Police hope to work with leading mobile phone manufacturers such as Samsung to build in the requirement for a password or PIN number as a default into new handsets, with the British police unit responsible for phone theft wanting to “target-harden” phones.

Currently, up to 60% of phones have no form of password protection, said the National Mobile Phone Crime Unit.This not only makes it easier to resell the gadgets, but hands over personal data – including, potentially GPS data showing the locations of homes, as well as passwords and banking details, according to The Register’s report.

DCI Bob Mahoney of the NMPCU said, “We are trying to get [PIN number systems and other codes] to be set as a default on new phones, so that when you purchase it you will physically have to switch the password off, rather than switch it on.”

The NMPCU said in a statement to Motherboard that PIN-protected phones were less valuable to thieves.

PIN number: Less valuable to thieves

“We have been talking to the industry and government. This is one of the main ideas among a range of measures we are trying to push to protect personal data. All of the industry has been engaged at all levels – and government too.”

“We have intelligence that shows a phone with personal information is worth more than other mobiles, because the thief can sell it on to anyone who can make use of that info,” the DCI said.

“On an unlocked phone, you can find a person’s home address, home telephone number, their partner’s details, diary, Facebook and Twitter account. This allows thieves to know when a target is not going to be at home or perhaps use their details to set up banking loans. They could destroy a person’s life.”

‘This can destroy lives’

We Live Security has written a guide to securing mobile devices (including tips such as ensuring screen time-outs are lowered before a PIN number is required so a thief is less likely to get access to an ‘unguarded’ handset).

PR efforts from major phone companies tend to focus on novel protection methods such as biometrics, but Get Safe Online, a government organization focused on cyber safety, said that passwords, when rolled out widely were an effective measure. “Fingerprint recognition offers a degree of safety, but there is still no substitute for a well-devised and protected password or PIN.”

Techradar said that Samsung had been in discussion with government. Mahoney said the discussions had been underway for two years and the “idea was gaining traction.”

Mahoney said, “If you have to get into the phone to switch something on, our research indicates people are less likely to do it. The industry are very supportive.”

The post PIN number: Police want codes on ALL devices appeared first on We Live Security.

Everyone hates passwords – even the guy who invented them – but some bank app users in the Nordic region are experiencing a taste of a future where they might not be necessary.

Password theft – on a massive scale – has become a near-weekly happening, and biometrics have their own disadvantages – such as inaccurate scanners which won’t work when wet, as well as hacks with latex fingerprints and other such gizmos.

But customers at Danske bank have been trialling a new “behavioral” form of identification, according to Forbes magazine. Rather than simply ID a customer using a PIN, the app tracks the pressure and speed they use to type it in.

Banking security: Touch too much?

The theory is that even if a PIN is weak, or stolen, the thief cannot mimic the distinctive pattern of pressure the user types theirs in with.

“Eventually mobile security may no longer hinge on whether a password is long enough, but on how well the device knows the user,” ComputerWorld comments.

“We’re monitoring the small stuff,” says Neil Costigan, founder of Behaviosec,. “The flight between the keys, which corners of the keys you tend to hit, where you pause. Do you circle in on a button or do you go straight to it and hit it?”

‘How well the device knows you’

As a security solution, it’s low-cost (it uses sensors already present in the phone) and demands nothing of the customer. The trial has been such a success that multiple banks in Sweden, Norway and Denmark will use similar apps shortly. The app scored 99.7% session acccuracy.

“Multilayered security can be achieved by combining the three pillars: something you have (i.e., the phone as a token), something you know (like your PIN), and something you are which is your physical or behavioral metrics,” says Behaviosec.

At present, Behaviosec’s technology can pick up a ‘false’ user within 20 to 60 seconds. The company said it could also have wider applications such as preventing children accessing inappropriate content on tablets.

The start-up is now investigating further behavioral tracking – such as monitoring the way in which a user picks up a smart device, using the gyroscope.

Our own daily routines could even be used as “passwords” some researchers believe. Google’s “predictive” Google Now system already offers Android users reminders to go to work (by monitoring their movments by GPS), and to go home. Could such data be used as a “password”?

“Most people are creatures of habit – a person goes to work in the morning, perhaps with a stop at the coffee shop, but almost always using the sameroute. Once at work, she might remain in the general vicinity of her office building until lunch time. In the afternoon, perhaps she calls home and picks up her child from school,” says Markus Jakobsson of the Palo Alto Research Centre.

Jakobsson analyzed several techniques for identifying users via smartphone use, and found GPS to be the most reliable.

Jakobsson claims that by combining techniques, it’s possible to lock out up to 95% of adversaries, even, “an informed stranger, who is aware of the existence of implicit authentication and tries to game it.”

The post Banking security – new apps ‘know’ your touch appeared first on We Live Security.