It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Fingerprint readers and iris scanners are just a few of the biometric security mechanisms that manufacturers have been putting in smartphones, tablets, and laptops lately. But while slick and futuristic, these new and unique methods for securing mobile devices inevitably have new and unique vulnerabilities.
Take face authentication, for example. To ensure a stranger can't access someone's phone just by holding a picture of the owner's face in front of its camera, devices that offer face-unlock features have recently implemented ways of detecting motion and “liveness” in a face—essentially, looking for facial movement patterns like blinking in order to tell a “live” face from a flat picture or video.
The researchers show it's possible to defeat modern face authentication systems by creating a virtual model derived from high-resolution photos of the device's owner.
Essentially, they were able to convince the device it was looking at a live face by attaching it to a VR headset and loading the 3D head model, whose movements are realistically motion-tracked by the device's accelerometers and gyroscopes.
The researchers could then further manipulate the 3D head model within the headset to make realistic facial movements like smiling or raising an eyebrow, which face authentication systems often prompt a user to do.
“We argue that such VR-based spoofing attacks constitute a fundamentally new class of attacks that point to a serious weaknesses in camera-based authentication systems: Unless they incorporate other sources of verifiable data, systems relying on color image data and camera motion are prone to attacks via virtual realism,” the researchers write, suggesting that a robust face authentication system would need to incorporate some kind of non-public imagery of the user, like a skin heat map.
originally posted by: chr0naut
a reply to: eisegesis
My phone, SIM and SD card are fully encrypted with an eight character password. Just to boot the OS requires a complex non-dictionary password.
...
My 'phone is not 'rooted' and I have used only free security options.
...
originally posted by: verschickter
originally posted by: chr0naut
a reply to: eisegesis
My phone, SIM and SD card are fully encrypted with an eight character password. Just to boot the OS requires a complex non-dictionary password.
...
My 'phone is not 'rooted' and I have used only free security options.
...
You´re living in a false sense of security.
Nothing is encrypted except maybe for parts your SD card, if there is a way now without rooting it.
The 'phone' and 'sim' can never be encrypted like you imagine it. Maybe the entrys to the sim, yes you can garble them up and decypher them everytime the app pulls data from the sim. But there is not enough chars to each field to get propper and secure encryption. Instead it´s much better to save the contacts in a encrypted file on the phone (not the SD).
If your phone is not rooted and you use android (I guess)...
The 8 digit code you use is just a simple passphrase.
Your fingerprint sensor can be tricked very simple. Swipe pattern will be visible on your screen with the right liquid, if you use it so often and don´t clean the screen after swiping. The best way is still a passphrase or several ones.
Encryption != passphrase
And if you use free apps, I would not trust one of those either, unless it´s open source and I can have a look at it. And even then, it does not gurantee it´s safe.
If someone did attempt to bypass the security, they would have to expend a lot of time and compute resources and what they would ultimately find would hardly be worth it. I am fairly confident that my 'phone is safe against all but the most sophisticated hacking.