Forgot your password?
typodupeerror
Crime Privacy Security Your Rights Online

Smartphone As Your Most Dangerous Possession 154

Posted by timothy
from the keep-that-thing-away-from-my-family dept.
Hugh Pickens writes "CNN reports that now that smartphones double as wallets and bank accounts — allowing users to manage their finances, transfer money, make payments, deposit checks and swipe their phones as credit cards — smartphones have become very lucrative scores for thieves and with 30% of phone subscribers owning iPhones, BlackBerrys and Droids, there are a lot of people at risk. Storing a password and keeping your phone locked is a good start, but it's not going to protect you from professional fraudsters. 'Don't think that having an initial password set on your phone can stop people from getting in there,' says Nikki Junker, a victim advisor at the Identity Theft Resource Center. 'It's a very low level of protection — you can even find 30-second videos on how to crack smartphone passwords on YouTube.'"
This discussion has been archived. No new comments can be posted.

Smartphone As Your Most Dangerous Possession

Comments Filter:
  • by Amorymeltzer (1213818) on Sunday January 16, 2011 @11:46AM (#34897084)

    I believe you mean "risky" not "dangerous." The most dangerous item I own is probably a knife.

    • by corsec67 (627446) on Sunday January 16, 2011 @11:59AM (#34897154) Homepage Journal

      You don't own a car? That is probably the "most dangerous" class of item that people own.

      • by Anonymous Coward on Sunday January 16, 2011 @12:13PM (#34897232)

        I don't own a car, but I do own a lightsaber. Not as clumsy or random as a car; an elegant weapon for a more civilized age.

      • by KtHM (732769)

        I'm thinking my shotgun is a little more dangerous than my station wagon.

        • by ifiwereasculptor (1870574) on Sunday January 16, 2011 @12:27PM (#34897338)

          You don't have to reload a station wagon on a crowded sidewalk...

        • by Anonymous Coward

          Sorry, I thought it was people, not guns, that were dangerous. Thanks for clarifying that.

          • Re: (Score:3, Interesting)

            by BrokenHalo (565198)
            Sorry, I thought it was people, not guns, that were dangerous.

            Well, that's true. Any suitably light-fingered individual is well qualified to attempt to lift my phone out of my front pants pocket, provided that they don't mind taking the chance that I might smash their brains in.

            But then I personally think it's incredibly stupid to put any kind of financial details on anything that is so easily and casually stolen. I don't even leave such information lying around (at least in a form that is worth the tr
            • What's "financial details"?
              If you have a phone that stores e-mail, and you've ever had your bank/paypal/credit card/amazon/etc send you a "I've forgotten my password" email.... then that info is fairly easy to access. Even finding out answers to your typical "security questions" would be fairly trivial.

              I would be surprised if your average smartphone user has thought this through.
          • by TheRaven64 (641858) on Sunday January 16, 2011 @01:43PM (#34897840) Journal

            Sorry, I thought it was people, not guns, that were dangerous

            True, but since the 13th amendment passed you're not allowed to own any people, only guns.

          • by FooAtWFU (699187)
            Generally speaking, guns almost never kill people.... bullets, on the other hand, are another matter.
            • "Generally speaking, guns almost never kill people.... bullets, on the other hand, are another matter."

              Bullets? Nah... It's not bullets what's dangerous, it's the speed they come with.

              • by Fjandr (66656)

                It's not even the speed. It's the inertial delta of the bullet and [part of] the person.

        • by neumayr (819083)
          It comes down to how much you perceive the risk of using a tool. You know your shotgun can potentially do a whole lot of damage. That's its express purpose after all.
          A car doesn't seem as dangerous, but even though it wasn't designed for that purpose it can do a lot of damage, and I wouldn't be surprised when the relevant statistics show that percentage wise, a lot more people get accidentally hurt by cars than by shotguns.
          The same partly applies to blunt vs. sharp kitchen knives, with people getting cut
      • If your car is the most dangerous thing you own you should probably think about visiting an optometrist.

        • No, that's risk. The car is enormously dangerous whether you can see well or not. If you intend to use it to harm, having good eyesight makes it *more* dangerous. It is indeed the most dangerous thing most people own, with the possible exception of a gun (if they own one).

          • Actually the danger from cars is over-rated. A gun can kill far more people more quickly, even if you drove into a crowd you'd be very unlikely to kill as many people as you could with a gun.

            Cars are also a lot more clumsy, and once off a road are prone to being stopped very quickly by any number of things.

            • by RogerWilco (99615)

              I think you underestimate what one can do with a car.

              See for example the Queensday attack in the Netherlands almost 2 years ago:
              http://www.spiegel.de/international/europe/0,1518,622342,00.html [spiegel.de]

              5 people dead at an event with about the highest level of security that you could find in the Netherlands at the time.

            • by Fjandr (66656)

              There are countries I can think of where firearms are likely more dangerous than vehicles, but the US is not one of them.

              From 1999 to 2007, the total motorized vehicle death rate was 14.76 per 100,000. The firearm death rate during the same period was 10.33 per 100,000. That said, I'm not sure it matters much. Each side will frame the numbers in ways that support their bias, and will argue endlessly over which comparison is "more accurate." In the end, the only quantifiable "fact" is that one kills people m

      • by syousef (465911)

        You don't own a car? That is probably the "most dangerous" class of item that people own.

        Are you married? *ducks for cover from the feminists*

      • by tehcyder (746570)

        You don't own a car? That is probably the "most dangerous" class of item that people own.

        I thought most people died in household accidents, making your own house your most dangerous enemy.

    • Semantic quibble, which comes down to people's ability to asses risk. Guns vs swimming pools.
      The point is, the phone is a terrible choice for security related matters, because it wasn't specifically designed to be an e-wallet from the ground up.

      You can never, ever just bolt-on security.

      • You can never, ever just bolt-on security.

        Wait - Isn't that exactly what we do with doors?!

        • Yeah but there's a difference between putting a bolt on a glass door or on a steel reinforced one.

        • Depends on the door.
          A wooden door, with an after market bolt, would only stop opportunistic threats.
          A door designed from the ground up to be secure, would have multiple locking bars which engage in all directions, into a metal frame which would also be part of the overall secure design.
          That would go some way to reduce the single point of failure which a single bolt represents.

          Analogy stands.

          • Re:Freakonomics (Score:4, Informative)

            by mlts (1038732) * on Sunday January 16, 2011 @02:30PM (#34898166)

            If I stuck a deadbolt cylinder on a hollow core door used for internal rooms, someone could easily kick it in without a moment's thought.

            If I stuck a cylinder on a European lock that had multipoint locking, a solid jamb that uses steel rails that are sunk into the foundation, it would require a hydraulic ram to open it.

            Similar with phones. If I stuck a PIN on an open device, there would be ways to get around it. However, if the device was built from the ground up with encrypted filesystems, keys in a secure RAM partition, and anti-brute force code where PIN guessing resulted in longer delays, and eventually a complete zeroization of the device, the same PIN that might be worthless on one device may adequately protect another.

            One can see this when comparing a TrueCrypt keyfile stored on a cryptographic token (or an IronKey) compared to one stored on a generic USB flash drive. After try #20 with the USB flash drive, it doesn't matter, especially if one just copies the cyphertext to another image to protect against self destruct software. The same data stored on a hardware device using hardware encryption will be long gone before attempt #20 could even be made.

            A 4 digit PIN can be excellent protection, or it can be a joke depending on how the device is architected.

          • and to be truly secure the walls would have to have a lattice of welded bars all the way around (and in the roof and floor.

            any good attacker will locate the weakest point and use that (ultra secure door does Zippo when your walls are made of sheetrock

        • No. If you just bolted on a door to something built without other consideration of security, it's not going to do very well. In fact, a house *is* security--the door is your access point. A door as just "bolt-on" security would be a door sitting there without any walls.

          • by Fjandr (66656)

            With stick-frame construction a door is still bolt-on security, even if it's a solid steel, multi-point locking door in a steel jamb.

      • The point is, the phone is a terrible choice for security related matters, because it wasn't specifically designed to be an e-wallet from the ground up.

        You can never, ever just bolt-on security.

        By this implied definition of e-wallet, a real wallet isn't really designed as a wallet from the ground up either. My wallet has essentially no security once it's out of my hands through theft or loss. But I do get the point, one might store even more valuable information in an e-wallet than just the cash and credit card numbers present in an r-wallet. Bank passwords, other account passwords could lead to considerably more damage than the $50 per credit card loss one might incur. Unless of course, you carry

  • by hsmith (818216) on Sunday January 16, 2011 @11:48AM (#34897104)
    With passcodes, setting the phone to wipe on a few failed tries? Almost everyone I know lacks a passcode on their mobile device - giving anyone the freedom to dig into their personal lives. I just don't think people realize what a risk it is at all.

    I'd also like to know which devices can be cracked in 30 seconds. With iPhone 4's full device encryption, I don't see how the key can be cracked in under 10 tries before it would wipe itself. But, I'd like to know.
    • by sznupi (719324)

      I remember how not so long ago any new SIM card came with its PIN. Lately though, out of the box, they often don't require any authorization (a PIN can be still set up of course, but...)

      It would seem people prefer it that way (at least at my place, but I doubt it's very unique)

    • The risk appears to only be for Android phones, because the swipe-to-unlock leaves smudges that can be visually decoded to tell the thief the "password". I can't see how this security vulnerability affects iPhones with their tap-based passcode.

      And yes, I have a passcode on my phone. It takes about a day for the annoyance factor to dissipate, and IMHO you're nuts not to have one.

      Simon
      • by YouWantFriesWithThat (1123591) * on Sunday January 16, 2011 @01:05PM (#34897582)
        android phones have numeric or alphanumeric passwords that can be enabled as of version 2.2
      • The risk appears to only be for Android phones, because the swipe-to-unlock leaves smudges that can be visually decoded to tell the thief the "password". I can't see how this security vulnerability affects iPhones with their tap-based passcode. And yes, I have a passcode on my phone. It takes about a day for the annoyance factor to dissipate, and IMHO you're nuts not to have one. Simon

        OK, I don't have an iPhone, so what is a tap-based passcode? Just typing digits on a 10-key style screen interface or something like that? I've got a smartphone,but not an iPhone, and have been reluctant to keep anything too valuable (or personal) on it for lack of password protection, and I've resisted using password protection because of how annoying I imagine it to be. Am I totally wrong about how big a hassle it is?

        • The iPhone unlock is a 4-digit PIN. I think you can use more digits, but 4 is enough, given that you only get 5 tries.

          As I said, I found it annoying at first, but after a day or so, I don't really notice it. You don't need to unlock the phone to answer calls, so it's about 2 seconds to unlock then use the phone. Well worth it IMHO.

          Simon
    • by hsmith (818216)
      errr i mean iOS4 not the iPhone 4
    • I'd also like to know which devices can be cracked in 30 seconds. With iPhone 4's full device encryption, I don't see how the key can be cracked in under 10 tries before it would wipe itself. But, I'd like to know.

      Couldn't they just dump the memory of the device in its encrypted state and crack it at their leisure?

    • by Haedrian (1676506)

      That'll work.

      Until someone wipes your phone maliciously.

  • Actually no I do not use a smart phone for banking etc.. I cannot control the OS installed on the phone, I therefore cannot add bits (apps) knowing for sure that they work as intended, so I do not use the smart phone for banking, or surfing to sites that need log-ins. Log-in type of browsing I use my Linux desktop / laptop for.

    Those that do use a smart phone for everything, they should treat the phone just like cash, where if you loose it, you could be well forked, and out of pocket in more ways than one.

    • by CharlyFoxtrot (1607527) on Sunday January 16, 2011 @11:54AM (#34897134)

      The security on a smart phone isn't any worse (in many cases better, even) than that on most people's personal computers. The OS question is irrelevant, the big difference is that it's much easier to gain physical access. Just be vigilant and be have a plan ready to immediately block all access if you do lose your phone.

    • by h4rr4r (612664)

      I have a smartphone, a Droid. I control the OS, I have added "bits", kernel modules.

    • I therefore cannot add bits (apps) knowing for sure that they work as intended,

      Working as intended isn't what worries me with smartphone apps. Working as advertised is a much bigger impediment to my comfort levels doing banking on the phone.

      I stop short of having my gmail account on my smartphone. Banking, etc, get done from a stock-configured browser in a virtual machine that only ever gets used for that (and is configured read-only).

  • by cold fjord (826450) on Sunday January 16, 2011 @11:54AM (#34897132)

    It continues to make almost everything more convenient, including ruining you.

    • by fermion (181285)
      We need to be aware of the security risk of the instruments we use. That said more advance and abstract instruments are not necessarily more risky. For instance in a barter system we might use goods, but have the risk of those goods losing value due to decay or market forces. We might say a objective measure such as gold could be secured, but not against inflation. Gold has not kept up with inflation for most fo the past 35 years.

      So maybe we have currency which can also be lost, stolen, and has no pro

    • by couchslug (175151)

      "It continues to make almost everything more convenient, including ruining you."

      Freedom of choice includes the burden of making wise choices.

  • It Can Get Worse... (Score:3, Interesting)

    by IonOtter (629215) on Sunday January 16, 2011 @11:55AM (#34897144) Homepage

    Throw in one of these [squareup.com], and you're looking at truly ridiculous amounts of pain if you lose your phone.

    • Re: (Score:3, Insightful)

      by neumayr (819083)
      (Took a little while to recover from that ridiculous commercial)
      Seems like that device is made to accept credit card payments, not to pay people with credit cards. How does that make losing ones phone any worse than it already is?
      • Looks to me as if that system is best suited to card-skimming operations. The convenience seems to fall entirely on one side of the transaction.
    • by hsmith (818216)
      Do you even understand what squareup does? You losing your phone has nothing to do with it.
    • The other replies to your post already noted that this service does not store any data on the phone. Here is text from their site: https://squareup.com/security [squareup.com]
      • Card numbers, magnetic stripe data, or security codes are not stored on Square client devices.
      • Applications developed in-house are subject to strict quality testing and security review. Web development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
      • Card-processing applications adhere to the PCI Data Securit
  • Close to (still not quite reaching that number, IIRC) 30% of device sales are smartphones, not 30% of subscribers (and as to "Droids"...Samsung seems to be positioning themselves firmly on top; unless the term starts becoming a genericized (shortcut of) trademark)

  • The late '90s were a zenith of Western society, a fair balance of regulation and freedom; technology and tradition.

    Now the government's breathing down everyone's neck while they're neatly distracted by thinking they're such a big deal that they need to be contacted at every minute of the day or night.

    Minimise your shitty gadgets. Do only what needs doing. Relax a little. If you think you need to bank from your 'phone, you're doing life wrong.

    • by sznupi (719324)

      Also ~"moral and intellectual demise of youth will soon destroy civilization" - don't-remember-who, Ancient Greece.

      • by The_mad_linguist (1019680) on Sunday January 16, 2011 @12:20PM (#34897286)

        Fifty years later, their civilization was, practically speaking, destroyed.

        Just saying.

        • by sznupi (719324)

          Crap, my hangover must be worse than usual, I was convinced of writing some reply via means made possible by technical civilization of "humans"; even worse - being member of their species...

        • Greece fell once, people where complaining all the time. The fifty year thing sure sounds good, but it's total bollocks.

          The one thing I learned from reading stuff from all ages is that the past was _always_ better, youth is _always_ going downwards and apocalypse is _always_ just around the corner.

          Just saying.

      • It's generally true, but then some revolution or war or other instability comes along and shakes things up a bit. We've experienced too much stability to reinvigorate the new generation.

        Also, school is fucking easy now. It's never been easier. The mass Western privatisation/unionisation (delete as inappropriate to your political prejudice) of education is unique to the last couple of decades. Contrast the 400 years of what counted as formal or informal higher education, or skip over the Dark Ages and contra

        • by sznupi (719324)

          Even with hiccups it still roughly gets better and better...

          (also, can't really vouch for educational systems other than my local one... but according to one of my parents (accountant, so with some steady contact with basic math) - my generation apparently covered before highschool their Baccalaureate-level math; generally, schooling isn't even for that long very widespread in the first place / the average level of education is very much higher from the old times / we probably still get greater proportion o

          • What country? GCSE mathematics in the UK is a joke compared to O-level, and A-level has had the syllabus progressively reduced. More importantly, questions have turned from requiring ingenuity to being something the student will have already seen in the textbook (produced by the same publisher which happens to own the exam board).

            As for the average level of education, it's true that more people can read, but learning specific technical skills is not the same as the exercise and application of imagination an

            • by sznupi (719324)

              The difference between 50s and 90s in Poland. Note: apparently there was also some decline during the last decade, perhaps largely because of poorly executed educational reform (and...modeled on wrong examples; a bit in the spirit of post-colonial mentality: "they are prosperous, so all must be better").

              Nothing too dramatic though, and I'm pretty certain it will continue to improve. Don't look at fluctuations; doesn't help that we are merely convinced of how good our memory is. Add variously colored glasses

      • Wikiquote to the resque:

        Socrates - misattributions

        "Children now love luxury; they have bad manners, contempt for authority; they show disrespect for elders and love chatter in place of exercise. Children are now tyrants, not the servants of their households. They no longer rise when elders enter the room. They contradict their parents, chatter before company, gobble up dainties at the table, cross their legs, and tyrannize their teachers."

        Apparently dates from 1953: see Respectfully Quoted: A Dictionary of

    • by epine (68316)

      The late '90s were a zenith of Western society, a fair balance of regulation and freedom; technology and tradition.

      You've got to be kidding. This ranks right up there with Jody Foster defending Mel Gibson as "not such a bad guy to work with" while the Russell Williams story was breaking in Canada. He was a great guy in the office, too, but had defects in other life aspects.

      You cleverly post this right after I finish reading a long treatise on the nutter-of-the-moment and his trigger words.

      Looking Behind t [nytimes.com]

      • Your drunken post was very difficult to read. Are you countering by pointing out that some tech stock was overvalued? Maybe you're young/selfish enough that it's the sort of thing which you consider the height of importance, but perhaps you ought to concentrate on the freedoms and opportunities people enjoyed.

    • by h4rr4r (612664)

      If you have to drive home to move money, or worse to the bank, you're doing life wrong. I have far more fun stuff I could be doing.

      I remember the 90s it was just as bad as now except for air travel, that was better. Our government has not gotten better or worse.

      • If you have to drive

        Why would I have to drive?

        home

        Why is the alternative to go home?

        to move money,

        What about you is so disorganised or overcomplicated that you need to move money around your accounts while you're on the move?

        or worse to the bank,

        The richest people I know do precisely that. I don't. But there you go.

        I have far more fun stuff I could be doing.

        I'm not sure what's fun about needing to manage your bank accounts while travelling.

        I remember the 90s it was just as bad as now except for air travel, that was better. Our government has not gotten better or worse.

        Wow. Assuming you're in the UK, the USA or some Western European country, you really need to pay more attention to your country's legislative progress, even if you've nev

        • That's my strategy... works really well. I can transfer money online or via telebanking, but I just use that to pay bills. I use cash for everything, and my daily withdrawl limit with the plastic is $100. I cannot direct pay with my bank card... or rather, I can, but the daily limit is $0. I have a VISA card, but I restrict the use of that for recurring monthly payments (TV, Cell phone, Internet), and large purchases.

          By forcing myself to use cash for everything, I force myself to have something tangible in

    • If you think you need to bank from your 'phone, you're doing life wrong.

      Seriously agree. In fact, those commercials that show someone querying their credit card or bank balance to see if they can buy a huge flat-screen TV or, quite frankly, any mobile banking issue, illustrates something very wrong with that model and poor personal financial planning and management by those who would rely on such features.

      • by RogerWilco (99615)

        Since I can check my bank balance every day on my phone, I have a much better grasp of my finances. Especially now that I have just bought a house and have additional mortgage payments, it has been a great help in keeping my finances in order. It might depend a lot on the sophistication of the app that your bank provides though, mine has a lot of nice advanced features.

        • Since I can check my bank balance every day on my phone, I have a much better grasp of my finances.

          What are you doing with your finances that means you need to check your bank account to find your balance? Aren't you aware of your incomings and outgoings?

          The only argument I can come up with is that you want to check for bank error, which is fair enough, but if you feel the need to do that daily then you probably need another bank.

    • by definate (876684)

      WOW! You must be a hell of a big deal, because you literally just told us how to live our lives.

      I wish I had mod points right now, I'd mod you down so hard, you wouldn't shit right for a week.

      Regardless of what you think is "right" or "wrong", if you think you can describe what people "need" to do so easily, then you're definitely wrong.

      I've got a fair few friends who ONLY have a smart phone, and this smart phone is their entire life line to the world. They don't have a computer, or they have one, but they'

      • I've got a fair few friends who ONLY have a smart phone, and this smart phone is their entire life line to the world.

        At the risk of receiving another angry response from you, would you perhaps consider advising your friends that having a smartphone as your "entire life line to the world" is an unnecessary and fairly dangerous risk? If you're travelling around remote locations, you'd be well advised to carry multiple means of communication - particularly equipment which does not rely on terrestrial infrastructure. A satellite 'phone is an option, as are transceivers for the CB or amateur radio services.

        they're continually moving around in rural Australia, that they can't get a good internet connection

        Ah, the rare excepti

  • If you store the most critical things in the cloud, specially things that you access thru your phone, is your password your most dangerous possession, mainly because stealing your phone is not a requirement for getting your data (if your password is unsafe or used from an unsafe location, i.e. with a keylogger). Of course, that have as advantage that if your phone gets stolen, and you are fast enough, you could change your cloud password and disable your phone number.

    You could also store directly in the p

    • by neumayr (819083)
      Storing your personal data on systems you have no control over is bad. News at eleven.
      • Only if the added utility is insufficient to outweigh the potential risk. Assuming your phone has a remote wipe feature, and the other security features on the phone buy you enough time to use it, then having your data in the cloud is useful because you haven't lost any data, only the physical phone.

  • Android users: use KeepassDroid for storing your passwords in a keepass database, and then randomize your important accounts.

    Now all you need to remember is one good password. When you tap on an entry after decryption, keepassdroid puts a notification item up, that when activated, pastes the password in your clipboard for pasting into nearly any app or web page. It does smart things like clear the clipboard after a delay, etc.

    You can combine it with Dropbox for unified password management on all platforms

    • Yeah, keepassdroid is great, by far one of the most useful apps on my phone. They are working on 2.0 database support though, it's read only now.

  • I'm not dumb enough to place any form of important info into ANY device connected to a network. Privacy can not be maintained when so many people have access to the servers and software directly connected to your smart phone or computer. I remember when phones made phone calls...and that was it. No ring tones, no aps, just a basic fully functioning device use to communicate with others. Now people are shocked that the "smart" phone is considered a prize to thieves. It's a key to the bank you use and you kee
  • If the keys moved around randomly on the screen at the beginning of typing the password and after typing each character, the positions of smudges on the screen would not give any information about the password. (Yes, this does have an obviously funny reply. Not sure how to upstage it from here. Go ahead and say it, then.)
    • by Ocker3 (1232550)
      they're mostly talking about gestures, not typing in a pin, at least from my reading of the article. now if there was a set of gestures, and the phone displayed a shape and wanted you to complete a randomly selected (or user-chosen) upon setup gesture, that would increase the complexity of the cracking process. so instead of My Password Gesture, there would be 4-5 shapes (noises? videos?) with a corresponding gesture. not infallible, but would take it to the next level.

ASCII a stupid question, you get an EBCDIC answer.

Working...