Who’s looking over your shoulder?

Blog by Andy | Posted on Tuesday November 4 2014

If I were an unscrupulous, dastardly individual, I could have nicked two smartphones the other day and run off, laughing maniacally. Thinking about it, I would probably have done a factory reset and sold them online. Fortunately, I’m a pillar of society, so instead I’m writing a cautionary tale.

I was on a train travelling through Wiltshire and, as is usual for that time on a Saturday, the train was standing-room only, so I was forced to stand in the aisle. It was only a 15-minute journey. I wouldn’t mind but the train fares make your eyes water. That’s not my point, though. Unclench.

Only being nosey

My point is that I wasn’t even trying to snoop, but you know how you look about at the things around you and carefully avoid eye contact with other people staring into the middle distance? Well, the two people in the seats next to where I was standing both had their phones in front of them – I think they were a couple but they seemed to be engaged in mutual ignorance – and within seconds of each other, they had unlocked their respective devices by tapping in their pin. I had a good view of their clear, bright, high-resolution screens and without even trying, I knew their PINs.

6824 and 8050.

What can I say? People like their patterns. I can say what the PINs were here because the people are anonymous. I wouldn’t be able to pick them out in a crowd. Perhaps one of those PINs is yours? Maybe it was you. Hello.

All I would have had to do – as the unscrupulous, dastardly individual I’m not – is wait for you to let go of your phone for a couple of seconds and then lift it. Then I’d have been off, into the sunset. Well, Chippenham.

Fingertip control

Over the last few years Apple, Samsung and other mobile device manufacturers have attempted to mitigate this security flaw by introducing a biometric factor – a fingerprint reader in the home button of the device.

The use of biometrics was catapulted into mainstream media by the inclusion on such popular devices, and with the attention has come much criticism. Hackers were quick to demonstrate various ways to circumvent the security the fingerprint sensor provided, whether using Play-Doh, silicon fingertip covers or the like.

Of course the point they missed is that no method of security is flawless, but the more barriers you put up, the more difficult and thereby less attractive you make the proposition of breaching them.

Biometrics are a factor of authentication, not a single pill to fix everything. If you on the train had had to identify by fingerprint, I’d not even have considered the possibility. If you had had to identify by fingerprint and then tapped in your PIN, hardly anyone else would have done so either, however dastardly. Especially if you’d had the sense to shield your bloody screen. Yes.

That said, biometrics are pretty good. As a way of authenticating an individual, fingerprints are great. Iris and retina scans are better. Even the pattern of the veins in your hand or your eye has been shown to be a highly accurate way to differentiate individuals.

The technology is already available for many of these techniques, and we are just at the tip of the iceberg. It’s also become very affordable to own and technically viable to operate on any scale, so any organisation that needs to keep track of where individuals are and at what time, can implement biometric technology to help them do it. You can even get USB flash drives and external hard drives that have a fingerprint reader built in, so you have to swipe your finger over it before you can access its contents (after, of course, a second factor of authentication).

Convenience

And there’s another point. It’s not just about security and whether or not it can be fooled or breached. It’s about convenience and not having to remember cards or keys for everywhere we go. It’s about having that easy second factor, literally to hand, that can quickly be used to help protect your property and privacy.

Convenience is a big thing. Schools are now using children’s fingerprints [http://www.biometricupdate.com/201304/biometric-payments-in-school-cafeterias-privacy-nightmare-or-lunchroom-revolution] to keep track of them in the dinner hall. Kids don’t have to remember their dinner money (or fear having it nicked), and parents can be billed accurately for the meals for which their kids have shown up (I use the phrase carefully – my kids’ presence at a meal is no guarantee of their consumption of it). There are not many criminal organisations interested in hacking kids’ meals, so it’s not a security problem that’s being solved. It’s a matter of convenience and accuracy.

Will you join the revolution?

It’s fairly sure you’ll start to encounter it in the near future if you haven’t already. A recent poll of British people indicated that 8 out of 10 people preferred the convenience factor of biometric authentication.

So, back to you on that train, and this cautionary tale: be more careful with your PIN, like you are when you get cash out. I bet you get much less than the value of your phone from the cash machine, but you shield your PIN when you do.

Oh, and perhaps put your phones away and talk to each other occasionally. You’ll both appreciate it.