IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
February 26, 2016
Sign up to free email newsletters
Nothing found. Please check your show/episode id.
Download
State of Physical Access Trend Report 2024
Beating Biometrics with Play-Doh (No, Really) and Other Security Lessons from the Mobile world Congress
Inaugurated in 1987 the Mobile World Congress (MWC) has seen a lot of change in the mobile phone during its existence.
The event, which attracted 70,000 attendees and some of the world’s biggest phone manufacturers to Barcelona over three days this week, saw mobile phones first shrink and then grow again as the smartphone emerged and then mobile phone ownership soar to the point of ubiquity.
The next wave of innovation is mostly not about the phone at all, which now serves as a control panel for but a proliferating array of IP-connected devices – which brings us to the first of our security lessons from MWC 2016.
Much more fun than seeing the latest uninspiring incremental changes to the iPhone or HTC One is seeing the Kamibot robot, where children can customise their own paper-made robots via an open-source programming interface. Or the Epson Moverio BT-300 augmented reality smart glasses.
Just as at CES 2016 last month the crowds at Barcelona were treated to demonstrations of gadgets that ranged from the ingenious (like the eye-tracking app which allows you to type on a computer. to the downright daft (smart face mask anyone?).
Of course, this creates a whole new set of cyber vulnerabilities, an issue explored by keynote speaker James Lyne, Sophos global head of security research, at the event.
Surveillance cameras no longer have to look like cameras
Watching the video below it’s easy to see how he reached this conclusion. Time will tell whether rolling (not in the traditional sense of the word) cameras have any real utility for homeowners.
Elsewhere, Panasonic’s Nubo was rather more conventional looking, but it did lay claim to being the world’s first 4G surveillance camera. Unveiled for the first time in Barcelona Nubo detects and alerts homeowners to intruders and can be fitted inside or out the house.
Videos, audio and images are automatically transferred to a cloud-based storage system, which is protected by bank-level SSL security and encrypted passwords.
“In the past, consumers had to choose between a fixed Wi-Fi home monitoring product, a fixed professional surveillance or a mobile video recording product,” a Panasonic spokesman told MailOnline. “To solve this problem, Panasonic Cameramanager is launching Nubo, a new standalone camera that allows users to have all the benefits of a mobile security camera, with the advantage of 4G connectivity.”
Complacency abounds around cyber security – even in the tech industry
Avast scored a PR coup at the MWC when they exposed the naivety and/or complacency of some 2,000 attendees and exhibitors.
That’s how many connected to the rogue wireless access points set up by the makers of the world’s most widely-used antivirus solution.
Using broadcasting SSIDs like Starbucks, Airport_Free_Wifi_AENA, and MWC Free WiFi Avast also logged more than eight million data packets and were able to identify information like the OS the connected device was running and which sites were being visited.
Gagan Singh, Avast’s president of mobile, pointed out that anyone who happened to already have a stored connection to, say, a particular Starbucks SSID would have automatically signed on if the previous connection was also an open one.
Apple-FBI standoff casts shadow
They may not have been exhibiting but Apple were still on people’s minds – but not on their lips, according to CNet, which reported that senior executives at other smartphone giants were largely cagey about commenting on the legal wrangle between Apple and the FBI.
On 16 February the security agency served Apple with a federal court order to create a new version of its iOS mobile software that would unlock an iPhone 5C used by a terrorist in December’s San Bernardino massacre.
Apple says that complying with the order would create a security ‘back door’ and set a “dangerous precedent”. The libertarian-minded among us (probably including most of the tech community) will find government assurances that this is a one-time request insincere.
Mobile manufacturers and security companies will await developments keenly as the outcome will have effects on the whole industry, not just Apple. If the most valuable company in the world no less, cannot resist the government, it’s difficult to imagine many smaller ones feeling similarly emboldened.
And with everything from your shoes to pregnancy test kits becoming smart, such a development could have a chilling effect on an internet of things industry which is still in the foothills when it comes to widespread adoption.
Facebook founder and CEO Mark Zuckerberg, who spoke at the MWC as a keynote, backed Apple’s stance.
It’s reasonable to assume – as this author did – that verifying identity through the intricate, unique pattern of lines that comprise your fingerprint would be much harder to cheat than cards, fobs or pin codes.
Not necessarily, as President of Chinese mobile security firm Vkansee, Jason Chaikin, demonstrated.
So what was the ingenious technology that beat biometrics?
Play Doh. Yes, the children’s modelling clay invented in 1955 and made out of flour, water, salt, boric acid, and mineral oil.
Chaikin, was promoting Vkansee’s patented fingerprint sensor, created a mould of his fingerprint into which he pressed Play-Doh. Thus sculpted the Play-Doh then, to the astonishment of the crowd, then worked on the iPhone’s fingerprint scanner and the device unlocked.
One would assume that expensive biometric systems at nuclear plants or pharmaceutical labs would be rather harder to cheat. Let’s hope so.
Subscribe to the IFSEC Insider weekly newsletters
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Beating Biometrics with Play-Doh (No, Really) and Other Security Lessons from the Mobile world CongressThe next wave of innovation is mostly not about the phone at all, which now serves as a control panel for but a proliferating array of IP-connected devices.
Adam Bannister
IFSEC Insider | Security and Fire News and Resources
Related Topics
Photo posts from the 2023 Security & Fire Excellence Awards
Winners revealed for 2023 Security & Fire Excellence Awards
The 2023 Security Institute Conference emphasises the widening remit of security leaders
Subscribe
1 Comment
Oldest
NewestMost Voted
Inline Feedbacks
View all comments
OmbongiMoraa
March 2, 2016 5:49 am
OK, fingerprint spoofing can no longer be taken lightly, considering how Apple and Android are increasingly linking the mobile phone to online payments. BUT, We already have algorithms supposedly supporting Live Finger Detection – Suprema and Futronic – I hope Play Doh has no gains in the FARs of the LFD algorithms.
OK, fingerprint spoofing can no longer be taken lightly, considering how Apple and Android are increasingly linking the mobile phone to online payments. BUT, We already have algorithms supposedly supporting Live Finger Detection – Suprema and Futronic – I hope Play Doh has no gains in the FARs of the LFD algorithms.