Tag Archives: PIN

New Study: 10 Out of 10 Smartwatches Vulnerable

A new study on the Internet of Things with focus on smartwatches released by HP revealed that of 10 smartwatches that were tested, all contain significant vulnerabilities and are a “risk that goes beyond the device”.

So what exactly are we talking about? According to the study (PDF) “the results of the research were disappointing, but not surprising.” There are deficiencies when it comes to authentication and authorization, privacy concerns, and problems with the implementation of SSL/TSL.

Their key takeaways are as following:

  • “Data collected initially on the watch and passed through to an application is often sent to multiple backend destinations (often including third parties)
  • Watches that include cloud interfaces often employed weak password schemes, making them more susceptible to attack
  • Watch communications are trivially intercepted in 90% of cases
  • Seventy percent of watch firmware was transmitted without encryption
  • Fifty percent of tested devices offered the ability to implement a screen lock (PIN or Pattern), which could hinder access if lost or stolen
  • Smartwatches that included a mobile application with authentication allowed unrestricted account enumeration
  • The combination of account enumeration, weak passwords, and lack of account lockout means 30% of watches and their applications were vulnerable to Account Harvesting, allowing attackers to guess login credentials and gain access to user account”

So yes, it’s basically the same cycle as with most of the ‘newer’ tech gadgets. They get released, there is a big hype, but security becomes only important after lots and lots of reports on hacks, vulnerabilities, and the inevitable bad press. Think nothing of it guys, everything is just the way it always was …

The post New Study: 10 Out of 10 Smartwatches Vulnerable appeared first on Avira Blog.

Emojis: We Want To Be Your New PIN

Intelligent Environments solution to your run of the mill 4 digit PIN is not some pill you swallow or “secrets” you and your smartphone share. Their idea involves lots of little pictures so called emojis, that will replace your accounts’ PIN. The emojis are the evolved smilies that sometimes really remind you of the god old Windows cliparts. You normally use them when chatting on WhatsApp (or any other app really) with your friends and family.

Now you might ask yourself the same thing I did: Why would I ever replace my trusty old PIN? The answer to that question is pretty simple. A normal PIN which you would use in order to secure your account, most of the time only uses four digits from 0 to 9. This means that a traditional PIN has 7290 unique permutations of four non-repeating numbers. An emoji Passcode that relies on a base of 44 emojis would sport 3,498,308 million unique permutations of non-repeating cute little images.

According to Intelligent Environments there are other advantages as well apart from being mathematically more: “This new emoji security technology is also easier to remember as research shows humans remember pictures better than words.”  And memory expert Tony Buzan adds: “The Emoji Passcode plays to humans’ extraordinary ability to remember pictures, which is anchored in our evolutionary history. We remember more information when it’s in pictorial form, that’s why the Emoji Passcode is better than traditional PINs.”

Well – I’ve had no issues so far when it comes to my four digit pin but I would certainly not mind using emojis at all!
1f4bb1f5121f5101f602

The post Emojis: We Want To Be Your New PIN appeared first on Avira Blog.