Security vs Usability In Smartphones - The Trade Off
In insight / By Hollie Coote / 03 April 2018
With facial scanning, touch ID & voice recognition technology coming as standard in most new smartphones, are we swapping mobile security for mobile accessibility without even knowing it?
Take a look at any newly released smartphone and you’ll probably see a plethora of features all there to make it easy for you to access as much of your information as possible on the go. Touch ID, facial biometric technology, iris scanning, voice recognition, the lists are endless when it comes to the ways we can access our info, but are all of these options in place for security or convenience?
Back in 2013, the release of the iPhone 5S marked the start touch ID access for handsets, and the public loved it. It promised easy accessibility to all apps and info in one go, touch payments soon followed along with facial recognition and voice activated tech. All these advancements have improved accessibility and speed of use for consumers, perfect for our increasingly busy lifestyles. We buy more of the product, encouraging manufacturers to make more, and so the cycle continues. However, experts are warning that these easy access options are forgoing basic security measures in favour of accessibility, arguing that manufacturers should instead be focusing on the security shortcomings of all these updates.
Just as fast as manufacturers release updates, cyber saboteurs are hacking them. Just about every security measure for smartphones has been hacked or exposed as fallible throughout the years, but this doesn’t mean that you should give up on phone security completely. In a lot of cases, the technology has been hacked by teams of professionals in lab conditions. Just because a measure CAN be hacked, doesn’t mean it will be. As much as attention grabbing headlines would have us believe, the average man on the street isn’t going to be using espionage worthy tactics to steal a phone.
Just two days after the first touch ID was released a German hacking group, The Chaos Computer Club, managed to hack Apple's fingerprint sensor with a camera and a glass. Using a picture of a fingerprint left on a glass surface they were able recreate a fake fingerprint, which once transferred onto film could be used over someone’s real finger to mimic the intended users print. Iris scanning proved similarly easy to beat for the talented team; they were able to bypass the Galaxy S8’s scanning tech using a high-res photo of the user’s eyes.
Facial biometric scanning has been one of the most highly anticipated tech updates for years. Disappointingly it’s been proven to be the weakest security measure yet for androids. Photos have been used to hack it, and Samsung won’t allow it as a method of authenticating Samsung Pay transactions, not something that has filled users with confidence. The iPhone x hailed its face id as “the most intuitive and secure authentication enabled by the state-of-the-art TrueDepth camera system with advanced technologies to accurately map the geometry of your face.” However, a week after its release, a Vietnamese security firm Bkav released a video showing them cracking Face ID with a 3D printed mask, makeup, and paper cut-outs.
As mentioned, the average man on the street isn’t going to be spending time hacking into mobiles, but the point remains the same, that they can be hacked. Many of us have faced the annoyance of having email or social media accounts hacked into. Having to answer endless security questions, create newer, longer passwords. But imagine if your touch ID was hacked. You can’t change your fingerprints as easily as changing your PIN. This is an important fact to remember when considering biometric options. Whilst it may be appealing to use this futuristic tech, if it is ever compromised you may be unable to use it again! Biometric and personal data will usually be stored safely on your device, however if this data is compromised, transferred or accessed via a database, it can leave you vulnerable to attack. Reading hacking reports and security advice it seems that to stop anyone from hacking our phones, there must be no way of anyone accessing any information including photographs of us. If not, then no security or access measure can ever technically be completely secure. It’s not just about the technology being secure, it’s the fallibility of humans. So is there hope?
Based on a range of opinions from various security and tech experts, long tail pin codes are the most secure way to lock any tech as a standalone measure. Random long strings of numbers can be almost impossible for hackers to break through, the downside being they can also be difficult for users to remember! Utilising the extra accessibility features on your phone doesn’t have to be a no go as long as long as users are using them alongside tried and tested locking measures. The CEO of BVS Systems, Scott Schober said, “When protecting mobile devices, I highly recommend having a PIN code to wake a phone,” he added that no one security method is totally perfect. “All of these authentication methods are actually convenience features disguised as security... [and] users will always compromise security for convenience. That is why I come back to layered security—use an iris or fingerprint scan as an additional authenticator to password security.”
So, whilst all security and accessibility updates are not created equal, they do all have their benefits and their holes. It may be tempting to sacrifice security for ease of use, but when thinking about the amount of personal data stored on a phone, it’s not worth the risk. Make the most of your handsets features and add in your own measures where possible. Try opting for pin or password access while travelling out and about, don’t use contactless payments in places you don’t know, and maybe give the iris scanning miss altogether. Pin codes and passwords might be a pain to enter when you’re in a rush, but they’re a lot easier to replace if breached than your eyes, face and fingers.
As a managed IT services provider, Nasstar is constantly reviewing its security posture. Stay tuned for the next instalment of our three-part series which will explain how Nasstar is using prevention and detection technologies to stop criminals in their tracks. In the meantime read part one here!