Smartphone As Your Most Dangerous Possession 154
Hugh Pickens writes "CNN reports that now that smartphones double as wallets and bank accounts — allowing users to manage their finances, transfer money, make payments, deposit checks and swipe their phones as credit cards — smartphones have become very lucrative scores for thieves and with 30% of phone subscribers owning iPhones, BlackBerrys and Droids, there are a lot of people at risk. Storing a password and keeping your phone locked is a good start, but it's not going to protect you from professional fraudsters. 'Don't think that having an initial password set on your phone can stop people from getting in there,' says
Nikki Junker, a victim advisor at the Identity Theft Resource Center. 'It's a very low level of protection — you can even find 30-second videos on how to crack smartphone passwords on YouTube.'"
I do not think that word means what you think it d (Score:5, Funny)
I believe you mean "risky" not "dangerous." The most dangerous item I own is probably a knife.
Re:I do not think that word means what you think i (Score:5, Insightful)
You don't own a car? That is probably the "most dangerous" class of item that people own.
Re:I do not think that word means what you think i (Score:5, Funny)
I don't own a car, but I do own a lightsaber. Not as clumsy or random as a car; an elegant weapon for a more civilized age.
Re: (Score:1)
I'm thinking my shotgun is a little more dangerous than my station wagon.
Re:I do not think that word means what you think i (Score:4, Insightful)
You don't have to reload a station wagon on a crowded sidewalk...
Re: (Score:1)
Sorry, I thought it was people, not guns, that were dangerous. Thanks for clarifying that.
Re: (Score:3, Interesting)
Well, that's true. Any suitably light-fingered individual is well qualified to attempt to lift my phone out of my front pants pocket, provided that they don't mind taking the chance that I might smash their brains in.
But then I personally think it's incredibly stupid to put any kind of financial details on anything that is so easily and casually stolen. I don't even leave such information lying around (at least in a form that is worth the tr
Re: (Score:2)
If you have a phone that stores e-mail, and you've ever had your bank/paypal/credit card/amazon/etc send you a "I've forgotten my password" email.... then that info is fairly easy to access. Even finding out answers to your typical "security questions" would be fairly trivial.
I would be surprised if your average smartphone user has thought this through.
Re:I do not think that word means what you think i (Score:5, Funny)
Sorry, I thought it was people, not guns, that were dangerous
True, but since the 13th amendment passed you're not allowed to own any people, only guns.
Re:Own (Score:2)
Nah. Now Owning people is called Work.
Re: (Score:2)
Re: (Score:3)
You, sir, are clearly not a lobbiest for the Banking industry.
No, but he's lobbier than most.
Re: (Score:3)
Re: (Score:3)
"Generally speaking, guns almost never kill people.... bullets, on the other hand, are another matter."
Bullets? Nah... It's not bullets what's dangerous, it's the speed they come with.
Re: (Score:3)
It's not even the speed. It's the inertial delta of the bullet and [part of] the person.
Re: (Score:1)
A car doesn't seem as dangerous, but even though it wasn't designed for that purpose it can do a lot of damage, and I wouldn't be surprised when the relevant statistics show that percentage wise, a lot more people get accidentally hurt by cars than by shotguns.
The same partly applies to blunt vs. sharp kitchen knives, with people getting cut
Re: (Score:2)
If your car is the most dangerous thing you own you should probably think about visiting an optometrist.
Re: (Score:2)
No, that's risk. The car is enormously dangerous whether you can see well or not. If you intend to use it to harm, having good eyesight makes it *more* dangerous. It is indeed the most dangerous thing most people own, with the possible exception of a gun (if they own one).
Re: (Score:2)
Actually the danger from cars is over-rated. A gun can kill far more people more quickly, even if you drove into a crowd you'd be very unlikely to kill as many people as you could with a gun.
Cars are also a lot more clumsy, and once off a road are prone to being stopped very quickly by any number of things.
Re: (Score:3)
I think you underestimate what one can do with a car.
See for example the Queensday attack in the Netherlands almost 2 years ago:
http://www.spiegel.de/international/europe/0,1518,622342,00.html [spiegel.de]
5 people dead at an event with about the highest level of security that you could find in the Netherlands at the time.
Re: (Score:2)
There are countries I can think of where firearms are likely more dangerous than vehicles, but the US is not one of them.
From 1999 to 2007, the total motorized vehicle death rate was 14.76 per 100,000. The firearm death rate during the same period was 10.33 per 100,000. That said, I'm not sure it matters much. Each side will frame the numbers in ways that support their bias, and will argue endlessly over which comparison is "more accurate." In the end, the only quantifiable "fact" is that one kills people m
Re: (Score:2)
You don't own a car? That is probably the "most dangerous" class of item that people own.
Are you married? *ducks for cover from the feminists*
Re: (Score:2)
You don't own a car? That is probably the "most dangerous" class of item that people own.
I thought most people died in household accidents, making your own house your most dangerous enemy.
Freakonomics (Score:3)
Semantic quibble, which comes down to people's ability to asses risk. Guns vs swimming pools.
The point is, the phone is a terrible choice for security related matters, because it wasn't specifically designed to be an e-wallet from the ground up.
You can never, ever just bolt-on security.
Re: (Score:3)
You can never, ever just bolt-on security.
Wait - Isn't that exactly what we do with doors?!
Re: (Score:3)
Yeah but there's a difference between putting a bolt on a glass door or on a steel reinforced one.
Re: (Score:2)
Depends on the door.
A wooden door, with an after market bolt, would only stop opportunistic threats.
A door designed from the ground up to be secure, would have multiple locking bars which engage in all directions, into a metal frame which would also be part of the overall secure design.
That would go some way to reduce the single point of failure which a single bolt represents.
Analogy stands.
Re:Freakonomics (Score:4, Informative)
If I stuck a deadbolt cylinder on a hollow core door used for internal rooms, someone could easily kick it in without a moment's thought.
If I stuck a cylinder on a European lock that had multipoint locking, a solid jamb that uses steel rails that are sunk into the foundation, it would require a hydraulic ram to open it.
Similar with phones. If I stuck a PIN on an open device, there would be ways to get around it. However, if the device was built from the ground up with encrypted filesystems, keys in a secure RAM partition, and anti-brute force code where PIN guessing resulted in longer delays, and eventually a complete zeroization of the device, the same PIN that might be worthless on one device may adequately protect another.
One can see this when comparing a TrueCrypt keyfile stored on a cryptographic token (or an IronKey) compared to one stored on a generic USB flash drive. After try #20 with the USB flash drive, it doesn't matter, especially if one just copies the cyphertext to another image to protect against self destruct software. The same data stored on a hardware device using hardware encryption will be long gone before attempt #20 could even be made.
A 4 digit PIN can be excellent protection, or it can be a joke depending on how the device is architected.
Re: (Score:2)
and to be truly secure the walls would have to have a lattice of welded bars all the way around (and in the roof and floor.
any good attacker will locate the weakest point and use that (ultra secure door does Zippo when your walls are made of sheetrock
Re: (Score:2)
No. If you just bolted on a door to something built without other consideration of security, it's not going to do very well. In fact, a house *is* security--the door is your access point. A door as just "bolt-on" security would be a door sitting there without any walls.
Re: (Score:2)
With stick-frame construction a door is still bolt-on security, even if it's a solid steel, multi-point locking door in a steel jamb.
Re: (Score:2)
The point is, the phone is a terrible choice for security related matters, because it wasn't specifically designed to be an e-wallet from the ground up.
You can never, ever just bolt-on security.
By this implied definition of e-wallet, a real wallet isn't really designed as a wallet from the ground up either. My wallet has essentially no security once it's out of my hands through theft or loss. But I do get the point, one might store even more valuable information in an e-wallet than just the cash and credit card numbers present in an r-wallet. Bank passwords, other account passwords could lead to considerably more damage than the $50 per credit card loss one might incur. Unless of course, you carry
And how many people actually protect their phone (Score:5, Interesting)
I'd also like to know which devices can be cracked in 30 seconds. With iPhone 4's full device encryption, I don't see how the key can be cracked in under 10 tries before it would wipe itself. But, I'd like to know.
Re: (Score:2)
I remember how not so long ago any new SIM card came with its PIN. Lately though, out of the box, they often don't require any authorization (a PIN can be still set up of course, but...)
It would seem people prefer it that way (at least at my place, but I doubt it's very unique)
Re: (Score:2)
Not really completely different. Quite symptomatic.
Re: (Score:2)
With smartphones of today - or even so called "feature phones", when used as an audio player for example - people run out of juice quite often.
(and you think I don't know how SIM's PIN work if going through enough of them to notice some pattern?)
Re: (Score:3)
And yes, I have a passcode on my phone. It takes about a day for the annoyance factor to dissipate, and IMHO you're nuts not to have one.
Simon
Re:And how many people actually protect their phon (Score:4, Informative)
Re: (Score:2)
Simon
Re: (Score:2)
The risk appears to only be for Android phones, because the swipe-to-unlock leaves smudges that can be visually decoded to tell the thief the "password". I can't see how this security vulnerability affects iPhones with their tap-based passcode. And yes, I have a passcode on my phone. It takes about a day for the annoyance factor to dissipate, and IMHO you're nuts not to have one. Simon
OK, I don't have an iPhone, so what is a tap-based passcode? Just typing digits on a 10-key style screen interface or something like that? I've got a smartphone,but not an iPhone, and have been reluctant to keep anything too valuable (or personal) on it for lack of password protection, and I've resisted using password protection because of how annoying I imagine it to be. Am I totally wrong about how big a hassle it is?
Re: (Score:2)
As I said, I found it annoying at first, but after a day or so, I don't really notice it. You don't need to unlock the phone to answer calls, so it's about 2 seconds to unlock then use the phone. Well worth it IMHO.
Simon
Re: (Score:2)
I own an android tablet and I can ascertain that yes, they show.
The thing is, you need to do it in one swipe - and you're going to do it pretty commonly. So there'll be a long continious smudge where you left it unlocked. It'll 'overwrite' previous smudges, and chances are you're not doing long swipes on other things. Unless you have swype or something.
Re: (Score:2)
err, the grass is greener on the other side buddy. Here you are saying you want to get an iphone and here I am saying I'm going to get an android (well, the dual core one when it comes out at least... assuming it doesn't have any gating issues)
TBH unless you need an ipod touch there isn't a lot of good reason to get an iphone at this stage. I have to turn my phone off and back on at work sometimes because of its inability to get any data throughput despite having a connection. Granted, the iphone 4 for veri
Re: (Score:2)
Re: (Score:2)
I'd also like to know which devices can be cracked in 30 seconds. With iPhone 4's full device encryption, I don't see how the key can be cracked in under 10 tries before it would wipe itself. But, I'd like to know.
Couldn't they just dump the memory of the device in its encrypted state and crack it at their leisure?
Re: (Score:2)
That'll work.
Until someone wipes your phone maliciously.
Re: (Score:1)
So don't bother to RTFA. That might inform you of the casual smudge-track left by those crappy 3x3 gesture-passcodes.
Of course, the simple solution here is not to use it, but what the hell. Anything for a lame story...
Security of a smart phone (Score:2)
Actually no I do not use a smart phone for banking etc.. I cannot control the OS installed on the phone, I therefore cannot add bits (apps) knowing for sure that they work as intended, so I do not use the smart phone for banking, or surfing to sites that need log-ins. Log-in type of browsing I use my Linux desktop / laptop for.
Those that do use a smart phone for everything, they should treat the phone just like cash, where if you loose it, you could be well forked, and out of pocket in more ways than one.
Re:Security of a smart phone (Score:5, Insightful)
The security on a smart phone isn't any worse (in many cases better, even) than that on most people's personal computers. The OS question is irrelevant, the big difference is that it's much easier to gain physical access. Just be vigilant and be have a plan ready to immediately block all access if you do lose your phone.
Re: (Score:2)
I have a smartphone, a Droid. I control the OS, I have added "bits", kernel modules.
Re: (Score:2)
Working as intended isn't what worries me with smartphone apps. Working as advertised is a much bigger impediment to my comfort levels doing banking on the phone.
I stop short of having my gmail account on my smartphone. Banking, etc, get done from a stock-configured browser in a virtual machine that only ever gets used for that (and is configured read-only).
Re: (Score:1)
Because they're illiter8 ba5tards.
Re: (Score:2)
It is lose not loose. Why is it that so many people mix up these words?
In this case, it might well be accurate. If I loose [wiktionary.org] (let loose, free from restraints, or even release my grip on) my smartphone, just like if I did the same with my wallet, I might very well be "forked".
Hopefully, thieves won't start grabbing phones out of our hands, but it's possible!
The power of technology.... (Score:5, Insightful)
It continues to make almost everything more convenient, including ruining you.
Re: (Score:3)
So maybe we have currency which can also be lost, stolen, and has no pro
Re: (Score:3)
"It continues to make almost everything more convenient, including ruining you."
Freedom of choice includes the burden of making wise choices.
It Can Get Worse... (Score:3, Interesting)
Throw in one of these [squareup.com], and you're looking at truly ridiculous amounts of pain if you lose your phone.
Re: (Score:3, Insightful)
Seems like that device is made to accept credit card payments, not to pay people with credit cards. How does that make losing ones phone any worse than it already is?
Hmmm. (Score:1)
Re: (Score:2)
Re: (Score:1)
Not so many (Score:2)
Close to (still not quite reaching that number, IIRC) 30% of device sales are smartphones, not 30% of subscribers (and as to "Droids"...Samsung seems to be positioning themselves firmly on top; unless the term starts becoming a genericized (shortcut of) trademark)
i'm kind of a big deal (Score:2, Informative)
The late '90s were a zenith of Western society, a fair balance of regulation and freedom; technology and tradition.
Now the government's breathing down everyone's neck while they're neatly distracted by thinking they're such a big deal that they need to be contacted at every minute of the day or night.
Minimise your shitty gadgets. Do only what needs doing. Relax a little. If you think you need to bank from your 'phone, you're doing life wrong.
Re: (Score:2)
Also ~"moral and intellectual demise of youth will soon destroy civilization" - don't-remember-who, Ancient Greece.
Re:i'm kind of a big deal (Score:4, Insightful)
Fifty years later, their civilization was, practically speaking, destroyed.
Just saying.
Re: (Score:1)
Crap, my hangover must be worse than usual, I was convinced of writing some reply via means made possible by technical civilization of "humans"; even worse - being member of their species...
Totally wrong (just saying) (Score:2)
Greece fell once, people where complaining all the time. The fifty year thing sure sounds good, but it's total bollocks.
The one thing I learned from reading stuff from all ages is that the past was _always_ better, youth is _always_ going downwards and apocalypse is _always_ just around the corner.
Just saying.
Re: (Score:2)
It's generally true, but then some revolution or war or other instability comes along and shakes things up a bit. We've experienced too much stability to reinvigorate the new generation.
Also, school is fucking easy now. It's never been easier. The mass Western privatisation/unionisation (delete as inappropriate to your political prejudice) of education is unique to the last couple of decades. Contrast the 400 years of what counted as formal or informal higher education, or skip over the Dark Ages and contra
Re: (Score:2)
Even with hiccups it still roughly gets better and better...
(also, can't really vouch for educational systems other than my local one... but according to one of my parents (accountant, so with some steady contact with basic math) - my generation apparently covered before highschool their Baccalaureate-level math; generally, schooling isn't even for that long very widespread in the first place / the average level of education is very much higher from the old times / we probably still get greater proportion o
Re: (Score:2)
What country? GCSE mathematics in the UK is a joke compared to O-level, and A-level has had the syllabus progressively reduced. More importantly, questions have turned from requiring ingenuity to being something the student will have already seen in the textbook (produced by the same publisher which happens to own the exam board).
As for the average level of education, it's true that more people can read, but learning specific technical skills is not the same as the exercise and application of imagination an
Re: (Score:2)
The difference between 50s and 90s in Poland. Note: apparently there was also some decline during the last decade, perhaps largely because of poorly executed educational reform (and...modeled on wrong examples; a bit in the spirit of post-colonial mentality: "they are prosperous, so all must be better").
Nothing too dramatic though, and I'm pretty certain it will continue to improve. Don't look at fluctuations; doesn't help that we are merely convinced of how good our memory is. Add variously colored glasses
Re: (Score:2)
Wikiquote to the resque:
Socrates - misattributions
"Children now love luxury; they have bad manners, contempt for authority; they show disrespect for elders and love chatter in place of exercise. Children are now tyrants, not the servants of their households. They no longer rise when elders enter the room. They contradict their parents, chatter before company, gobble up dainties at the table, cross their legs, and tyrannize their teachers."
Apparently dates from 1953: see Respectfully Quoted: A Dictionary of
Re: (Score:3)
You've got to be kidding. This ranks right up there with Jody Foster defending Mel Gibson as "not such a bad guy to work with" while the Russell Williams story was breaking in Canada. He was a great guy in the office, too, but had defects in other life aspects.
You cleverly post this right after I finish reading a long treatise on the nutter-of-the-moment and his trigger words.
Looking Behind t [nytimes.com]
Re: (Score:3)
Your drunken post was very difficult to read. Are you countering by pointing out that some tech stock was overvalued? Maybe you're young/selfish enough that it's the sort of thing which you consider the height of importance, but perhaps you ought to concentrate on the freedoms and opportunities people enjoyed.
Re: (Score:2)
If you have to drive home to move money, or worse to the bank, you're doing life wrong. I have far more fun stuff I could be doing.
I remember the 90s it was just as bad as now except for air travel, that was better. Our government has not gotten better or worse.
Re: (Score:2)
If you have to drive
Why would I have to drive?
home
Why is the alternative to go home?
to move money,
What about you is so disorganised or overcomplicated that you need to move money around your accounts while you're on the move?
or worse to the bank,
The richest people I know do precisely that. I don't. But there you go.
I have far more fun stuff I could be doing.
I'm not sure what's fun about needing to manage your bank accounts while travelling.
I remember the 90s it was just as bad as now except for air travel, that was better. Our government has not gotten better or worse.
Wow. Assuming you're in the UK, the USA or some Western European country, you really need to pay more attention to your country's legislative progress, even if you've nev
Re: (Score:2)
That's my strategy... works really well. I can transfer money online or via telebanking, but I just use that to pay bills. I use cash for everything, and my daily withdrawl limit with the plastic is $100. I cannot direct pay with my bank card... or rather, I can, but the daily limit is $0. I have a VISA card, but I restrict the use of that for recurring monthly payments (TV, Cell phone, Internet), and large purchases.
By forcing myself to use cash for everything, I force myself to have something tangible in
Re: (Score:2)
Seriously agree. In fact, those commercials that show someone querying their credit card or bank balance to see if they can buy a huge flat-screen TV or, quite frankly, any mobile banking issue, illustrates something very wrong with that model and poor personal financial planning and management by those who would rely on such features.
Re: (Score:2)
Since I can check my bank balance every day on my phone, I have a much better grasp of my finances. Especially now that I have just bought a house and have additional mortgage payments, it has been a great help in keeping my finances in order. It might depend a lot on the sophistication of the app that your bank provides though, mine has a lot of nice advanced features.
Re: (Score:2)
Since I can check my bank balance every day on my phone, I have a much better grasp of my finances.
What are you doing with your finances that means you need to check your bank account to find your balance? Aren't you aware of your incomings and outgoings?
The only argument I can come up with is that you want to check for bank error, which is fair enough, but if you feel the need to do that daily then you probably need another bank.
Re: (Score:2)
WOW! You must be a hell of a big deal, because you literally just told us how to live our lives.
I wish I had mod points right now, I'd mod you down so hard, you wouldn't shit right for a week.
Regardless of what you think is "right" or "wrong", if you think you can describe what people "need" to do so easily, then you're definitely wrong.
I've got a fair few friends who ONLY have a smart phone, and this smart phone is their entire life line to the world. They don't have a computer, or they have one, but they'
Re: (Score:2)
I've got a fair few friends who ONLY have a smart phone, and this smart phone is their entire life line to the world.
At the risk of receiving another angry response from you, would you perhaps consider advising your friends that having a smartphone as your "entire life line to the world" is an unnecessary and fairly dangerous risk? If you're travelling around remote locations, you'd be well advised to carry multiple means of communication - particularly equipment which does not rely on terrestrial infrastructure. A satellite 'phone is an option, as are transceivers for the CB or amateur radio services.
they're continually moving around in rural Australia, that they can't get a good internet connection
Ah, the rare excepti
Depends (Score:2)
If you store the most critical things in the cloud, specially things that you access thru your phone, is your password your most dangerous possession, mainly because stealing your phone is not a requirement for getting your data (if your password is unsafe or used from an unsafe location, i.e. with a keylogger). Of course, that have as advantage that if your phone gets stolen, and you are fast enough, you could change your cloud password and disable your phone number.
You could also store directly in the p
Re: (Score:1)
Re: (Score:2)
Only if the added utility is insufficient to outweigh the potential risk. Assuming your phone has a remote wipe feature, and the other security features on the phone buy you enough time to use it, then having your data in the cloud is useful because you haven't lost any data, only the physical phone.
Use Keepass for your passwords (Score:2)
Android users: use KeepassDroid for storing your passwords in a keepass database, and then randomize your important accounts.
Now all you need to remember is one good password. When you tap on an entry after decryption, keepassdroid puts a notification item up, that when activated, pastes the password in your clipboard for pasting into nearly any app or web page. It does smart things like clear the clipboard after a delay, etc.
You can combine it with Dropbox for unified password management on all platforms
Re: (Score:2)
Yeah, keepassdroid is great, by far one of the most useful apps on my phone. They are working on 2.0 database support though, it's read only now.
I knew it (Score:2)
To avoid smudge, make the keys move randomly (Score:3)
Re: (Score:2)
Re: (Score:2)
There are a number of MMOs that use PIN security mechanisms identical to this to defeat keyloggers. No reason why touchscreen devices can't easily implement it. It's not difficult or annoying after the first couple uses.
Re: (Score:2)
Re: (Score:2)
Hardware that was even making a token effort at security, would need to be capable of cold zeroisation.
To remotely wipe data, it needs a power source AND a signal.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I'd like to see more phones have the option to completely erase contents after "X" period of time with no network signal. This way, someone can't just pull a SIM card to keep access.
As for remote wipes, sometimes phones do provide non-corporate customers the way to do this. Apple does, (you used to need a .me.com account, but apparently with iOS 4.2.1, not anymore.) Motorola's Motoblur accounts also have this ability as well.
I do think having E-mail with an Exchange provider (that supports OWA) is a good
Re: (Score:2)
Give me a phone which will self destruct if someone tries to tamper with the security.
Call me crazy, but I wouldn't want to carry around explosives near my ear or crotch. My phone crashes enough, I'd prefer it not have the option of crashing then burning my nuts off.
Re: (Score:2)
Self-destruction does not have to be explosive. Though GP sure seems to think so.
Re: (Score:2)
Re: (Score:2)
Well, yeah, but in those countries it doesn't matter what phone you have.