Who’s Looking Over Your Shoulder?
In today’s world, we all have a PIN – Personal Identification Number – a unique security code to verify our identity. Each person has their clever strategy of what set of numbers or patterns we use to make it easier to remember. How secure is your PIN password strategy?
Recently, video caught a congressman entering the PIN on his mobile device. The PIN password happened to be all 7s, which exploded onto many social media feeds. The congressman likened himself to Kanye West and West’s visit last year to the White House where the press watched West disclose his PIN password for all to see. Both have since changed their passwords. The average person is not in the public eye but is likely to be just as lacking in password security measures when they use their smartphone in public places.
The ability to capture someone’s PIN is easily accomplished and happens more frequently than one might think. Shoulder surfing attacks occur for a variety of reasons, and today’s larger smartphone screens lend to less security, especially in public places. The 2017 research paper, Towards Baselines for Shoulder Surfing on Mobile Authentication, researched unlocking procedures and authentication choices for mobile devices to reduce shoulder surfing.
Have you heard of an Android feature called “PIN Scramble” created as part of the LineageOS from Cyanogen MoD? Probably not. The feature is brilliant, but not a standard Android capability, nor is it part of Apple’s iOS.
PIN Scramble changes the PIN pattern every time you bring up the lock screen – making the ability to capture someone’s print pattern impossible to interpret. It’s an incredibly simple feature, but one that escapes the mobile device vendor’s support found in-stock versions of OS. Because Android Open Source Project is an open-source code, custom versions can include this feature in their ROM.
These and other mobile security features are the unique differentiation and value-add security features we at CIS bring to our customers.
Think about it the next time you enter the PIN on your phone while in public and ask yourself – who’s looking over your shoulder?