![]() ![]() Unlock patterns are also easy for shoulder surfers to see, but L?ge found that patterns that pass over the same node twice or which connect more than four nodes make life significantly more difficult for shoulder surfers. Many people also trace out a letter, often the initial letter of their name. Her research found that 44 percent of all patterns start in the top left, and most then move to the bottom right. She recently gave a presentation entitled “Tell Me Who You Are, and I Will Tell You Your Lock Pattern” at the PasswordsCon conference in Las Vegas. Marte L?ge, a researcher at the Norwegian University of Science and Technology, has shown that many users employ the same predictable patterns – analogous to PIN users choosing 1234 or 5280. But using an unlock pattern is not a good idea in terms of security. Android’s Unlock PatternsĪndroid phones offer the option to use unlock patterns – tracing a pattern on a grid of nine points or nodes – rather than using a PIN or password to unlock. “With the hardware limits of one guess every five seconds it would take 50,000 seconds (about 13 hours) to brute force a four digit PIN, compared to a hundred times that (about two months) to brute force a six digit one,” Schlabs said. But it would be much harder to “brute force” a password that was six characters compared to one that was four digits, because of hardware limitations on the rate at which you can make guesses. That means it can make unlimited attempts to guess your PIN without the data being erased after 10 failed attempts. A foreign government agency that gets access to your phone may have the technical ability and resources to bypass the device’s operating system. These are harder to shoulder surf (because they are longer and more complex) and much harder to guess – as long as you avoid obvious ones – because there are many more possibilities. Most mobile operating systems allow you to choose to unlock your phone by entering a longer password rather than a four digit PIN. That means that anyone shoulder surfing a phone PIN could also possibly access your bank account and even your home, Schlabs said. Not only that, but many people choose the same four digit PIN for their phone, ATM card and for other uses such as disarming their security alarm. Four digit PINs are highly susceptible to shoulder surfing, said Schlabs someone looking over your shoulder or sitting next to you can easily see the digits you enter when you unlock you phone. There’s another reason that a four digit PIN is undesirable, even if you choose a PIN that is not an easily guessed one. “That means that the chance of guessing a PIN is more like one in 10, because people tend to choose such predictable PINs,” said Ben Schlabs, an expert at German security collective Security Research Labs. Many people choose predictable PINs like 1212 or ones that make patterns on the keypad, like 2580 (straight down the middle of the keypad) or 1739 (top left, bottom left, top right, bottom right) or 5684 (which spells LOVE). That’s not quite the whole story, however. So there’s only a one in a thousand chance, or a probability of 0.001, that anyone could access the device by guessing a correct PIN before the data is erased. On the face of it such a PIN should provide an adequate level of security because there are 10,000 possibilities, and mobile operating systems can be set to erase all data on the device after 10 failed PIN entries. Perils of the PINĪ common solution used by iOS devices is to require a simple four digit PIN. This begs a simple question: What’s the best unlock mechanism to choose – and in this context “the best” means one that provides the most appropriate balance of security and convenience. So if a thief, a hacker or even a foreign government agent wants to access the data on a phone, in most cases he must unlock it first. Devices lock themselves if they are idle for a few minutes. After all, these devices are potential treasure troves of confidential corporate and personal information waiting to be exploited by anyone who comes across them.īecause of this a mobile device security industry has sprung up over the last few years, offering everything from simple data encryption for mobile apps to complex mobile device management systems.īut the most basic level of security is provided by the devices themselves. Losing your smartphone can result in a catastrophic security breach. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |