Experts Warn: the ‘pin’ is not enough to protect the mobile

Phones at the moment are not only stolen to resell the device. With access to the terminal, it is possible to impersonate the identity Mobile phone theft has become a scourge that manufacturers try to deal with through remote blocking or geolocation systems. The terminals, to date, have an exclusive destination: the second-hand market, where they end up being sold on purchase-marketing portals.

However, a totally new intention has been detected after the theft of terminals: the entrance to the digital identity, and with it, a rather preeminent economic damage. The Wall Street Journal picks up on this growing trend in bars and cafes in the USA: the victim is watched, it is observed (and on several occasions, recorded) how to enter the password on the screen, and in an overdraft, the device is damaged.

6 digits: a fragile lock, the prelude to the nightmare

The operation for thieves is quite simple and profitable, and their triumph lies in a succession of chained vulnerabilities. The first of these, human tranquility: it is much easier to unlock the mobile by entering a few figures, than to do it with various letters and numbers that integrate numbers and symbols. The client’s conscience rests easy thinking that it is a biometric system that safeguards their information, in the situation that the device has it.

However, all mobile phones are unlocked with a code in case the biometrics fail. And this is where the difficult balance between tranquility and stability comes into play. A 4-digit pin makes it possible to quickly unlock the screen and, of course, it is quite easy to remember. More if we talk about the same sequence that is used in ATMs, entry code to the portal. People are mostly comfortable and constantly aspire to find the shortest path between two aspects. In the password situation, even knowing the existing dangers once complicated combinations are not applied, the brain continues to choose shortcuts, ignoring this exposure to danger.

Password

Among other things, a study conducted by scholars at China’s Zhejiang University suggested that the brain behaves capriciously when it remembers (or forgets) passwords. In fact, it stores more easily in memory those sequences that have not been set. a particular interest in remembering. That is to say, if one, to take an example, struggled to remember a completely new password and walking home took a look at a door number, it might be easier to remember the latter before the former.

“The use of a 4-digit numeric pin is not very secure against any attacker familiar with the use of brute force techniques, which are based on showing different combinations of letters and numbers until the correct one is found”

explains José Manuel Ávalos, co-general manager of BeDisruptive. This expert suggests “an alphanumeric password with letters and numbers and much longer.”

The password does not have to be comfortable, but long and complex

“Once you know the pin used to unlock the mobile, you not only have access to the content of the device, but also to some applications that use this blocking system as an entry verification procedure. Most bank applications, for example”, explains Christian Collado, Andro4all coordinator. Thus, the known pin is the last door with which the attackers enter all the information of the owner of the mobile, including bank accounts (if they are configured on the mobile).

It is still paradoxical that the same manufacturer that invests in biometric unlocking resolutions makes it possible for, in the end, all this stability to be disrupted by just 6 digits. “We trust the entire supply chain,” explains Adrián Moreno, a cybersecurity expert, “from the manufacturer to the company that sells it to us; We trust the designers, the company that writes the program, and the antivirus program.”