Sunday, April 17, 2011

Android lock screen

If you have an Android mobile phone, you probably already use the lock screen functionality that makes you enter an unlock code or draw an unlock pattern each time you want to use the phone. If you don't, you should. Otherwise, contact details or personal messages can be stolen within seconds, if you leave your mobile unattended. Other people may also make long distance calls or send unwanted messages to your contacts.

Android offers the functionality to unlock your mobile by drawing a pattern on the touch screen. This is generally faster than typing an unlock code again and again. Connect the dots shown on the screen in the correct order to draw your pre-defined pattern and you are done.

On the other side, using a touch screen always leaves some traces of your fingers. If you do not use your mobile extensively after the unlock (and thereby blurring your traces), attackers may be able to reconstruct your unlock pattern.

Even though taking photos of the finger traces did not lead to satisfying results, you generally get the idea: tilt the mobile against your next best source of light and see what you can reconstruct. Click on the photos to enlarge them.

But keep in mind: using the Android lock screen with a draw pattern instead of an unlock code is still way better than using no lock functionality at all.

Friday, April 15, 2011

Sometimes attackers just have to listen

This story happened yesterday in a bank just near my place. A woman, approximately 55 years old, entered the bank and went up to the friendly guy behind the desk to get some cash. Her voice was louder than the everage and therefore good to understand.

Woman (W): "I lost my company's money somewhere. I can't find it anymore - don't know where I put it."

Man (M): "You should probably just have another look at home, it will be somewhere around."

W: "Yes, sure it will be - I always hide it behind one of the big containers at home - under the doormat. I will have a look at there later on."

The man looked confused and so did a couple of other people, who were standing in the same room. The bank assistant grinned for short, but tried to explain her to speak in a low voice and that she should have a look at different places where she puts the money usually. But the woman was not going to stop.

W: "I think, it has to be under the container. I also put my wallet there, this time."

At this point a man, standing behind the woman already the whole time interrupted: "Sorry lady, but you should stop talking about your secret places in your own interest."

But once again the womand didn't want to listen:
"Ah...nobody knows where I am living. And I am going home afterwards to look for it. Just doing groceries before that."

Eventually, the woman left the bank and my friend, who was standing on the other side of the room, called me to tell me what he had just experienced. The story is true and is an awkward reminder of security awareness. But there is also a good side of this story. It also points out that security is already in everybody's mindset when it comes to topics like this - except for the woman, of course. And security measures, like not talking about sensitive information, can get a very natural part of their lives. A man even took action to shut her up, how often do we see an employee reminding colleagues about keeping company secrets?