At Tech Orchard, we’ve spoken with clients and written about the importance of taking precautionary security measures to protect mobile devices. For most users, the first step is setting a password to lock their smartphone or tablet. PINs and thumbprints are options available on devices from various manufacturers, while pattern lock is widely used as a mechanism for authentication and authorization on Android devices. Unfortunately for pattern lock users, this security method may be anything but secure.
Researchers from Lancaster University in the United Kingdom presented findings at The Network and Distributed System Security Symposium 2017 of a study indicating that video and computer vision algorithm software can typically crack a pattern lock in fewer than five attempts. What’s worse, it can do so without even seeing the screen itself. Tests of video-based attacks were successful in reconstructing Android lock patterns from video footage filmed using a mobile phone camera 95% of the time, and 97.5% of the time when more complex patterns were used.
Using footage of a user inputting his or her Android pattern lock, computer vision algorithm then analyzed the fingertip movements to infer a pattern. Researchers tested 120 patterns collected from 215 users and found that more complex patterns are even more vulnerable because they limit the number of working possibilities. A Phys.org article detailing the research indicated that mobile video can produce accurate results from up to 2.5 meters (or just over 8 feet) away, or up to 9 meters (nearly 30 feet) away using SLR footage. Though researchers only discussed these two types of video, the application for security camera footage could indicate the potential for more serious, widespread threats in the future.
The research paper suggests that users consider covering their hands when entering their pattern lock to avoid making their fingertip patterns traceable, or to set the screen brightness to change quickly to throw off any recording.
“Since our threat model is common in day-to-day life, this paper calls for the community to revisit the risks of using Android pattern lock to protect sensitive information,” researchers stated.
Ultimately, Android users may want to consider an alternative form of device lock, or implement two-factor authentication to better protect themselves from potential adversaries. Businesses leveraging enterprise mobility may want to keep these recommendations in mind when developing policies and procedures for employees who are using mobile devices as part of their jobs. If you need help identifying ways to keep your organization’s devices safe regardless of operating system or device type, contact our team for help.
Even though the concept of mobile device management (MDM) is more than 10 years old, its application is still in its infancy. In fact, most organizations have only started to secure and manage data on their company-provided and BYOD mobile device assets in the last two to four years. And in many cases, organizations may be lacking a platform, as well as the policies and procedures required, to handle their mobility needs altogether. Regardless, MDM isn’t going away. Rather it’s evolving and the new face of MDM, known as enterprise mobility management (EMM), is a must for the future of your business.
With each generation, technology use changes. Today’s millennials (age 18-34) have grown up in a world where technology and mobility are a given. More importantly, statistics from the US Bureau of Labor indicate that by 2030, this hyper-connected, tech-savvy generation will comprise 75% of the workforce. At the same time, however, they do not consider company security as important as baby boomers. Millennials also explore and push boundaries more than baby boomers or individuals from Gen X. So what are companies to do?
No, we’re not talking BYOB (though in some countries, why not!) — it’s BYOD! For the uninitiated, BYOD is short for “Bring Your Own Device.” It’s the term used in the industry to describe the phenomenon where employees bring their own personal mobile devices (iPads, iPhones, Android phones, Android tablets, etc.) to work and connect those personal devices to corporate Wi-Fi, email, shared drives and documents. The trend is giving IT managers serious cases of hives. There was a recent reportreleased (if you want the whole thing, you’ll have to buy it or call us!) by Cisco on the BYOD trend in the workplace across the globe. From a CIO or IT director’s standpoint, it’s pretty scary. Among the highlights of the report:
- Globally, 48 percent said their company would never authorize employees to bring their own devices (BYOD), yet 57 percent agreed that some employees use personal devices without consent.
- Fifty-one percent of the respondents reported the number of employees bringing their own devices to work is on the rise.
- Using personal devices without consent was highest in the United States (64 percent) and lowest in Germany (49 percent).
- Access to company servers was highlighted as a “huge problem” of the BYOD phenomena as was lost/stolen devices (64 percent globally).
- Overall, 44 percent say that handling BYOD issues diverts IT attention from other important projects.
Scary right? Not for us! This is the kind of data we anticipate seeing. All of these IT issues are addressable with strong corporate mobile device policy (which most organizations don’t have), buttressed by a strong mobile device management software solution. Don’t believe us? Just ask!