin to get your true fingerprint. The only way to steal the fingerprint would be to crack the encryption on the file that held the fingerprint data.

Now if you attempt to make a fake fingerprint to scan over the sensor, they were also working on using impedance measurements to tell if the material passing over the sensor was in fact living human flesh. And 3 years ago they were making extremely good progress on it. So the typical rubber or jello type molds wouldn't register on the sensor as a valid finger.

As far as your example, we tested our competitors products against our own and none of them would have read a fingerprint from a piece of paper. For most a jello mold would work but with ours it was iffy. Sometimes it would work, sometimes not. Depends how well the mold was made.

I don't know how far the products have come in the past 3 years though. I would assume they've all made progress.


and..
By omnicronx on 3/19/2009 10:39:48 AM , Rating: 2
quote:
Even with so many people using passwords, up to 80 percent of mobile phone owners are at possible risk for identity theft.
And out of those people, how many actually have anything worth stealing? And how many are personal phones? I just don't see the point in protecting a personal phone, you should not have any information that someone can use on it anyways.

I have passwords saved on my phones, but not for anything anyone can use for identity theft. I have also found that many online banking sites don't let you save your password at all.

I do see a reason for protection for those with business phones, BB's etc.. as business oriented emails and such could contain confidential information. Anyone saving their credit card information is a moron, and deserves what is coming. It does not matter what protection your phone has, keeping CC information on your phone is the dumbest thing you can do. Saving a minute time for an non daily activity is just not worth the chance.

For a personal phone though, I just don't see the point. Perhaps a fingerprint scanner would be a good idea, but having to enter a pin everytime I use my phone is too much of a hassle.

Personally I would be more worried about someone stealing/finding my phone and tethering off it for a few hours. That would not be a nice phone bill ;)




"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke









botimage
Copyright 2012 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki