The lines between old-fashioned hacking attacks and the kinds of high-tech, complicated code-cracking you might see in a “Mission Impossible” movie are starting to blur. And it’s a good reminder of why users should be practicing some basic rules on protecting smartphones.
Researchers from Cambridge University found they could guess passwords using a malicious app that has permission to use a phone’s microphone or touchscreen. This app could determine where users tapped the screen based on the sound or touch and:
- guess passwords 30% of the time after two attempts, and
- 50% of the time given five attempts.
Catching up to passwords
Of course being able to guess the passcode to unlock a phone isn’t enough – the attacker would also need physical access to the phone.
And that’s a good reminder for users: Lost in the concern for protecting data is the importance of protecting the device itself. This is especially true for devices that are used to access company info or as part of a BYOD program.
Here are some reminders to pass along to users.
5 ways to keep devices secure
Make sure to:
- Password protect devices. It’s not perfect, and it’s a basic step. A good PIN won’t thwart every attack – once a phone is no longer in your hands, it’s essentially compromised – but it can stop some criminals.
- Wipe screens clean. It may sound paranoid, but your fingerprints will often leave a trace of the password’s pattern on the screen.
- Set up remote wipe. If a user is going to use a phone for work, there needs to be a provision holding them to a remote-wipe if it’s lost or stolen. They should be aware this may mean losing personal data as well as company information. (Check our sample BYOD policy for more.)
- Watch permissions. If an app asks for access to a microphone or system controls for no discernible reason, it’s probably not worth the risk.
- Be aware of surroundings. Even if you’re only stepping away for a minute, don’t leave a phone in public. Don’t leave phones or tablets in a car, even if it’s locked (use the trunk if you must). It all sounds like common sense, but with millions of phones stolen every year, it’s a lesson that should be stressed at every available opportunity.