Threat Category: Physical Access
ID: PHY-4
Threat Description: Leaving mobile devices unattended and unlocked for any period of time prevents a serious security and privacy risk. Any individual near the device subsequently has unhindered access, and can perform any malicious act, such as installing backdoors, pairing malicious devices, or gathering data.
Threat Origin
Eight Ways to Keep Your Smartphone Safe 1
Exploit Examples
The Current State of Android Security 2
CVE Examples
Not Applicable
Possible Countermeasures
Enforce activation of the auto-lock feature of a mobile device with a maximum idle time that reduces the likelihood an attacker will gain physical access to the device in an unlocked state
Activate auto-lock features based on loss of proximity to a trusted, paired device attended by the mobile device user, such as a smart watch
Require additional user-to-app or user-to-service authentication for apps that provide access to sensitive data
Educate end-users of the importance of locking their device if they are leaving it unattended in an area lacking strong physical security controls.
Mobile Device UserEnforce activation of the auto-lock feature of a mobile device with a maximum idle time that reduces the likelihood an attacker will gain physical access to the device in an unlocked state
Activate auto-lock features based on loss of proximity to a trusted, paired device attended by the mobile device user, such as a smart watch
References
“Eight Ways to Keep Your Smartphone Safe”, in BullGuard Security Centre; www.bullguard.com/bullguard-security-center/mobile-security/mobile-protection-resources/8-ways-to-keep-your-smartphone-safe.aspx [accessed 8/31/2016] ↩
The Current State of Android Security, infographic, Duo Labs, Jan 2016; https://duo.com/assets/infographics/The State of Android Security 72.png [accessed 8/31/2016] ↩