It’s the last week in June and the sun is shining and the birds are chirping and the dogs are barking in the field. That is, of course, unless you live in San Francisco where the fog is rolling in like a cold, damp quilted blanket. In a concerted effort to dodge the seasonal gloom, the best and brightest developers are gathering at Google’s annual I/O conference.
At the conference, Google announced the next iteration of Android, called “Android L,” and it appears to be their first concentrated effort to bring both wearable computing and the Internet of Things—where everyday devices are connected to each other and to the Internet for analysis and optimization—under one manageable roof. It’s a logical move to make the experience across their many products and services as fluid and comfortable as possible. But fluidity isn’t always what’s best for security.
Buried in Google’s many Android-centric announcements is a new feature called “personal unlocking.” It enables wearable devices, such as Google’s new smartwatch, to unlock your Android device with the wave of a wrist, eliminating the need to enter a cumbersome PIN code. In a nutshell, if you’re wearing the watch, access to the phone is yours. The magic is done over a Bluetooth connection—a wireless standard for exchanging data over short distances—and is a nifty solution to the two-factor authentication problem (two-factor authentication is a security standard where you possess an object—like a smartphone, smartwatch or key fob—and possess some special knowledge—like a passcode, passphrase or a PIN number).
Additionally, the new “personal unlocking” feature will recognize your home Wi-Fi network and allow for you to skip the PIN code while you’re in the comfort of your home.
Sounds great in theory, but Google’s “personal unlocking” feature poses a problem to your security: it removes one of the factors in the two-factor authentication standard. By forgoing the PIN code in favor of a Bluetooth connection or Wi-Fi network, Google is removing the special knowledge aspect of two-factor authentication. That means all hackers have to do is spoof the right Bluetooth connection or hack into your Wi-Fi to gain access to your mobile device.
Now, it could be that Google simply forgot to mention that users can still request a PIN code challenge with personal unlock enabled, but we won’t know for some time. After all, the search engine giant has only just announced its latest Android iteration. Developers and hackers alike will need some time to poke holes and create patches for Android L before we can be certain of the new operating system’s security shortcomings (and its strengths).
Still, spoofing a Bluetooth or Wi-Fi connection and stealing a smartphone to gain access to information isn’t outside the realm of possibility. While personal unlocking is a nice feature, most users will need additional security to lock down their phone.
So what can you do to lockdown your device? Well there are a few options available:
- Password-protect your most sensitive apps. Google’s new “personal unlocking” feature is great for the lazy person in us all. However, you should still put a passcode on your particularly sensitive apps. McAfee® Mobile Security, which is free for both Android and iOS, allows for this with ease.
- Use comprehensive security. If there’s one take away from Google’s I/O keynote it’s this: all of our digital devices are going to be more integrated with one another, regardless of whether we’re ready or not. Fortunately, there is a security solution that’s ready for this great digital unification: McAfee LiveSafe™ service. McAfee LiveSafe protects your data, identity and all your devices.
- Use mobile conscious security. Our digital lives are going mobile, fast. That means you need security solutions that can lock down and track your mobile devices from anywhere at any time. With McAfee Mobile Security, which comes with McAfee LiveSafe, you can find and protect your Android smartphone or tablet if it’s lost or stolen, protect your Android device by actively monitoring what networks it connects to and scan for viruses and malware that any malicious website might try to install on your device.