Someone just pointed me to a couple cute new security-related toys for mobile phones.
One converts text to speech, using the camera, and the other provides an image-based second-factor authentication mechanism.
Iansyst CEO Tim Sutton told silicon.com: “It takes a standard HTC TyTN smart phone and turns the inbuilt camera into a scanner but a scanner which can be taken anywhere and used anytime”.”
Exciting stuff. Seems extreme, but if someone is blocked from downloading data, they might be able to do a screen record and send the data to a remote audio output. In fact, imagine if someone could redirect the audio of this gadget. Could a “transcribing” attack vector become more relevant? Also wonder what would happen if you just left the scanner on as you walked around town — could the resolution handle billboards, or even street signs? Transcription via highly-mobile scanners presents a new frontier.
The other gadget is less of a tangent:
Users create a pattern by choosing four squares on a grid (pictured) and it is this pattern which is then used to authenticate purchases or passwords, instead of a fixed PIN or password.
The grid is filled with random numbers every time a password or PIN is required. Therefore, a unique number is entered and not the same four-digit code.
The amusing thing to me about this is that the grid is made up of numbers instead of images. Why? Are people expected to be more comfortable with numbers? Maybe it’s just easier to implement and less offensive. Seems backwards and upside down to me. Might be a good idea to reconsider the possibilities of allowing people to enter “something they know” on “something they have”, when that thing they have is a high resolution color screen.
Don’t get me wrong. I think it’s clever that the phone assigns random numbers to a keypad that has nothing to do with numbers (just color and position are meant to be remembered), but why use numbers?