SUMMARY
This is AI generated summarization, which may have errors. For context, always refer to the full article.
MANILA, Philippines – It’s cool to unlock smartphones just by looking at it, with the face serving as the password. With it, there’s no need to key in your password, or touch the fingerprint sensor, or draw a pattern to activate the phone.
It’s been getting much attention from smartphone makers. Apple’s iPhone X has its Face ID while Samsung has face unlocking in all its flagship smartphones (such as Galaxy S9, S9+ and Note 8, just to name a few.
However convenient and fancy the emerging tech is though, it may also be bad for you and your personal information. That’s what Jebb Lewis, a tech expert from Android security solutions provider Redmorph, told Rappler regarding face unlock tech. Lewis is the vice president for global business development at Redmorph.
“Face detection is an awful tool because most of the apps on the phone, or a lot of the apps on the phone, get access to the same camera and the access to the same technology to store your picture and use your biometric data as a tool,” said Lewis.
What this means, he added, is that basically “one of the things that you are not able to change is your biometrics and is there forever and they (apps developers) have it.”
Lewis conceded that the owner of the biometric data can request to have it back, but the question is, “will they give it back?”
That’s just the beginning.
“Remember,” he emphasized, that “every one of those apps that has access (to the biometrics) has first-, second-party partners, and those guys get access to it as well. And you can’t change your (face detection ID or thumprint), that’s your password for life. Using that, that’s it.”
It’s an extremely valuable piece of information that, in the wrong hands, may be used against you. That’s what Lewis is arguing in his stance on face unlock. It’s great that we live in an age where we can use our face as a password, but how sure are we that manufacturers will be able to keep them secure for life?
App mimicry
In the same interview, Lewis discussed as well the risks of bogus online apps that imitate a genuine app to steal one’s personal information, such as name, ID number, passport number, bank account, among others.
The Redmorph executive cites an example: an airline’s real online booking app, which cybercriminals can hijack. Lewis said the hackers will overlay (or superimpose) their fake app that looks very much like the airline’s booking website, then steal the passenger’s personal information, including credit card details.
Once the bad guys have the banking information, the looting starts, he said.
He explains how this works: “Let’s say you open an (airline) app to book a flight. When you book a flight, you need to add your full name, your passport number, your date of birth, banking details, or credit card.” They not only know your credit card details, the criminals also “know when you are flying.”
“So, if you are flying from here to the United Kingdom, you are on the flight for 10 hours. It means they have 10 hours to loot your bank account. While you are in the sky, you will never even know it is happening. When you land, you get a text that says you basically spent all your money,” Lewis said.
He warns that this modus is more prevalent on the Android ecosystem because it is used by most number of people, globally, as opposed to the iOS.
Lewis was interviewed at a presentation titled “The Dark Side of Digital: Capitalism in Crises” at the DTS 2018: Fintech and Blockchain Innovation Summit organized recently by Enderun Colleges, Global Chamber Manila (GCM), and their partners at SMX Convention Center in Taguig. – Rappler.com
Add a comment
How does this make you feel?
There are no comments yet. Add your comment to start the conversation.