Jump to content

Recommended Posts

Posted

hello, hak5 

I have an idea for a screen locking security app, I don't know if it already exists and to be frank, I'd would be surprised that someone hasn't already thought of it before.

Here the concept a phone lock-down app that prevents the phone from unlocking and or be unencrypted until it's with in a specific GPS spot. you would select a specific GPS point or coordinates that would then lock than phone screen until you reach that spot. the use case scenario would be someone transporting sensitive information from one location to another and you don't want anyone being able to access the device and can't send or store it over the net. it would not be one you use every day just when you want no one has access to the device.

I have a background in hardware and while I understand and know some coding/programming it's still very rudimental I was wondering if this is even feasible or practical with Android or IOS ( I'm assuming it will be harder with ISO). and moreover, if it's even a practical idea in term of security and encryption. what are your'alls thoughts?

Posted

I like the concept of this, and can see it having practical use scenarios like crossing borders, entering hostile zones to protect sensitive data stored on it, but not sure it would be practical for everyday use.

While it sounds nice, what happens if there is an emergency and you need to make a call, when you haven't reached your destination yet? Also, fat finger that GPS coordinate for the other side of the world, and you're shit out of luck. Can you reset this if that happens and if so, wouldn't that mean anyone can bypass this feature then? 

GPS on mobile devices are also not very accurate, so you'd have to also program in like a 50 foot radius safe zone to help you out when reaching the destination, or you could find it never unlocks if it needs a very specific POI. This could also be spoofed to force your phone to unlock, which might leave less than desired results as well. 

Few things that might make this better, a stationed yubi key at each location, and that can unlock the phone, but not carried with you, so open at location A, locked during transit, and then unlocked at location B. This means both locations need to have the encrypted key to open it, but anywhere in between the phone is then locked till you use one of those keys. Also brings up my point from earlier. If there is an emergency, you're SOL again.

Another thing that might work aside from a yubi key, is RFID or NFC that helps unlock when the right signal is seen/processed.

Neat idea, but might need some more thought in how to make it work safely while not creating a brick that never opens when done.

Posted
On 7/15/2017 at 4:04 PM, digip said:

I like the concept of this, and can see it having practical use scenarios like crossing borders, entering hostile zones to protect sensitive data stored on it, but not sure it would be practical for everyday use.

While it sounds nice, what happens if there is an emergency and you need to make a call, when you haven't reached your destination yet? Also, fat finger that GPS coordinate for the other side of the world, and you're shit out of luck. Can you reset this if that happens and if so, wouldn't that mean anyone can bypass this feature then? 

GPS on mobile devices are also not very accurate, so you'd have to also program in like a 50 foot radius safe zone to help you out when reaching the destination, or you could find it never unlocks if it needs a very specific POI. This could also be spoofed to force your phone to unlock, which might leave less than desired results as well. 

Few things that might make this better, a stationed yubi key at each location, and that can unlock the phone, but not carried with you, so open at location A, locked during transit, and then unlocked at location B. This means both locations need to have the encrypted key to open it, but anywhere in between the phone is then locked till you use one of those keys. Also brings up my point from earlier. If there is an emergency, you're SOL again.

Another thing that might work aside from a yubi key, is RFID or NFC that helps unlock when the right signal is seen/processed.

Neat idea, but might need some more thought in how to make it work safely while not creating a brick that never opens when done.

I agree, it is an interesting idea but very easy to mess up or have things go wrong. NFC/RFID can be mimicked and therefore be easy to spoof (e.g. I can spoof an NFC tag with my phone, let alone having dedicated hardware for RFID).

Encrypted keys are one way to go but could also be spoofed, e.g. if sent over WiFi they can be detected and someone can send the key raw to the phone as well.

GPS location can be spoofed too, quite easily, as phones can already do that to tell snoopy websites where they "are" (or, more accurately, aren't).

What would be interesting is using landmarks or places with details specific to that area, similar to GPS but focusing on the things that can't be mimicked easily in that area. This could be done with the camera, GPS, WiFi SSIDs seen (assuming they would be similar over long periods of time) and stuff like that. So what you could do is stand in a spot (geographically) and take note of the SSIDs, landmarks (take photos of them) and anything else relative to that area. Then you can tell the phone to check GPS, monitor the SSIDs and wait for photos that look similar to the landmarks you took earlier (comparing photos). Individually they can be easy to spoof, but since people don't know where exactly you were they can't know every detail about what the phone is looking for. Of course, there is the problem of someone graffiti-ing all over the landmark which would change the photo, or an SSID going missing (change the name or something), but you could add a bit of leeway.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...