Threat Category: Physical Access
ID: PHY-4
Threat Description:
Threat Origin
Eight Ways to Keep Your Smartphone Safe 1
Exploit Examples
The Current State of Android Security 2
CVE Examples
Not Applicable
Possible Countermeasures
Enforce activation of the auto-lock feature of a mobile device with a maximum idle time that reduces the likelihood an attacker will gain physical access to the device in an unlocked state
Activate auto-lock features based on loss of proximity to a trusted, paired device attended by the mobile device user, such as a smart watch
Require additional user-to-app or user-to-service authentication for apps that provide access to sensitive data
Educate end-users of the importance of locking their device if they are leaving it unattended in an area lacking strong physical security controls.
Mobile Device UserEnforce activation of the auto-lock feature of a mobile device with a maximum idle time that reduces the likelihood an attacker will gain physical access to the device in an unlocked state
Activate auto-lock features based on loss of proximity to a trusted, paired device attended by the mobile device user, such as a smart watch
References
“Eight Ways to Keep Your Smartphone Safe”, in BullGuard Security Centre; www.bullguard.com/bullguard-security-center/mobile-security/mobile-protection-resources/8-ways-to-keep-your-smartphone-safe.aspx [accessed 8/31/2016] ↩
The Current State of Android Security, infographic, Duo Labs, Jan 2016; https://duo.com/assets/infographics/The State of Android Security 72.png [accessed 8/31/2016] ↩