Endpoint Security and Smartphones

Naslund, Steve SNaslund at medline.com
Tue Feb 19 16:35:09 UTC 2013


My knowledge on mobile device security is pretty limited.  I am just trying to wrap my head around the value of your passcode.  I suppose it would be good to know if I could get covert access to the device itself so I could see what is on it.  I would however have to get some malicious code on the device to get the passcode so it would seem to be easier to put malicious code on your device that sends me whatever I need the passcode to access in the first place.  I guess one of my thoughts on computer security in general is that if someone gets physical access to the device, it is history.  I would not count on the passcode to be very protective because it would seem that there would be some kind of way around it through the hardware vendor, maybe not but someone would have to convince me that a backdoor does not exist.

Steven Naslund


-----Original Message-----
From: Jay Ashworth [mailto:jra at baylink.com] 
Sent: Tuesday, February 19, 2013 10:22 AM
To: Naslund, Steve
Subject: Re: Endpoint Security and Smartphones

----- Original Message -----
> From: "Steve Naslund" <SNaslund at medline.com>

> Kind of seems to me that if I am deep enough in your mobile device to 
> get your accelerometer data, I probably can get access to your stored 
> data in the device. The only reason I think I would want your passcode 
> would be to physically steal your device and then try to use it.
> 
> This is one of those attacks that is probably possible but not 
> practical. Interesting blog however.

I dunno, Steve; think "trojan horse".
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274


More information about the NANOG mailing list