Mobile devices are extremely interesting for attackers because they hold a digital representation of our lives.
Every application that resides on our devices contains information on some aspect of our lives. What games we play, who we talk to, where we work, what utilities make our lives easier are all captured in our mobile devices. Anyone armed with this information can mimic our digital lives to friends, family, colleagues and corporate systems.
The ability to mimic your life is valuable to a variety of people. A marketing department that can mimic your life will get better at selling you things. A corporate spy that can mimic your life will get a better sense of how your company operates, where the process weaknesses are, and potentially use your digital life to penetrate deeper into enterprise systems.
The steps we must take to protect who we are and what we know, however, often get in the way of living our digital lives. For example, we may put up with complex passcodes for corporate email. However, no one wants to key in a long passcode to text someone or get directions or check how many miles they ran.
Surveys conducted by Apple and others indicate that between 30 and 50% of people do not use any type of passcode on their mobile devices. This means that most people choose convenience over security. That choice has to change if we want to protect our digital lives if our devices are stolen.
So from Veracode’s perspective mobile security has to become more convenient and we applaud Apple for doing its part to make device security more convenient with Touch ID, the new fingerprint reader for the iPhone 5s. Any new mobile security software raises questions about whether it makes us safer. So we’re launching a three-part series of audio blogs where Darren Meyer and Jared Carlson, senior security researchers at Veracode, discuss:
- Whether biometric fingerprint scanners are ready for prime time mass market usage among mobile devices and what are the implications of that?
- What are the implications of fingerprints as a new data type that lives on your mobile phone –should we be concerned about the new iPhone 5s storing our fingerprints?
- What are the likely attack vectors and can the attacks compromise security for individuals, companies, and government agencies?
We hope you find the series interesting and informative. Check it out below!