smartphone-securityMobile devices are extremely interesting for attackers because they hold a digital representation of our lives.

Every application that resides on our devices contains information on some aspect of our lives. What games we play, who we talk to, where we work, what utilities make our lives easier are all captured in our mobile devices. Anyone armed with this information can mimic our digital lives to friends, family, colleagues and corporate systems.

The ability to mimic your life is valuable to a variety of people. A marketing department that can mimic your life will get better at selling you things. A corporate spy that can mimic your life will get a better sense of how your company operates, where the process weaknesses are, and potentially use your digital life to penetrate deeper into enterprise systems.

The steps we must take to protect who we are and what we know, however, often get in the way of living our digital lives. For example, we may put up with complex passcodes for corporate email. However, no one wants to key in a long passcode to text someone or get directions or check how many miles they ran.

Surveys conducted by Apple and others indicate that between 30 and 50% of people do not use any type of passcode on their mobile devices. This means that most people choose convenience over security. That choice has to change if we want to protect our digital lives if our devices are stolen.


So from Veracode’s perspective mobile security has to become more convenient and we applaud Apple for doing its part to make device security more convenient with Touch ID, the new fingerprint reader for the iPhone 5s. Any new mobile security software raises questions about whether it makes us safer. So we’re launching a three-part series of audio blogs where Darren Meyer and Jared Carlson, senior security researchers at Veracode, discuss:

  1. Whether biometric fingerprint scanners are ready for prime time mass market usage among mobile devices and what are the implications of that?
  2. What are the implications of fingerprints as a new data type that lives on your mobile phone –should we be concerned about the new iPhone 5s storing our fingerprints?
  3. What are the likely attack vectors and can the attacks compromise security for individuals, companies, and government agencies?

We hope you find the series interesting and informative. Check it out below!

About Jasmine Noel

At Veracode, Jasmine’s efforts are focused around market research, content development and sales enablement efforts. Previously, Jasmine was a founding partner of Ptak/Noel, an industry analyst and marketing consulting firm. Prior to that she also served as director of systems and applications management at Hurwitz Group, and senior analyst at D.H. Brown Associates. Jasmine holds a bachelor of science from the Massachusetts Institute of Technology and a master of science from the University of Southern California.

Comments (3)

Matt | October 9, 2013 5:10 pm

I think that the fingerprint technology is a good idea especially for those who don't use any passcode on their phones, but I can also see people using it to try and steal other's identities as well.

ndupaul | October 10, 2013 1:01 pm

Exactly! We decided to do this audio blog series so we can discuss both of your points.

kpuder | October 11, 2013 12:22 pm

I agree that getting people to use fingerprint security instead of nothing is a great improvement. For myself, I would still prefer to use it as one of a two-factor authentication system. Dustin Kirkland makes a great point here:

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.