RE: Endpoint Security and Smartphones

["Naslund, Steve" <SNaslund () medline com>]

Kind of seems to me that if I am deep enough in your mobile device to get your accelerometer data, I probably can get 
access to your stored data in the device.  The only reason I think I would want your passcode would be to physically 
steal your device and then try to use it.

This is one of those attacks that is probably possible but not practical.  Interesting blog however.

Steven Naslund



-----Original Message-----
From: Jay Ashworth [mailto:jra () baylink com] 
Sent: Tuesday, February 19, 2013 9:20 AM
To: NANOG
Subject: Endpoint Security and Smartphones

Some time back, the FBI was heard to say in public that draw-your-passpattern security, as seen on Android smartphones 
and tablets, was too much for them, at least as long as you kept your screen clean of skin oil. :-)

Whether or not that's true, there are apparently ways to attack even that, using just the sensors on the platform.  
Specifically, the accelerometers (which are actually usually just angle sensors):

  http://www.schneier.com/blog/archives/2013/02/guessing_smart.html

If you're responsible for security, BTW (and if you're on NANOG, you probably are), Bruce Schneier should be on your 
daily bookmark list...
even if you think he's full of crap.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274