Security for all

Diary Of An InfoSec Kid – Mobile Device Security

Secret DiarySecurity isn’t rocket science, but we can make it sound that way. Here’s what happened when my daughter got given a secret diary and began to work out the security implications. When you cut through the usual jargon, the same issues apply to anyone’s flash drive, laptop, smartphone or tablet (you’ll find some links for grown ups at the end):

Access Control

The diary was one of those electronic voice recognition jobs. Off she toddled to set it up.

  • First she set an easy to remember password, but her sister guessed it.
  • Then she decided on a short passphrase (with some help), but she forgot it.
  • She reset it with a different passphrase, but her sister overhead her saying it.
  • Next she wrote it down, but lost the piece of paper (guess who found it).
  • Eventually she got me to stand guard while she chose yet another passphrase and only opened the diary in private. Much to her little sis’s annoyance.

Physical Security Issues

6943-1_nThat wasn’t the end of the hiccups.

  • One day, when she left it unlocked, she came back to find a drawing of Spongebob Squarepants over a poem she’d lovingly penned and illustrated (sibling carnage was narrowly avoided).
  • Another day it went missing. Eventually it turned up at her friend’s house, apparently unharmed.
  • The last incident was a near miss. I came in to find the younger one trying to leverage the thing open with a fork.

The Insider Threat

Copyrighted_Image_Reuse_Prohibited_111542Much to her horror, after an argument, her friend said she knew who she loved and threatened to tell the lad in question. My daughter returned home in tears and told me her friend must have read the diary when she left it round there. She had shared her password to show off how the diary worked. Not a problem while they were BFFs, but a catastrophe when they fell out.

Things were subsequently patched up before there was any damage to her reputation, but lessons were learned.

Encryption (or in this case encoding)

Mindful that she wasn’t the carefullest of kids, she asked how she could stop that happening again. Between us we worked out a code for her most secret secrets. A simple letter substitution with a tiny twist. Enough to keep an opportunistic friend in the dark. We’ll talk about encryption being a must-have when I finally give in and let her get a tablet or smartphone.

The future of keeping her secrets

I then asked her if she was worried about me peeking at her secrets, given I knew her code and her password. She said that she trusted me. Will I abuse that trust? Not now, but who knows if the dangers faced later in life make her less willing to voluntarily share things. I explained this and she said she’d never forgive me if I did. That one was left for another day.

I also explained that when she uses a work computer, shares things on Facebook or uploads things to a cloud store, she won’t be able to rely on them staying secret. Companies can check what employees are doing on their computers as long as they say they’re going to (she said that they should trust the people who work for them. I reminded her what her BFF did when she was angry).

She was just as unimpressed when I told her Facebook and cloud store owners share things if you say they can, BUT their sharing rules are hard to understand and they’re not great at stopping bad guys breaking in and stealing secrets.

She said she’d never share anything if it wasn’t going to be safe. I told her she probably would, but she should think hard about what she shares, where she shares it, how she sets passwords up and who she would like to see it.

Spying

We then went on to have a chat about government data retention and surveillance, but that’s a story for another time…

Info for the grown up mobile device user:

For parents to help kids stay safe;

More on the current state of mobile device security and related incidents;

Want to add to the discussion?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s