Location: DEC, CIC 1201
Smartphones are becoming pervasive and they are used for more and more sensitive activities. To protect personal and other sensitive information from unauthorized access, some smartphone users lock their phones. Yet, others don’t, risking the data and online services accessible through their devices. The risks emanate from both device thieves and those who belong to the users’ social circles, so called social insiders. While the threat of social insiders for smartphone users has been under-appreciated by the research community, there is growing volume of evidence that it cannot be ignored any more. A recent privacy-preserving survey suggests that 20% of US adults snooped on at least one other person’s phone, during the year proceeding the study. In this talk, I present LERSSE research on unauthorized physical access to smartphones and locking behaviour of the users. In particular, I discuss users’ concerns when it comes to unauthorized access to their devices, their use of locking mechanisms and devices themselves, and examine the differences that recent advances in smartphone locking make.
Konstantin (Kosta) Beznosov is a Professor at the Department of Electrical and Computer Engineering, University of British Columbia, where he directs the Laboratory for Education and Research in Secure Systems Engineering. His research interests are usable security, mobile security and privacy, security and privacy in online social networks, and web security. Prior UBC, he was a Security Architect at Hitachi Computer Products (America) and Concept Five. Besides many academic papers, he is also a co-author of “Enterprise Security with EJB and CORBA” and “Mastering Web Services Security” books, as well as XACMLand several CORBA security specifications. He has served on program committees and/or helped to organize SOUPS, ACM CCS, IEEE Symposium on Security & Privacy, NSPW, NDSS, ACSAC, SACMAT. Prof. Beznosov has served as an associate editor of ACM Transactions on Information and System Security (TISSEC) and Elsevier’s Computers & Security.