A look at evolving Mobile Device Security
Fingerprints and Password Protection
Fingerprint authentication for mobile devices can be a secure protection, but it’s only as secure as the weakest link in the authentication system. For example, a mobile user downloads a banking app, logs in with a user name and password, and then creates a fingerprint authentication. Fingerprint information is kept locally on the drive. If the user gets a new device, the app is downloaded again and the fingerprint information is recreated.
Passwords are often simple and all too often captured or stolen. With a stolen password, a thief can create a fraudulent fingerprint authentication on a new device.
Banks and commercial enterprises need to continually refine authentication techniques to have “a smart way of knowing” when fraudulent person is attempting to use a mobile device.
Mickey Boodaei, Transmit Security, Feb 29, 2016
Fingerprinting Computers and Mobile Devices to Prevent Fraud
Device fingerprinting is a way of uniquely identifying a computer, tablet or mobile phone based on characteristics such as browser version, time zone, screen dimensions, plug-ins, etc. Once a device is fingerprinted, unfortunately, it must be blacklisted at least once before it can be blocked from future access.
This article identifies three areas where device fingerprinting can be improved to enhance fraud prevention:
- As users make changes to their devices, they change the fingerprint of their devices. Fuzzy Matching refers to deciding which changes are noteworthy (such as operating system) and which are okay to ignore (such as browser fonts). Fuzzy matching is used to determine if the device fingerprint is the essentially the same, or a different fingerprint is being used with a mobile app.
- Reverse Engineering to help defend against hacker programs created to spoof the signals of users (to mimic a victim’s computer, or to hide the thief’s digital tracks) and circumvent fraud detecting fingerprinting technology.
- Predictive Modeling will eliminate the problem of having to have a device blacklisted once before being able to block fraudulent access. Predictive modeling will identify when a device will be used to commit fraud even if it hasn’t been used fraudulently before. Fraudulently used devices often have patterns in their set of signals. A smart app, when opened, will identify a suspicious device and block usage before a fraudulent act is committed.
Rahul Pangam, Network World, Jul 22, 2016