Mobile Phone


In a very interesting article on the Slate website Kevin Bankston highlights that despite claims by some law enforcement officials that encryption is a tool that will allow criminals to evade justice, the use of strong encryption actually helps to reduce crime. Bankston points out that although it is true that criminals will make use of encryption technology to shield their activities, the use of the technology will overall prevent millions of crimes.  For example smartphone theft is at epidemic proportions, with millions being stolen annually which often involves robberies which are by definition violent crimes.  However, strong encryption will block the criminals from using the commonly available tools to unlock a smartphone, rendering it useless to them. The article also highlights that criminals are increasingly not just interested in the phone, but also the personal and other data contained on it which can for example, allow them to commit […]

Smartphone encryption will help cops more than it hurts them


Darren Pauli reports on The Register website that security researchers have discovered that the HTC One Max phone stored user fingerprints as clear text in a “world readable” folder that could be accessed by  other Apps.  The Samsung Galaxy S5 was also found to have similar vulnerabilities. The revelation was made by researchers presenting at the Black Hat security conference in Las Vegas earlier this month.  It was one of four situations in which biometric data on an Android phone could be accessed by hackers.  In one scenario they showed how attackers could have money transfers authenticated by getting a user scan their fingerprints on a fake login screen to unlock the device. A link to the original research paper can be found here.

HTC Phone Stored Fingerprints as Clear Text


Mark Stockley reports on the Sophos Naked Security website that the HTML5 battery status API (Application Program Interface) on mobile phones can be used to track the phone user. The technique in a recently released paper, relies on the fact that browsers such as Chrome, Firefox and Opera will provide information about battery status to any website that asks for it, without asking the phone users permission.  The information given up is a series of values covering discharging and charging.  However, it is very unlikely that two or more users will have the same value in a short time frame thus effectively making it a unique identifier for the device. These battery values are usually very short-lived; however, they could last long enough to allow a tracking website to respawn deleted cookies and defeat incognito modes.  Currently the only browser that offers protection against battery tracking is the Tor browser […]

How your Battery Life could be used as an Undeletable ...