Sunday, 26 April 2015

Safely skipped

A few years ago, I bought the cheapest Samsung smartphone available because I wanted to find out whether a smartphone would be useful for me. Two weeks later, I upgraded to a Galaxy S3.

The BBC News story "Samsung S5 fingerprint flaw exposed" (2015) says that, although smartphones with fingerprint scanners have always been vulnerable to fake fingerprints, security researchers have now found a way to directly steal or add fingerprint information to smartphones running Android version 5.0 or older and that on Samsung Galaxy S5 this could done more easily than on other smartphones.

I was happy when I read this that I had decided not to upgrade my smartphone last year, but had continued with the Galaxy S4 I'd bought a year earlier. The flaw in Android was also there for my S4, but as the article says, it required "deep access to a phone" ("Samsung S5", 2015). I'm not actually sure what "deep access" means, but it sounds like the information on my S4 was safe from your average hacker.

Security does worry me. My smartphone has very privileged access to a lot of personal areas of my life: my email, my Facebook account, my bank accounts, all of my MS Word files, Google Docs, and so on. This is not the sort of stuff that I want unknown strangers looking at. In fact, I would not be comfortable letting my friends access everything. Would you let your friends look around in your bank account transactions? Your personal notes? As a result, I always encrypt my phone and require a sign in password, or at least, I used to.

The Galaxy S6 I bought last week has a great fingerprint scanner to unlock the encrypted device. Instead of entering a passphrase, I can just put my finger over the reader. It seems to work perfectly. And I love the convenience. It takes a fraction of a second to unlock with my fingerprint, but seconds using a passphrase, and it's very easy to make a mistake entering a passphrase. Of course, my S6 fingerprint reader could still be cracked using fake fingerprint, but I don't think your average hacker is able to do that, so I feel quite comfortable relying on the scanner. And when the phone has been shut down, the passphrase must be entered to turn it on and decrypt the content.

And that first smartphone I bought? It went to friend, who was very happy with it. And when I got an S4, his six year old son was very happy with the basic smartphone. Now eight, Ea was even happier last week when he inherited his father's Galaxy S3.

__________
Reference
Samsung S5 fingerprint flaw exposed. (2015, April 23). BBC News Technology. Retrieved from http://www.bbc.com/news/technology-32429477

No comments:

Post a Comment

Before you click the blue "Publish" button for your first comment on a post, check ✔ the "Notify me" box. You want to know when your classmates contribute to a discussion you have joined.

A thoughtful response should normally mean writing for five to ten minutes. After you state your main idea, some details, explanation, examples or other follow up will help your readers.

Note: only a member of this blog may post a comment.