60% of Italians are now smartphone owners. The number of smartphone users worldwide will surpass 2 billion in 2016. To protect personal and other sensitive information from unauthorized access, some smartphone users lock their phones. Yet, others don’t, risking the data and online services accessible through their devices. The risks emanate from both device thieves and those who belong to the users’ social circles, so called social insiders. In 2014, 2.1 million Americans (under 2%) had phones stolen.
While the threat of social insiders for smartphone users has been under-appreciated by the research community, there is growing volume of evidence that it cannot be ignored any more. A recent privacy-preserving survey suggests that 20% of US adults snooped on at least one other person’s phone, just during last year.
In this talk, I will present our research on unauthorized physical access to smartphones. In particular, I will discuss users’ concerns when it comes to unauthorized access to their devices, their use of locking mechanisms and devices themselves, and examine the differences that recent advances in smartphone locking make.
Konstantin (Kosta) Beznosov is an Associate Professor at the Department of Electrical and Computer Engineering, University of British Columbia, where he directs the Laboratory for Education and Research in Secure Systems Engineering. His research interests are usable security, mobile security and privacy, security and privacy in online social networks, and web security. Prior UBC, he was a Security Architect at Hitachi Computer Products (America) and Concept Five. Besides many academic papers, he is also a co-author of “Enterprise Security with EJB and CORBA” and “Mastering Web Services Security” books, as well as XACML and several CORBA security specifications. He has served on program committees and/or helped to organize SOUPS, ACM CCS, IEEE Symposium on Security & Privacy, NSPW, NDSS, ACSAC, SACMAT. Prof. Beznosov has served as an associate editor of ACM Transactions on Information and System Security (TISSEC) and Elsevier’s Computers & Security.