The security of unlocking an Android based device, the future is near?

In a recent survey of people in America who use their smartphone for work, less than a third said they employ the password protection on their smartphones. Although everyone will agree that not protecting your smartphone isn’t smart, it is all about memorizing. 

Everyone that has an Android-based device knows they do not have to remember yet another pin code to unlock the device. Besides all the telephone numbers you have to remember, and they are unique by default, there are also the different pins for your bank and credit cards. These should be unique but of course, due to human nature, most people use the same pin code more than once as they can only remember a limited number of different codes. And writing them down is, of course, not the best thing to do.

Unlocking an Android based device works differently. You can swipe your finger on the screen over a 9 point square and draw your favorite little line-picture to unlock it. The line-picture should not be too easy to guess, so if your name is Lisa or Lewis, using the “L” shape may not be the safest in the world.

As we are looking at our smartphones more often by the day (who is still using a real watch to look at the time?), we are swiping the same pattern on the smartphone numerous times a day. The screen gets greasy and the pattern is quite often visible, defeating its purpose of being a security mechanism.

On 13 March 2012, Sony announced a new Android-based smartphone, the Sony Xperia Sola, using a new technology: “floating touch”. The user will not be required anymore to touch the screen, but just has to move his finger above the screen, not leaving a trail. For now this only works with the browser, but in the (hopefully near) future, it will be migrated to applications as well, creating the possibility of unlocking your phone without touching the screen.

Another interesting feature of the Sony Xperia Sola is the combination of smartphone and SmartTag. A SmartTag is a small token that has read/write capabilities to/from the phone when it is in close proximity to the phone. This is a form of Radio Frequency Identification (RFID) technology known as Near Field Communications (NFC). The currently popular game “Skylanders” is using a similar technique to load and store information on the figurines. On the SmartTag that is used for the Sony Xperia Sola, a preconfigured profile stored on the SmartTag will be activated when the telephone is close enough to it. This is convenient if there are multiple users or if the phone is used in different locations. When traveling abroad, one could easily use a SmartTag with a profile in which expensive roaming is disabled.

It would be better if it is impossible to start the smartphone or to unlock the smartphone without the presence of a SmartTag. Combined with the swipe pattern, that would be a 2-way authentication. Hopefully these new features will make it into the security applications for the device.

And it would even better, if content of the SD card can only be viewed if the SmartTag is nearby to be used as an Encryption/Decryption key. If a card is stolen (or someone claims their phone is hacked), at least pictures will not be usable and won’t be able to make it the Internet where they can be viewed by the world. (Something Glee actor Heather Morris would have appreciated, that is, not having her ehhh…private pictures exposed online!)

Of course it would be much better not to make such pictures. But it seems that besides celebrities that have a “need” to create such kind of pictures and movies, non-celebrities copy this behavior just to be cool. I would say: “Cool down first and think through the consequences of your actions”.

Author Righard Zwienenberg, ESET

  • gerard ablas

    how secure is it!?

  • Kovid Kapoor

    Correct me if I'm wrong, but you can easily change the pattern if it becomes visible on the screen.
    Anyhow, talking of sophisticated methods to unlock the phone:
    Casio has started making NFC enabled watches, and you can just gently tap the phone with your watch to unlock it.

Follow us

Copyright © 2017 ESET, All Rights Reserved.