Do Devices Do Enough To Protect Sensitive Information? - InformationWeek
IoT
IoT
Mobile
Commentary
2/11/2011
12:04 AM
Ed Hansberry
Ed Hansberry
Commentary
50%
50%

Do Devices Do Enough To Protect Sensitive Information?

Security has always been a concern with mobile devices, be they laptops or smartphones or something in between. They are easy to leave behind or get stolen depending on where you are. With more and more commerce happening on smartphones, securing the data on your phone is even more critical. Are simple passwords good enough?

Security has always been a concern with mobile devices, be they laptops or smartphones or something in between. They are easy to leave behind or get stolen depending on where you are. With more and more commerce happening on smartphones, securing the data on your phone is even more critical. Are simple passwords good enough?All smartphones allow you to lock them with a pin or password, though they vary in what they actually accomplish. While they all lock the device itself and the data on internal memory, they don't always do much to protect data on a storage card. Depending on where an ecommerce app is on your device will either be fairly secure or totally insecure, password or not. A lot of apps that have sensitive information in them have little to no security, storing things like passwords in plain text according to viaForensics. Clearly a password in these instances are next to useless if someone has access to your phone.

Oh, you lock the phone with a password? Well, that should help, but it is no guarantee. The iPhone has just been hacked. A new device running iOS 4.2 can be unlocked in 6 minutes. Now all of those plain-text passwords being stored on the phone are a bit more worrisome.

Forget about the phone being locked though. If someone grabs a screen shot of your Starbucks iPhone app that is showing the barcode, they can use your card anytime they want, or at least until you figure it out and call Starbucks. As usual, they "take security seriously" and offer balance protection. They will immediately freeze your account when you call. You are on the hook for everything that happened before then though. Seems the balance they are protecting is theirs, not yours. This type of information makes me rethink the wisdom of having my card auto load when it gets down to a certain level.

It is clear that passwords alone don't cut it. Even if you have a strong password, something over ten to twelve characters with upper and lower case letters, numbers and symbols, it doesn't matter if the rest of the app or device is insecure. It is like putting a steel door with an expensive lock on a rotting barn. You may not get through the door, but you won't have to expend too much effort to get in the barn.

I recommend you lock your phone though. Regardless of the device's security, a password keeps an honest person honest and could very well keep someone not skilled at working with technology out. That doesn't give me great comfort though. Device makers and ecommerce app developers need to take security seriously, and I don't mean by saying "we take security seriously" when a consumer blog calls them on the carpet. I mean seriously like they really care about your data.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll