Yahoo's Mayer gives phone passcodes a pass
Yahoo CEO Marissa Mayer confesses that she doesn't use a passcode to
protect her smartphone, which goes to show you how hard it is to get
people to take reasonable precautions. But it's also an improper risk
for a major corporate leader.
"I don't have a passcode on my phone," she told Michael Arrington of TechCrunch during their on-stage interview on Wednesday in San Francisco.
Maybe that's not news to you, but I was surprised.
She implied that she was too busy to type in the passcode multiple times in a day, and that the new iPhone would be a good solution for her. "Building in some of these smart sensors into the phone is really exciting," she said, referring to the new iPhone 5S's new Touch ID fingerprint sensor.
And by placing the sensor in the hands of millions in such a short time, it has the potential to tear down the wall for biometric sensors of all kinds in mobile devices in the near future as Apple's competitors follow suit.
But unless Mayer users her smartphone in an atypical manner -- meaning that she doesn't check e-mail on it, bank with it, or access the kind of sensitive personal information and accounts with it that most people do -- she's also copping to a major mistake.
Mobile security expert Jonathan Zdziarski said that it would take him only "five seconds" to "pair with it, load spyware, replace her banking apps with fake software to phish her passwords, sniff her packet data, redirect her APN (Access Point Name) to a proxy, and access all of her content wirelessly for as long as I like including her app data, contacts, SMS, photo reel, and location data, and without her knowledge."
"And all that without a jailbreak," he added.
Zdziarski wasn't the only expert who was shocked. Chris Wysopal, Veracode's chief technology officer and information security expert, said that Mayer's lack of use of even a four-digit pin number is a "very bad" policy.
"What if she loses it in a cab? All that Yahoo corporate e-mail and attachments would be exposed to anyone who finds it," Wysopal said. "A four-digit PIN is a reasonable compromise between security and convenience."
We don't have to look further than Mayer's own words as to why she refuses to use even a simple pin code to protect her phone or tablet comes from a place.
"I just can't do this passcode thing 15 times a day," Mayer told Arrington.
(Credit:
CNET)
Assuming that Mayer uses her phone to keep tabs on critical information
as many people do, to answer e-mail, take photos of our families, open
work documents, communicate with friends and colleagues, and check on
our bank accounts, Mayer's attitude toward security is sadly arrogant.
It's a massive risk for any company that employs a senior executive who refuses to implement basic security protocol. Senior executives, who handle sensitive corporate information at a level to which few others in a given company have access, ought to be subject to at least the same security protocol as their employees 15 steps down the corporate ladder.
"Perhaps she feels the personal slowdown is more costly than it would be if someone stole her phone and got whatever data was on it," said Jeremiah Grossman, chief technical officer at WhiteHat Security. "So, that's the risk tradeoff. Given her role, I'm not sure she is wrong either."
The uneven relationship between security and convenience, often heavily tilted toward security, is one of the most common consumer complaints about how to keep your data and devices secure. The Touch ID could be the beginning of another sea change in the security world, as biometric sensors become the kind of common identity authentication mechanisms that society has hoped and feared will some day replace passwords.
"It doesn't really matter which answer is right," Zdziarski said. "I wouldn't want her in charge of my company's big data decisions."
Eventually, and it looks like much sooner rather than later, Mayer might be right. But for right now, I'll side with Zdziarski: if you're not protecting your phone with even a simple passcode, you're taking an unnecessary risk.
Hi guys If u like this post please leave a comment in comment box... comment box will top right of every post and bottom of every post. its useful for me give a better information.. if u want to give any suggestion in bottom of blog there is contact information option please leave a msgs with u r mail id sure i will get u.
0 comments:
Post a Comment