Smartphone security: are consumers concerned?

Andrew Mangelsdorf

picture2
Apple’s new fingerprint system is designed to give the user a sense of security, but it leaves a lot to be desired. Photo: Andrew Mangelsdorf

It was a decent spring morning as we walked down the stairs to the café where Professor Richard Sinnott, specialist in Computing and Information Systems, bought coffee for us.

Being an Apple geek of sorts, I pulled out my iPhone and iPad – the trusty tools with which I would record and refer to notes for the interview.

We discussed iPhone security and the problems the FBI faced in hacking into IOS, the smartphone’s operating system.

Richard kept emphasising just how hollow the security features are on smartphone and similar technology.

Pulling out his iPhone, he proceeded to show me a neat little trick that allows you to bypass the security features and access the content on the phone.

Passing me the phone, he says, “So, maybe we can try it. So if you rub your thumb, try to get all the grease off it, and just gently press down.”

I proceeded to do so, but could not get into his phone.

He continued, “It’s about trust, and I guess at the end of the day I use these devices with a degree of [caution]…if in any sort of scenario my phone gets hacked or lost, what would happen, the worst thing that would happen is that someone would make a lot of phone calls, I have no real private stuff or dodgy things I’ve downloaded or anything like that.”

Public expectations for privacy and security once again came to the fore earlier this year, when Apple made headlines after it refused FBI requests to alter its operating system to allow easier access after having difficulties hacking into an iPhone.

After the San Bernardino shooting at a work Christmas party in December 2015, US authorities were having difficulties breaking into the smartphone of one of the perpetrators (Syed Farook and his wife Tashfeen Malik who massacred 14 of their work colleagues).

The FBI, who were experiencing difficulties accessing the iPhone, requested that Apple remove the safety feature that erases the memory from the phone after 10 incorrect attempts to enter the device, the Washington Post reported.

In February 2016, Apple CEO Tim Cook issued a statement in defiance of the request, arguing that there was a greater peril in opening up a so-called back door that bypasses security measures on the iPhone.

He said, “The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.”

Security, Tim Cook argued, was not something to be taken lightly.

“Compromising the security of our personal information can ultimately put our personal safety at risk,” he said in the Apple statement A Message to Our Customers.

“That is why encryption has become so important to all of us.”

“For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

The idea of smartphone security simply does not reflect the reality. Photo: Andrew Mangelsdorf
The idea of smartphone security simply does not reflect the reality. Photo: Andrew Mangelsdorf

Back at the café, I asked Richard whether iPhone security systems were really that secure, and whether they posed a national security risk.

Could Apple really have created a system so secure that even Apple could not access a third party’s personal data on their own operating system?

“I think it’s pretty much all rubbish to be honest. To think, the idea that Apple can’t access their own system is just tosh,” he said.

The real issue, Richard says, is who has control of your personal data.

“So, in Australia, the government have a lot of policies on where the data can be stored.

“So, your health data, your health data can’t simply end up in San Francisco but policing that, and monitoring that – I mean, folks like Amazon, say ‘ok, we’ll set up a data centre just in Australia, and we’ll promise not to do bad things with the data, and it’ll stay in Australia,’ but it’s a trust thing.”

 

Not only do many people appear to be unaware of the fragility of security features on smartphones, but they also appear relatively unconcerned about security as a general feature when purchasing a new phone.

When people come in to buy phones at Telstra’s Bentleigh store, Libby, a staffer there, says they are not necessarily interested in the security features of the phone.

Phone popularity trumps every other reason for getting a phone, she said.

“Generally people come in and they want to know about the camera quality, they want to know about the storage, they want to know about what the phone can actually do for them.”

Libby herself admitted that she would consider features such as the camera and storage capacity, when purchasing a new phone.

Experts like Richard suggest that the public in general are largely misinformed as to the general lack of security these devices actually have.

And retailers like Libby say customers do not seem to be concerned enough to put security at the top of their priority list.

Rather, brand names and special features such as camera quality and processor speeds take precedence.

Richard Sinnott argues that the real [security] problem is government surveillance, but other international security specialists take a different approach.

“Bizarrely many British citizens are quite content in this new climate of hyper-surveillance, since it is their own lifestyle choices that have helped to create it,” Reuters reported.

“Most of the devices that cause us to leave a continual digital trail of everything we think or do were not devised by the state, but are merely symptoms of modernity.”