20
Apr, 2018
which_authentication_is_best_400.jpg

Which Authentication Option is Best?

which_authentication_is_best_400.jpg

Smartphones have steadily increased in their capabilities, and as they have done so, they have resultantly gathered more and more data that needs to be secured against potential security threats. Fortunately, there are also more ways to protect your smartphone than ever before. For today’s blog, we’ll take a look of the options you have to secure your devices.

The Password
Passwords are the reigning king of authentication. A well-regarded password is your average user’s go-to; and, if not created with security in mind, can be very problematic. Since users have problem remembering new passwords, even if it’s one that they are able to choose, many users will create obvious passwords that can easily be guessed or hacked.

Conversely, a password (or the passphrase) can be one of the strongest security measures available for your mobile device, as it is important for every mobile user, especially one that has access to business networks, to secure their devices.

The Pattern Lock
The second option we will go over is called a pattern lock. It is the three-by-three swipe-based gesture that unlocks the device. This natural and intuitive lock is very fast, and if all nine dots are used in a pattern, it provides close to 400,000 possible configurations. Pattern lock comes up short in a couple ways. People tend to use shapes that are more easily guessable. It’s also relatively easy to ascertain the password if you watch a user’s hand.

The PIN
The PIN authentication option is a relatively strong one, as the typical four numeral option has over 10,000 different combinations. Android features the ability to support up to 16 digits. That’s 10 quadrillion different combinations. Of course, not many people are going to be able to remember a 16-digit PIN (and how annoying would it be to have to enter that every time you unlock your phone?). Simple pins are the norm, and therefore not very secure.

The Fingerprint Scanner
This authentication method is now becoming standard on most smartphones and has by-in-large been very popular. It’s secure enough to be trustworthy, and very fast. Moreover, many financial applications utilize the fingerprint as a form of authentication, making the option that much more attractive. The only drawbacks are that sometimes manufacturers will put it in an inconvenient spot on the device and that it doesn’t work with gloves.

Using the Face
All newer smartphones have been taking advantage of facial recognition software. This allows a user to gain access by just glancing at the phone. Since this is an operating system-dependent option, most phones will be getting this option. It may not currently be the most secure option, but as the technology advances, this will be the go-to method for all authentication.

Other Security Measures
Many phones now also offer security features that rely on alternative forms of authentication. On-body detection keeps the device unlocked whenever it is being carried – regardless of who is carrying it. Other options such as having your device unlock when a user says “Okay, Google” is more for convenience than privacy or device security.

What’s the Best Option?
Currently, if you are looking for the most secure and accessible option, your best bet is to use the fingerprint scanner on your phone. Back that up with a five-or-six-digit PIN and you’ll be good to go. In the future, expect the facial recognition software to improve precipitously; and, therefore, be the most secure (and popular) option to get into a mobile device.

What form do you use? Leave your favorite security methods in the comments section below.

5
Aug, 2016
droidjack_hurting_companies_400.jpg

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

droidjack_hurting_companies_400.jpg

There’s a new augmented reality game on the market these days. Perhaps you’ve heard of it – a title called Pokemon Go, which lets you capture virtual monsters that “appear” on your smartphone’s camera. However, hackers have seized this opportunity to infect players’ mobile devices with a backdoor called DroidJack, which uses the mobile app’s immense popularity to its advantage.

As one of Nintendo’s most popular gaming franchises, it shouldn’t come as a surprise that Pokemon Go has experienced such a warm reception amongst both new and old fans of the series. It’s ranked as the #1 most downloaded app on both the Apple Store and Google Play store, and was so wildly successful that Nintendo’s stock surged following its release. With over 75 million users worldwide, it has more users than some of the most popular smartphone apps, including Tinder, Twitter, and Google Maps.

Of course, hackers have to ruin the most popular of things, and they made an attempt to exploit this in the form of a malicious APK (Android application package). The game experienced a soft release, probably in order to ensure that the servers (which many Pokemon Go gamers suspect is simply a closet full of potato electrodes due to frequent crashes) could handle the traffic volume, which left many countries around the world without access to the game at first.

Thus, impatient fans made attempts to download the APK file and “side-load” it onto their devices – a major no-no for any security-minded mobile device user. Basically, you have to allow app installation from unknown sources, which is frowned upon due to some apps containing malware, or unnecessary permissions. Yet, those who wanted to play the game didn’t think for one second that what they were really downloading was a backdoor into their devices.

Due to the exclusivity of the application in the days before its release, many users outside of a select few countries chose to download the APK from an unknown source and just rolled with it. Today, the app is available in many countries, but a modified APK that was released online prior to the official release allowed remote access to the device, and can provide full control over the victim’s phone. In worst-case scenarios, this vulnerability extends to the rest of any network that the device is connected to. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.

Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.

https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png

This is a valuable lesson to anyone who uses a smartphone: be careful of what apps you download, and ensure that you aren’t giving your apps too many permissions. There’s almost no reason that a game of any kind should be able to access your text messages, make phone calls, modify your contacts, record audio, or anything else of the sort. Exploitation of the APK hasn’t necessarily been observed in the wild, but a development such as this, where hackers use popular apps to spread their infections, sets a dangerous precedent that cannot be ignored.

You should never install apps from unknown sources in the first place, especially on company devices and smartphones. It’s especially important that you only download apps from reputable sources, like the Apple store and the Google Play store.

After all, “Gotta catch ‘em all,” shouldn’t refer to malware infections.