How Secure are Smart Phones? New WiFi Tech Warning.

Image of the back of a Samsung Galaxy S7 Activ. Caption reads, How secure are smart phones? Not very, according to researchers at MIT, University of South Florida, and Shanghai Jaio Tong University. Thanks to MIMO WiFi routers, a serious vunerability has been identified. Image by C J Oakes, CriminalJusticeLaw.org


How secure are smart phones? Internet and wireless security is a massive business, one which did not exist a mere 25 years ago. Financial institutions spend millions on security as do service providers and online retailers. As soon as new security measures are in place, new technology steps in to completely alter the cyber-security landscape. The latest involves biometric scanning.



Technology, Crime, and Convenience; the Perfect Storm

As technology continues to advance, the methods deployed by criminals advances. The Internet changed life just one generation ago. With the Internet came far more sophisticated ways to exploit and con others.

A three-rotor Enigma with plugboard (Steckerbrett)
A three-rotor Enigma with plugboard (Steckerbrett) (Photo credit: Wikipedia)

Then came smart phones. With the touch of the screen, we can record our morning jog, the water we consumed, play a game, order nearly any product we want, and even deposit checks into our bank. Yet, all this convenience comes with a price.

The average major corporation today spends around $15 Million each year fighting cyber-crime. Estimates for total Internet security spending in 2015 reached $75 Billion USD and is expected to more than double by 2020. Those costs are passed on to consumers, meaning that without the need for such measures, prices for most high-tech gadgets could be much lower. But that is not the world in which we live.

The Latest Biometric Scanning Capabilities and Internet Security

Researchers from three major universities have found that anyone tapping into Multiple-Input, Multiple-Output WiFi connections are particularly vunerable to cyber-attacks.




MIMO connections are nothing new. In fact, the ability to create such multiple connections dates to several research papers written in the 1970s. However, a need for practical application did not arise until the advent of smart phones. Since the development of the 3G networks, MIMO WiFi connections have exploded around the world.

So the research coming from MIT, Shanghai Jaio Tong University, and the University of South Florida is disturbing. Why?

These teams of researchers found and demonstrated that with the MIMO WiFi systems, discovering passwords is quite simple. In essence, every smart phone records everything we do, including the finger swipes, keystrokes, passwords, and pins. By connecting the dots, that is, combining the keystroke data with the layout of the phone keypad or whatever security measure is in place, criminals can extrapolate the answer to their question: What is Your Password?

This research is both disturbing and encouraging. Not only did the research teams identify a serious vunerability in smart phone/MIMO WiFi technology, but they also recommended a simple to apply security measure: Randomize the sign-in screen/key pad displays. In other worlds, manufacturers will simply need to create a keypad/login screen which changes with every entry.

image of login screen showing traditional numbers 1-0 and #,* to left, then random locations for all digits in middle, and ? on the right with words, "from this to this to ?" Caption reads, Given the vunerability in smart phones, the smart thing to do would be to randomize the keypads and any other set-positioned security system. For instance, some phones have the standard keypad for logins as shown here. The image to the right shows how such a keypad might appear random, thus confusing efforts by criminals to decode finger strokes. Every time a login is completed, a new, unknown configuration would appear for the next login. Image by C J Oakes for CriminalJusticeLaw.org (Creative commons; may be shared with attribution.)
Given the vunerability in smart phones, the smart thing to do would be to randomize the keypads and any other set-positioned security system. For instance, some phones have the standard keypad for logins as shown here. The image to the right shows how such a keypad might appear random, thus confusing efforts by criminals to decode finger strokes. Every time a login is completed, a new, unknown configuration would appear for the next login. Image by C J Oakes for CriminalJusticeLaw.org (Creative commons; may be shared with attribution.)

Hence, although criminal elements will still have the ability to determine positions of the fingers via radio-signaled biometric measures, they will not know the placement of the displays.

In essence, this is something like what the Enigma Machine did for Nazi Germany. Their radios broadcasted messages which were easily intercepted. Even after England managed to get an Enigma Machine, they still could not interpret the messages because they lacked the code. It was only after Alan Turing developed a machine which could process data quickly enough to crack the code that the English found the way through the Enigma enigma.

The Enigma of Technology, Smart Phones, and Modern Banking

Of course, as soon as technology finds a way to protect data such as our passwords from unsavory types, another method to crack the code will arise. Just as Alan Turning developed a machine (computer) to fight a machine (Enigma), so too will criminals find ways around any technology developed to stop them.

That is the down side.

The upside is that Internet Security is set to be a very secure industry…and growing.



CJOakes
at