Category Archives: ‘phones

January 18, 2013 · 7:25 pm

Passwords, PIN numbers and cybersecurity

Ever since one of my websites was hacked a few months ago, I have taken a much more personal interest in issues of cybersecurity.  Whilst I have spoken and written many times on the subject, it is only when things really affect you in a personal way that you begin to gain different understandings of the issues.  It represents a shift from a theoretical understanding to a practical one!

I thought I knew most of the various recommendations concerning password and PIN security, and that I had indeed followed them.  However, no digital system is ever completely secure, and the level of sophistication now being used by those intent on stealing identity data, particularly with respect to banking information, is becoming very much more sophisticated.

There are many well known organisations providing advice and recommendations, such as Sophos, Symantec and Kaspersky Lab, but there are rather few places where all of this information is brought together in a single place.  The level of insecurity, and the apparent disinterest among vast numbers of people in doing much about their digital security is not only surprising, but is also deeply concerning.  So, in this posting, I have tried to bring together some of the more interesting observations that have recently been made about passwords and PIN numbers, in order to try to persuade people to take action on this really rather important topic!

Most popular PIN codes and iPhone passcodes
There are numerous articles on the most popular PIN codes – in other words the ones that no-one should actually use! One of the best is Daniel Amitay‘s experiment, where he used Big Brother’s passcode set up screen as a surrogate to estimate iPhone passcode usage, and discovered that the top ten codes listed below represented 15% of all passcodes used:

  1. 1234
  2. 0000
  3. 2580
  4. 1111
  5. 5555
  6. 5683
  7. 0852
  8. 2222
  9. 1212
  10. 1998

None of these are surprising, given that they represent easily remembered structures around the keypad. The passcode 1998 features because it is a year of birth and as Amitay goes on to point out other birth years also feature highly among passwords.

What is perhaps even more worrying is that research by Sophos in 2011 suggested that 67% of consumers do not even use any passcode on their ‘phones, so that a passer-by can access all of the information on the ‘phone without even having to bother to hack the code.

Four digit codes are also commonly used by banks to enable customers to access money through cashpoint machines (ATMs).  Research summarised by Chris Taylor (on Mashable) notes that 27% of people use one of the top 20 PINs for their banking, with the most popular number (1234) being used by a massive 11%.  The top 20 PIN codes he lists are as follows:

  1. 1234 (10.7%)
  2. 1111 (6.0%)
  3. 0000 (1.9%)
  4. 1212 (1.2%)
  5. 7777 (0.7%)
  6. 1004 (0.6%)
  7. 2000 (0.6%)
  8. 4444 (0.5%)
  9. 2222 (0.5%)
  10. 6969 (0.5%)
  11. 9999 (o.5%)
  12. 3333 (0.4%)
  13. 5555 (0.4%)
  14. 6666 (0.4%)
  15. 1122 (0.4%)
  16. 1313 (0.3%)
  17. 8888 (0.3%)
  18. 4321 (0.3%)
  19. 2001 (0.3%)
  20. 1010 (0.3%)

Chris Taylor goes on to comment that although there are 10,000 possible combinations of four digits, 50% of people use the most popular 426 codes!  As he says, “Pick up an ATM card on the street, and you have a 1 in 5 chance of unlocking its cash by entering just five PINs. That’s the kind of Russian Roulette that’s going to be attractive to any casual thief”.

There is therefore  really quite a high probability that even without watching someone enter their PIN number and then stealing the card, or using sophisticated technology to ‘crack’ someone’s PIN code, criminals would have a pretty good chance of accessing someone’s bank account just by using the most popular codes above.  The implication for users is clear: use a PIN code that is not among the most common!

Passwords
The situation is scarcely better with passwords that people use for their online digital activities. Numerous surveys have all pointed to the same conclusion, that a very small number of passwords continue to be used by large numbers of people.  These change a bit over time, and vary depending on cultural context and country, but the message is clear.  Even without sophisticated programmes to crack passwords, those wishing to access personal information can achieve remarkable success just by trying to use the most common passwords!  The most common passwords, in other words those to be avoided, are listed below:

Splashdata 2012

Sophos Naked Security 2010, based on leaked Gawker Media passwords
1

password

123456
2

123456

Password
3

12345678

12345678
4

abc123

lifehack
5

qwerty

qwerty
6

monkey

abc123
7

letmein

111111
8

dragon

monkey
9

111111

consumer
10

baseball

12345
11

iloveyou

0
12

trustno1

letmein
13

1234567

trustno1
14

sunshine

Dragon
15

master

1234567
16

123123

baseball
17

welcome

superman
18

shadow

iloveyou
19

ashley

gizmodo
20

football

sunshine
21

jesus

1234
22

michael

princess
23

ninja

starwars
24

mustang

whatever
25

password1

shadow

A slightly more sophisticated approach is that adopted by those wishing to break into networks by testing them automatically against a much larger number of different passwords.  One of the best publicised accounts of this was the Conficker worm, which used the passwords in the chart below to try to access accounts (Sophos, 2009):

Worm

Again, this clearly indicates that considerable care needs to be taken in choosing passwords, and ensuring that they are at the very least more complex than those listed above.

Tips to reduce the risk of fraud through mobile devices and digital technologies
Much has been written about sensible advice for reducing the risk of fraud through mobile passcodes, banking PINs and online login passwords.  Such tips will never eliminate really determined people from hacking into your identity, but a few simple steps can at least make it more difficult for the less determined.  These include:

  • Always secure your ‘phone with a PIN code, or better still a password (iPhone users can do this simply in Settings>General>Passcode Lock).  This will help to prevent all of your contacts, photos, e-mails and other personal information being accessed immediately by anyone who picks up your ‘phone.
  • Reduce the time before your ‘phone automatically locks so that it is as short as possible, preferably no more than a minute
  • Always use complex passwords, that preferably include lower case and upper case letters, numbers and special characters
  • Use passwords that are at least 8 characters and preferably more than 12 characters in length
  • Frequently change your passwords at random intervals, so that possible hackers are unaware when to expect changes
  • Use different passwords for different accounts, so that if one password is ‘broken’ this will not permit access to your other accounts
  • Think about using a service that tests the strength of a proposed password (such as The Password Meter, Microsoft’s password checker, or Rumkin’s strength test) – for the hyper-security-conscious person, it is probably best to do this from a computer other than your own!
  • Never, under any circumstances give your passwords or PIN codes to other people

Ultimately, passwords and PIN numbers are just part of a wider defence needed against digital theft.  Human action, be it using the ‘phone in an unsafe public place or unfortunately responding to a phishing attack, is still the cause of much digital grief.  As I write, Sophos has just for example reported a phishing attack through a security breach on the Ethiopian Red Cross Society’s website purporting to be a Google Docs login page.

If the worst happens, and you do lose a ‘phone there are at least two important things to do:

  • Ensure you have software on the ‘phone that can enable you to track it (as with the Find My iPhone app, or for Android ‘phones there are apps such as Sophos’ Mobile Security app)
  • If there is no chance of getting the ‘phone back, then remotely delete all of its content as swiftly as possible, remembering that if it has been backed up on a laptop or cloud facility, then all of the data can be restored at a later date.

Working together, and sharing good practices in personal digital security we can do much to help reduce digital identity theft.

3 Comments

Filed under 'phones, ICT4D general

Tagged as , ,

November 23, 2012 · 4:28 pm

New GSMA publication on how mobiles contribute to economic growth

The GSM Association, together with Deloitte and Cisco have recently published a useful report (.pdf 3.4 MB) on the contribution of mobiles to economic growth, and they intend to run their analysis on an annual basis so as to provide a barometer of change in the industry and its impact.

Some of the key findings of the report include:

  • For a given level of total mobile penetration, a 10% substitution from 2G to 3G penetration increases GDP per capita growth by 0.15% points
  • A doubling of mobile data use leads to an increase in the GDP per capita growth rate of 0.5% points
  • A 10% increase in mobile penetration increases Total Factor Productivity in the long run by 4.2% points

The Appendices provide much more detail about the precise econometric models used, and it is good to see such detail and transparency.  I retain some concerns, though, about the ways in which causality is imputed from what are essentially relationships between economic indicators.  This could be the basis of an interesting dialogue about methodologies for undertaking such research, which I guess would depend heavily on ideological premises!  However, using this as a starting point, it would be interesting to drill down in more detail to ask what factors need to be in place for the economies of particular countries to follow the general observations noted.  From my perspective, we need to learn more about what some of the poorest countries and peoples can do to ensure that they too benefit.  In other words, we need to disaggregate the data, and understand in detail about the wider governance structures, infrastructure and social conditions that need to be in place to enable growth.  That is, of course, if economic growth is of prime concern!

2 Comments

Filed under 'phones, ICT4D

Tagged as , ,

November 21, 2012 · 4:57 pm

There is one good call-centre employee at Vodafone after all!

Following my recently highly critical rant about the appalling customer service that Vodafone ‘provides’, I was delighted at long last to ‘meet’ someone who was not only polite and could speak English that I could understand, but who was also able to resolve the latest problem in our relationship.  Her name is Mia. I suggest that anyone calling Vodafone explicitly asks for her by name – I guess she is based in India, and she does speak with a slight US accent, but don’t hold that against her!

I know it is not Mia’s fault, but Vodafone’s website is still not functional for some users – I wonder how many more weeks it will take before I can access my account?

Leave a comment

Filed under 'phones, ICT4D

Tagged as ,

November 17, 2012 · 10:15 am

Appalling ‘service’ by Vodafone

I don’t usually use my blog to illustrate poor customer service, but an e-mail I received this morning has infuriated me so much that I am putting fingers to keyboard!  Vodafone has to be one of the very worst companies for customer service in the UK! Why does anyone still use them? For that matter, why do I?!

I renewed my contract with them a couple of weeks ago, and upgraded my phone.  Since I could not do the necessary change-over online, because their website was down, I took my new phone in to a Vodafone shop (in Hammersmith) to ask them to activate the SIM and transfer my data across.  “Of course”, the assistant said, “It will only be a couple of minutes”.  Half an hour later, when the assistant was unable to do it, his manager came over and managed to get most of the issues sorted.

However, not all of the data was transferred, and I could not access WiFi from the hotspots because of a problem with my account, which they said would soon be activated.  A week later, nothing had happened, and so began a series of quite bizarre phone calls with ‘customer service staff’.  None of theme were able to resolve the problem.  Unbelievably, three out of the four staff could barely speak English, and I kept having to ask them to repeat their questions – really simple things like “What is the first line of your address?” were completely unintelligible.  Eventually, I was told that I could not access my account because of a problem with their website that they were fixing, but that they would give me a £5 refund on my next bill because of the inconvenience.

Still nothing happened – I could not access my account online, and still could not use the WiFi hotspots because I could not sign into my account!  So, I sent an e-mail, and two days later received the message below:

“Thank you for contacting Vodafone Customer Services
I have checked the online account and can see that you are not able to access the online account however if you are unable to access the account; hence I have escalated this to the online escalation department they will look into this matter.
Your patience will be appreciated in this matter
I trust the above information is helpful.
Kind regards,”

This is unbelievable.  First, I am appalled that an e-mail can be sent by a company based in the UK that is so illiterate!  Second, I am not told that the problem is being fixed, but merely that the matter is being escalated to the escalation department!

I wonder how many more weeks it will take for them to get this fixed?!

 

2 Comments

Filed under 'phones, ICT4D

Tagged as ,

March 15, 2012 · 9:45 pm

Mobiles, Social Media and Democracy

The Commonwealth Telecommunications Organisation (CTO) and the ICT4D Collective and UNESCO Chair in ICT4D at Royal Holloway, University of London convened a session on Mobiles, Social Media and Democracy (#SocMed4Dem) on 15th March at the ICTD2012 conference hosted by Georgia Tech in Atlanta.

This began with a debate on the motion that This house believes that the use of mobile supported social media is an effective means of promoting democracy.  Breakfast planning, led to a slight change of schedule!  So, the session began with Mario Maniewicz (Chief of Department, Enabling Environment and E-applications, ITU) providing an overview of some of the issues surrounding this complex subject.  Then the debate began in earnest.  Katrin Verclas (Co-Founder and Editor of MobileActive.org) set the ball rolling arguing vehemently in favour of the motion, to be followed by a sound rebuttal by Adam Salkeld (Head of Programme, Tinopolis).  Then the real challenge – both for me and the audience!  To balance things up, I filled in the gap by seconding the motion in favour – even though I would have preferred to speak against the motion.  Half way through, when I was arguing that anarchy is the only true form of democracy, I suddenly realised that one might say things that one does not necessarily actually mean when one is debating.  My short intervention should have had a health warning!  And the debate concluded with a brilliant tour-de-force by Alan Fisher (Senior Correspondent, Washington DC, al Jazeera).  After numerous interventions from the floor, the final vote (including contributions by Tweets) was 21 in favour and 19 against!  Thanks to Caitlin Bentley so much for video streaming the debate and managing the Twitter feed!

After the ‘refreshments’ break, we broke up into small discussion groups, each chaired by one of the speakers, to explore the policy implications of four of the most important themes to emerge from the debate: access (chaired by Mario), privacy and security (chaired by Katrin), the relevance of historical sociology of technology and democracy (chaired by Adam), and ICTs against democracy: the ‘dark side’ (chaired by Alan).

The mind map below provides a summary of the fascinating discussions as presented in the final closing plenary.

Click on the image for a large sized (readable) version!

Video of the debate

Caitlin Bentley has compiled a ‘story’ of the #SocMed4Dem debate at #ICTD2012 at http://storify.com/cbentl2/mobiles-social-media-and-democracy

2 Comments

Filed under 'phones, ICT4D

Tagged as , , ,

September 15, 2011 · 4:32 pm

Findings from research on mobile use amongst marginalised groups in China

I spent five weeks this summer undertaking research in Beijing and Gansu thanks to a UK-China Fellowship for Excellence from the Department for Business, Innovation and Skills.  The central purpose of my research was to explore the information and communication needs of poor and marginalised communities, especially people with disabilities (in Beijing) and farmers in rural areas (in Gansu Province).  I learnt so much – and probably more from the informal discussions than I did from the  focus groups and interviews that I conducted!  Many thanks are due to Professor Ding Wenguang and Chen Fei for all of their help and assistance in arranging meetings, and translating our dialogues.

The premises underlying my research were that:

  • all too often, new software and hardware are designed for the mass market, and then need to be ‘adapted’ to suit the ‘needs’ of poor and marginalised people
  • frequently, well-intentioned new technologies are developed in some of the richer parts of the world and then ‘applied’ in poorer countries; researchers are then surprised that there is little take up for their products
  • hence, we still need to get a much better understanding of the needs of these communities, and focus much more on designing technologies explicitly with their interests in mind
  • China has 18% of the world’s population, and so the market size of marginalised communities makes it worth developing products commercially for them

The resultant data are so rich that it is difficult to summarise them in detail.  However, the following seem particularly pertinent

Rural areas

  • The diversity of people and communities in rural areas of China is replicated in a diversity of needs.  ‘One size fits all’ solutions are not appropriate, yet the size of the market for particular groups is nevertheless very large given China’s overall population
  • Almost everyone already has at least one mobile ‘phone – mobiles are already widely used for information and communication, even for Internet access.  There are real implications for Africa – if electricity and connectivity can be provided
  • Economic information is particularly desired – especially on such things as agricultural input prices and market prices – particularly by men.  I was surprised at how dominant and significant this was.
  • There seem to be important gender differences in usage – women placed greater emphasis on social communication and health information; young male migrant workers in contrast seemed dominated by a desire to use mobile broadband to meet with girls.
  • Value for money is important – c. RMB 2-3 per month is all that most people are willing to pay for subscription services
  • Trust of source of information is also very important – there seems to be a lot of bogus messaging – and differing views as to what kind of organisation was most trustworthy.
  • There is real potential for village level training in effective use of mobiles – especially by women for women
  • For many users, the existing functionality of mobiles is more than they can cope with

Disabilities

  • There is huge potential for innovative hardware and software solutions – many interesting ideas were proposed
  • There is therefore a large opportunity for sharing good global practice with colleagues in China in the use of ICTs for people with disabilities in China
  • Information about location and direction is crucial for blind people – we need to think more innovatively about how to deliver on this
  • Screen size and configuration (not touch screen) are very important for blind people – Blackberry wins out over iPhones here!
  • There is an enormous opportunity for audio books (not only for blind people). Perhaps a civil society organisation could develop this, and even market audio books to generate income.
  • Security code challenges are important for blind people
  • Shopping information – much potential for RFID and 2D bar codes for blind people.
  • A powerful text scanner and reader in a mobile phone for blind people would be useful
  • Visualisation and touch/vibration of sound could also be developed further

There is a huge agenda ahead, and I am enthusiastic about ways in which we can encourage delivery on some of these exciting opportunities.  Thanks so much to BIS, Lanzhou University and Peking University for supporting this research, and to all those who contributed through their wisdom and hospitality

4 Comments

Filed under 'phones, China, ICT4D

Tagged as , , ,

June 8, 2011 · 3:26 pm

Survey of mobile learning use by students

While in China recently, I was working with a group of colleagues to explore how students (undergraduate, Master’s and Doctoral) there are using mobile phones in support of their learning.  We designed a survey that is now being implemented to gain a broad understanding of such usage. Much previous research has focused on the effectiveness of specific ‘m-learning’ interventions, but what interests us is how students may (or may not) be using mobile ‘phones in a sense ‘organically’ to support their learning.

The idea then came that it would be very interesting to draw some international comparisons about the use of mobile learning, and so we have developed a short online survey that takes only between 10 and 15 minutes to complete. It would be great if you could circulate this link to any students that you know, and encourage them to complete the survey:

We would also like to make the survey available in different languages, and if there is anyone who might feel able to translate it into their own languages please let me know, so that I could send you a version in a text format for translation.  Any such assistance would of course be acknowledged with thanks in the reports that we write!

Do please publicise this as widely as possible.  Hopefully, the survey will be interesting for students to participate in!  The results will be posted in due course at http://www.ict4d.org.uk .

Leave a comment

Filed under 'phones, ICT4D, Universities

Tagged as ,

May 5, 2011 · 9:31 pm

iPhone software update 4.3.3: limits tracking cache

Good to see that Apple has now released a software update (iOS 4.3.3) that means that iPhones will no longer retain information about where they have been!

As Apple, states:

“This update contains changes to the iOS crowd-sourced location database cache including:

  • Reduces the size of the cache
  • No longer backs the cache up to iTunes
  • Deletes the cache entirely when Location Services is turned off”

In effect, this means that the amount of information kept on the ‘phone is limited to a week’s usage, and the location data are no longer backed up on users’ computers.

In response to criticisms over iPhone location data being stored on the ‘phones and backed up on users’ computers, Apple claimed that iPhones were not actually logging locations – “Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple”.

Apple went on to say that the fact that up to a year’s data was stored was the result of a bug: “The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don’t think the iPhone needs to store more than seven days of this data”.  Further, their statement also emphasised that Apple believe that personal information security and privacy and important: “Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy”.

For further comment, see:

Leave a comment

Filed under 'phones, Ethics, ICT4D

Tagged as , , ,

April 22, 2011 · 6:04 am

Your iPhone is being tracked

I wonder how many iPhone users are aware that their movements are automatically being logged in a small, easily accessible application on their ‘phones?  Recent, important work by Alasdair Allen and Pete Warden has shown just how easy it would be for unscrupulous people to access this information.  It also raises worrying questions about why Apple has done this, and why they have not clearly informed users that this information is so readily available?

Allen and Warden have written a neat Open Source application that enables users to visualise this information – down to a very high level of detail in space-time – called iPhoneTracker.  Essentially, Apple stores this information on the ‘phone in terms of latitude, longitude and time stamp.  The database of locations is stored on the iPhone, but is also on any backups that might have been made when synced with iTunes.

As Apple and Warden comment with respect to why Apple has done this, “It’s unclear. One guess might be that they have new features in mind that require a history of your location, but that’s pure speculation. The fact that it’s transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental.”

They also point to the very serious moral and ethical issues that this raises: “The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it. The more fundamental problem is that Apple are collecting this information at all. Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer. By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements”.

The screen grab from their visualiser shows where I have been using my iPhone in recent months. Perhaps colleagues who have been sceptical about why I have various different ‘phones and different SIM cards will now understand the reason!

We should all be immensely grateful to Alasdair Allen and Pete Warden for bringing this to our attention!

See also Jacqui Cheng’s recent article on this.

3 Comments

Filed under 'phones, Ethics, ICT4D

Tagged as , ,

January 30, 2011 · 8:36 pm

Social networks, digital technologies and political change in North Africa

Much has been written about the potential of new ICTs, and particularly mobile technologies and social networking software, to transform political and social systems.  A fundamental question that underlies all work in ICT4D is whether new ICTs can indeed be used by the poor to overthrow oppressive regimes, or whether, like other technologies before them, ICTs are used primarily by the rich and powerful to maintain their positions of power.  Until very recently, it seemed that despite the potential of ICTs to undermine dominant political structures, most attempts to do so have been ruthlessly crushed.  The ruling regime in Iran was thus able to suppress the ‘Twitter Revolution’ of 2009-10, and the Burmese government likewise maintained its grip on power despite extensive use of mobile ‘phones and the Internet during protests in 2007.

Recent events in North Africa, with the overthrow of President Ben Ali in Tunisia and the continuing protests against President Mubarak in Egypt, have widely been attributed in considerable part to the agency of mobile ‘phones and the use of social networking environments over the Internet.  Whilst it is too early fully to judge their importance in fueling such political protests, the following reports provide evidence in support of such claims:

Tunisia

Egypt

Wider ramifications

Much research needs to be undertaken on the real role of ICTs in these ongoing political processes.  What seems apparent, though, is that many participants do indeed believe that these technologies are helping them achieve their objectives.

5 Comments

Filed under 'phones, Accessibility, Africa, Development, Ethics, Social Networking

Tagged as , , , ,