Endpoint Security and Smartphones

• Previous message (by thread): Endpoint Security and Smartphones
• Next message (by thread): Anyone know of a good InfiniBand vendor in the US?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I get that part.  I guess I am just trying to figure out why having your
passcode is such an advantage.  I guess if you really want to physically
steal (or temporarily "borrow") my phone and get into it, that would be
useful.  I would be much more concerned about remote exploits because I
have always assumed that if you physically have the device, you are
going to get into it.  All I count on my passcode for is to prevent me
from butt dialing.

I think the real value here would be if it were used as more of a
general purpose key stroke grabber that could tell me remotely what you
are doing with your phone.  Problem with that is that the accuracy would
have to be much better for that purpose.

Steven Naslund

-----Original Message-----
From: George Herbert [mailto:george.herbert at gmail.com] 
Sent: Tuesday, February 19, 2013 10:47 AM
To: Naslund, Steve
Cc: NANOG; George Herbert
Subject: Re: Endpoint Security and Smartphones


Normal apps can usually get the accelerometer data without breaking
device security.

So you download the newest cool free Mine Birds or whatnot, and its
server upload traffic eventually includes guesses at your passcode along
with your game status...


George William Herbert
Sent from my iPhone

On Feb 19, 2013, at 8:07 AM, "Naslund, Steve" <SNaslund at medline.com>
wrote:

> Kind of seems to me that if I am deep enough in your mobile device to
get your accelerometer data, I probably can get access to your stored
data in the device.  The only reason I think I would want your passcode
would be to physically steal your device and then try to use it.
> 
> This is one of those attacks that is probably possible but not
practical.  Interesting blog however.
> 
> Steven Naslund
> 
> 
> 
> -----Original Message-----
> From: Jay Ashworth [mailto:jra at baylink.com] 
> Sent: Tuesday, February 19, 2013 9:20 AM
> To: NANOG
> Subject: Endpoint Security and Smartphones
> 
> Some time back, the FBI was heard to say in public that
draw-your-passpattern security, as seen on Android smartphones and
tablets, was too much for them, at least as long as you kept your screen
clean of skin oil. :-)
> 
> Whether or not that's true, there are apparently ways to attack even
that, using just the sensors on the platform.  Specifically, the
accelerometers (which are actually usually just angle sensors):
> 
>  http://www.schneier.com/blog/archives/2013/02/guessing_smart.html
> 
> If you're responsible for security, BTW (and if you're on NANOG, you
probably are), Bruce Schneier should be on your daily bookmark list...
> even if you think he's full of crap.
> 
> Cheers,
> -- jra
> -- 
> Jay R. Ashworth                  Baylink
jra at baylink.com
> Designer                     The Things I Think
RFC 2100
> Ashworth & Associates     http://baylink.pitas.com         2000 Land
Rover DII
> St Petersburg FL USA               #natog                      +1 727
647 1274
> 

• Previous message (by thread): Endpoint Security and Smartphones
• Next message (by thread): Anyone know of a good InfiniBand vendor in the US?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]