At Tech Orchard, we’ve spoken with clients and written about the importance of taking precautionary security measures to protect mobile devices. For most users, the first step is setting a password to lock their smartphone or tablet. PINs and thumbprints are options available on devices from various manufacturers, while pattern lock is widely used as a mechanism for authentication and authorization on Android devices. Unfortunately for pattern lock users, this security method may be anything but secure.
Researchers from Lancaster University in the United Kingdom presented findings at The Network and Distributed System Security Symposium 2017 of a study indicating that video and computer vision algorithm software can typically crack a pattern lock in fewer than five attempts. What’s worse, it can do so without even seeing the screen itself. Tests of video-based attacks were successful in reconstructing Android lock patterns from video footage filmed using a mobile phone camera 95% of the time, and 97.5% of the time when more complex patterns were used.
Using footage of a user inputting his or her Android pattern lock, computer vision algorithm then analyzed the fingertip movements to infer a pattern. Researchers tested 120 patterns collected from 215 users and found that more complex patterns are even more vulnerable because they limit the number of working possibilities. A Phys.org article detailing the research indicated that mobile video can produce accurate results from up to 2.5 meters (or just over 8 feet) away, or up to 9 meters (nearly 30 feet) away using SLR footage. Though researchers only discussed these two types of video, the application for security camera footage could indicate the potential for more serious, widespread threats in the future.
The research paper suggests that users consider covering their hands when entering their pattern lock to avoid making their fingertip patterns traceable, or to set the screen brightness to change quickly to throw off any recording.
“Since our threat model is common in day-to-day life, this paper calls for the community to revisit the risks of using Android pattern lock to protect sensitive information,” researchers stated.
Ultimately, Android users may want to consider an alternative form of device lock, or implement two-factor authentication to better protect themselves from potential adversaries. Businesses leveraging enterprise mobility may want to keep these recommendations in mind when developing policies and procedures for employees who are using mobile devices as part of their jobs. If you need help identifying ways to keep your organization’s devices safe regardless of operating system or device type, contact our team for help.
Despite the compliance challenges and privacy risks inherent to the industry, healthcare professionals continue to push toward a mobile-first approach to accessing critical data, including HIPAA-protected patient information. In fact, according to Skycure’s Mobile Threat Intelligence report issued this spring, 99% of doctors are now using mobile devices in the workplace and nearly three-fourths (74%) are using multiple devices. While the benefits can be great, the mobile devices of physicians with access to sensitive information are becoming prime targets for hackers looking for a payday.
Hackers and cyber criminals are well aware that many executives and sales people travel as part of their jobs. And for companies reliant on these road warriors to drive business, there are a number of risk factors they must recognize and address to ensure their staff, their data and the future of their organizations are protected.
There is an ongoing debate between iOS and Android mobile device owners over which platform is more secure. There are supportable points for each, mainly dependent on the fan base attitude toward their favorite … and perhaps also, depending on the OEM version of the Android device and the OS version (there is only one iOS OEM: Apple). It is true that due to the open nature of the Android OS and the wide range of OS versions installed on devices by OEMs, greater care to follow simple good security habits and processes is probably warranted. See this article that points out an example where Google is not able to patch a core component on OS versions on Android 4.3 and earlier.
We covered iOS security recently, and now below are a few security tips that apply to Android devices.
Use the Latest OS and Safer Apps
Ideally, owning an Android device that gets the latest Google updates and OS is the safest way to go. Some manufacturers are notoriously slow on providing the latest Google/Android OS, if they ever do. Don’t root your device, as tempted by “the geek within.” By design, rooting your device makes it vulnerable to not only your changes but to those any “hacker” might want to make by opening up Administrative control. Furthermore, only download and install apps from known sources. That is a narrow group including Amazon, Google Play and the manufacturer’s official app store.
Use Strong Passwords
Today’s news makes us feel that passwords are useless against an ever-growing, fearsome group of hackers that stalk us daily. The fact is, a good password for logging into your device from the lock-screen is KEY not only in slowing down hackers, but also in preventing a thief or someone finding a lost device from immediately having access to your personal and/or business data. Pick a good password … the more characters the better. Use a combination of numeric and alphabetic characters, change it often, and don’t ever reuse a previous password.
Find and Use Security Apps
Look for apps that scan for malware and enable remote wipe or lock of the data if your device is lost or stolen. These should also help you find your device if lost. However, having these apps is no excuse for careless downloading of apps, clicking on unknown attachments in email or unsafe web surfing.
Encrypt Your Device
If you do anything of a sensitive nature on your device, encrypt it to lock it from intruders. While it may slow your device down a tad, it’s important to weigh that against the access someone could get to your bank account, personal information or your business clients’ data that they assume you are keeping safe.
Use a VPN Client/App
Virtual Private Networks help secure the connections you make even (especially!) on public Wi-Fi networks. We should all use them when conducting any business of a private nature when not on a corporate or private home network. And, certainly, turn off any automated connections you have to any public Wi-Fi network. See this Android Authority article for good suggestions of VPN apps to try, many of which are available for free. Remember that different VPN apps may work better for you depending on your device manufacturer.
Turn Off Unneeded Services
Turn off Bluetooth, Wi-Fi, GPS and other unnecessary services when not in use. Not only will this keep you from accidentally hitting an unsafe Wi-Fi hotspot, it will give you the added benefit of improving your battery life as these services are notorious for battery draining. Also, clean your web browser caches often.
Using these security tips should help you protect your Android device’s personal and business data. It might be a good idea for your organization to communicate these types of tips to your corporate and BYOD device users. Or consider contacting TechOrchard for device, security and application training tailored to the needs of your organization. Your employees will appreciate the education and inclusion in how to make the most of their devices.
As you see and hear from various media sources, network, internet and mobile security are hot topics in the news today. Organizations are being “hacked,” private information is being compromised due to sophisticated scamming activities and malware is showing up on mobile devices (smartphones and tablets) more frequently. What you don’t hear about are the thousands of mobile devices that are lost and stolen around the world (5,000-9,000 per day!). If it hasn’t happened already, you or someone you know WILL experience this at some point in time. And when it does, not only will you be out the cost of a phone, you could be at risk for losing something much more valuable: your data or even your identity!
By following some very basic, common-sense security tips for your iPhone or iPad, you will be safer should you lose track of your i-device. Ultimately, you’ll be able to save yourself the time, energy and money it takes to recover from the fallout of a lost device.
- A 4-digit passcode isn’t enough. Add to that the below basic security best practices to protect your privacy and data.
– Do not use simple passwords (1,2,3,4). Use non-sequential numbers.
– Use the shortest auto-lock period you can stand. We recommend one minute.
– Set your phone to be erased after 10 incorrect passcode entries.
– Apply iOS updates as soon as they come out. They usually always contain key security upgrades that make your phone safer. Exception:If your employer is managing your phone security, check with your IT team first before updating to the newest iOS version.
- Don’t jailbreak your phone.
– Jailbreaking changes iOS and negates the built-in security features and barriers or “sandboxing” between apps.
– Non-Apple approved third-party app sites can be unsafe and include malware.
- Use Find My iPhone.
– Turn on the Find My iPhone setting under iCloud in Settings and download the Find My iPhone app.
– With the app, you can find out the location of any i-device you own under the same Apple ID, and wipe it back to factory settings remotely in the app to make sure the bad guys don’t have access to your private documents such as photos, videos, contacts, stored passwords, etc.
- Use good password practices.
– Use unique passwords for different accounts or websites and/or iPhone accounts. The longer the password, the better. Using a mix of capital and lower case letters along with numbers and other characters makes it harder for the bad guys to “guess” your password with tools they can easily obtain.
- Be careful with lock-screen notifications.
– If you have lock-screen notifications enabled, beware of sensitive information that may show up pertaining to emails, texts and apps even while your screen is locked.
If you have questions about any of these strategies, or are interested in having TechOrchard create a mobile strategy to help protect your organization and its devices, contact us at firstname.lastname@example.org or 913-685-1475. And, stay tuned for part II of “Security tips that make cents,” in which we’ll cover tips for Android phones!