UMBC faculty who focus on cybersecurity are sharing their expertise in articles across the web to help people protect themselves from fraud and hacks.
One of the projects – a collaboration between Ravi Kuber, associate professor of information systems, and Adam Aviv, assistant professor at the U.S. Naval Academy – looks closely at “shoulder surfing attacks,” which occur when people watch users of electronic devices to obtain their security codes. According to an article about them in Wired, the researchers found that a “casual observer can visually pick up and then reproduce an Android unlock pattern with relative ease.” Together, they are studying the most effective and secure patterns and passcodes to have on mobile devices.
“Observational attacks continue to represent a threat to mobile device users,” explains Kuber.
Kuber and Aviv conducted an online survey and asked participants to watch video of an actor entering passcodes on various devices using different length patterns and hand positions, and determine the authentication patterns that were entered by the actor. They found that six-digit personal identification numbers (PINs) were less likely to be successfully replicated by an attacker. Android unlock patterns with six steps had the highest duplication rates and led to more attacks.
“While six-length Android unlock patterns may sound like a more secure choice from onlookers, in reality, users may be better off selecting a six-digit PIN instead,” says Kuber. “Users should consider turning off feedback lines when entering patterns to lower the change of observation attacks.”
Securing mobile devices is only one aspect of what people need to consider when protecting their personal information from hackers and attacks. In an article in The Conversation, Rick Forno, assistant director of the UMBC Center for Cybersecurity and director of the Cybersecurity Graduate Program at UMBC, discussed the Equifax data breach. He explains that companies need to hire people who will be creative and solve overarching problems, rather than only address day-to-day issues. “Until then, major breaches will keep happening and may get even worse,” Forno warns.
Even though basic cybersecurity practices have been identified and discussed for several years, Forno says that many individuals, companies, and government agencies do not follow the recommended practices. “We all must take a realistic look at the state of cybersecurity, admit the mistakes that have happened, and change our thinking for the better,” he explains.
Karuna Pande Joshi M.S. ‘99, computer science, Ph.D. ‘12, computer science, assistant professor of information systems, shared several ways that people can protect themselves and their information from identity fraud in an article in WalletHub. Many of the tips that she shares are related to technology and the internet. Being mindful about who you connect with online, and regularly monitoring online accounts and credit scores can help keep information safe.
While social media may contribute to some identity fraud that consumers face, Joshi thinks that diligence can protect people from fraud. “I believe that a regular audit of all organizations managing private data of consumers should be mandated,” she says.
To learn more about Kuber and Aviv’s work, read the article about them in Wired. This research was also featured in Gizmodo, Tech Times, Helpnet Security, Lifehack Australia, Komando.com, ThreatPost, and Thai Tech. Read Forno’s full article in The Conversation, Charlotte Observer, and Los Angeles Times. Joshi offers additional recommendations in WalletHub.
Image: Mobile technology in use. Photo by Flickr user WOCinTech Chat under license CC BY 2.0.
Tags: COEIT, CSEE, Cybersecurity, IS
