Neohapsis sends us its predictions for iOS based security in 2014
A security and risk management consulting company specialisng in mobile and cloud security services, Neohapsis , is predicting that next year , we’ll see a decrease in iPhone and iPad loss and theft. That’s because Apple will unlock TouchID for third-party app access. Plus iris recognition will make its way into the mass market as authentication on mobile devices. Below are the company’s four chief, Apple-orientated predicts for mobile security in the coming 12 months.
Find my iPhone? I never lost it …
In 2014 we will start to see a decrease in loss and theft of iPhones and iPads as Apple’s iOS 7 re-activation restrictions (where the previous owner has to authorise a device or it can’t be used) begin to affect the ability of thieves to convert stolen phones to cash.
This will make converting iOS7 devices to cash far more difficult, and will also have other interesting effects on both the market for secondhand devices and targets of attackers.
The cost of used iPhones will rise, due to a decrease in the number of stolen phones available, and more concerted efforts will be made to bypass the Apple activation process.
Among these attacks, we will see an increase in attacks on iTunes accounts.
That’s your finger? Seems legit!
Apple may unlock its TouchID system for access by third party apps. While it is unlikely that the raw data will be available due to privacy concerns (since you can’t change a fingerprint if it’s leaked), there are still benefits in allowing the use of a simple yes/no to verify users.
This will lead to both more secure user authentication in iOS apps (where TouchID can augment a password), and less secure but more convenient and better-than-nothing authentication in other apps (where TouchID is used instead of a password.
However, because TouchID falls back to the device passcode it is at best only as good as the use of a second password.
We have already seen face recognition used in mobile devices, including Android to limited success, but in 2014 we will see the rise of iris recognition for similar uses.
Iris recognition requires a much higher picture quality than face recognition, but it is also a far better feature to examine for security decisions.
Recent mobile phone cameras can have a huge resolution and incredible image quality – and in 2014 we will see this being used to verify people, likely via iris recognition.
However, irrespective of how good or useful it is, only time will tell if mobile implementations of iris recognition succeed in the market.
If it’s perceived as invasive, or simply too weird to use, then it will fade away.
Mobile malware will target money more directly
Although mobile currently accounts for less than 3 per cent of electronic payments as it continues to be mired in implementation and regulatory issues, the increased penetration of smartphones (especially among the young and those underserved by traditional banking and credit instruments) virtually guarantee mobile payments will increase rapidly over the next few years.
Whilst traditional malware targets direct monetisation, the rise of mobile payments will bring it into the malware crosshairs as well.
And with mobile devices as the likely choice for two-factor authentication tokens, mobile malware will also target the two-factor applications that secure financial accounts.