Mobile
Commentary
2/11/2011
00:04 AM
Ed Hansberry
Ed Hansberry
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Do Devices Do Enough To Protect Sensitive Information?

Security has always been a concern with mobile devices, be they laptops or smartphones or something in between. They are easy to leave behind or get stolen depending on where you are. With more and more commerce happening on smartphones, securing the data on your phone is even more critical. Are simple passwords good enough?

Security has always been a concern with mobile devices, be they laptops or smartphones or something in between. They are easy to leave behind or get stolen depending on where you are. With more and more commerce happening on smartphones, securing the data on your phone is even more critical. Are simple passwords good enough?All smartphones allow you to lock them with a pin or password, though they vary in what they actually accomplish. While they all lock the device itself and the data on internal memory, they don't always do much to protect data on a storage card. Depending on where an ecommerce app is on your device will either be fairly secure or totally insecure, password or not. A lot of apps that have sensitive information in them have little to no security, storing things like passwords in plain text according to viaForensics. Clearly a password in these instances are next to useless if someone has access to your phone.

Oh, you lock the phone with a password? Well, that should help, but it is no guarantee. The iPhone has just been hacked. A new device running iOS 4.2 can be unlocked in 6 minutes. Now all of those plain-text passwords being stored on the phone are a bit more worrisome.

Forget about the phone being locked though. If someone grabs a screen shot of your Starbucks iPhone app that is showing the barcode, they can use your card anytime they want, or at least until you figure it out and call Starbucks. As usual, they "take security seriously" and offer balance protection. They will immediately freeze your account when you call. You are on the hook for everything that happened before then though. Seems the balance they are protecting is theirs, not yours. This type of information makes me rethink the wisdom of having my card auto load when it gets down to a certain level.

It is clear that passwords alone don't cut it. Even if you have a strong password, something over ten to twelve characters with upper and lower case letters, numbers and symbols, it doesn't matter if the rest of the app or device is insecure. It is like putting a steel door with an expensive lock on a rotting barn. You may not get through the door, but you won't have to expend too much effort to get in the barn.

I recommend you lock your phone though. Regardless of the device's security, a password keeps an honest person honest and could very well keep someone not skilled at working with technology out. That doesn't give me great comfort though. Device makers and ecommerce app developers need to take security seriously, and I don't mean by saying "we take security seriously" when a consumer blog calls them on the carpet. I mean seriously like they really care about your data.

Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.