Is the introduction of new technologies adding to security, or undermining it, asks Toby Flaxman, Senior Technical Security Consultant, IRM plc
The patent legal war shows no signs of slowing down as we enter 2014. While the tech giants exchange legal blows, costing or winning them billions in the process (not to mention lining the pockets of lawyers specialising in Intellectual Property (IP)), the question must be asked; what is the upshot of this battle over innovation? And more specifically, are these companies displaying an appropriate duty of care with regards to the security of their products while the market is so viciously competitive?
The following examples appear to suggest tech giants have a long way to go … Samsung's latest offering permits users to unlock their devices by pointing the front facing camera at their own face. A novel feature to say the least, but one that has already been compromised using pictures of said user. Apple retaliated to Samsung's innovative design by incorporating a fingerprint scanner into their latest iPhone, a security feature that was compromised after only two days of being released. The attack in question requires only a photograph of the users fingerprint and a sheet of latex.Â
The problem is the wildly outdated misconception we, as a society, have of our mobile devices. Having had a phone or tablet stolen, how many of us would still first consider the lost contacts, text messages, photos and monetary loss we would have to endure? In other words, we only see the face (emotional and monetary) value of our mobile devices. In reality, a motivated hacker could retrieve usernames and passwords for all our favourite e-shopping sites, personal emails, address and even banking information with little more than a picture of a face or that thumbprint you conveniently left on the side of your smartphone. These features represent the cutting edge of mobile computing and certainly seem to impress consumers, but the price of that innovation is an accelerating tech industry, within which good security practices continue to fall by the wayside.
Furthermore, in light of these security lapses, we also have to examine the behaviours of our adversaries. As a society, we are at the beginning of a seismic shift in focus towards profit-driven malicious hackers. Estimates of the number of Microsoft Windows computers in existence in 2013 were in the region of 1.25 billion with roughly 60,000 known viruses. Last year Android's user base grew to more than 900 million and is set to overtake Windows in 2014. Such a prevalent target has not gone unnoticed and vulnerabilities for these devices are only set to increase. Cybercrime is not just starting to get organised - crime syndicates are the predominant perpetrators of attacks, and the hackers keen to make an online name for themselves are very old news. It is a criminal activity and much like its iolent, counterfeiting, tax evading and trafficking organised crime counterparts demonstrate - if there's potential for monetary gain in an unsecure environment, crime will become serious and organised.
Ultimately, it is difficult to pinpoint who is responsible for the security of these devices. While you and I and the end consumer stands to suffer the most from poorly secured devices, the tech giants are arguably only supplying our demand. Consumers will, after all, vote with their feet, and while we continue to favour novel and unique features over secure ones, none of the tech companies are likely to make any drastic changes to their business ethos.
Still, in the not too distant future I don't think it would be inconceivable that we might have to stop playing that game of Angry Birds, cancel that text message and ask our friends to call back later while we run our daily Anti-Virus scan on our smartphone.
