Security Shortcut Device Misses the Point

Tuesday, 20 August 2013 / Published in Woo on Tech
Motorola Mobility

Motorola has recently announced a near-field communication (NFC) device called the “Skip” which can be paired with their new Moto X smartphone to allow for quick unlocking of a PIN-protected device. The small wearable device also comes with a handful of “Skip Dots” which are smaller versions of the Skip that can be placed at frequently visited locations like your car or desk, allowing the same, “tap to unlock” functionality offered by the Skip device. According to Motorola, the Skip will supposedly save the average user quite a bit of time, based upon a calculation that we spend on average 2.9 seconds punching in our PINs up to 40 times a day.

What this means for you:

This particular idea isn’t new. NFC dots/stickers have been around for awhile, and many Android phones feature the capability of using the presence or absence of NFC points to give Android phones locational awareness at a level much finer than afforded by GPS. Depending on how they are programmed, Android phones can automatically unlock themselves when near specific dots, or enable Bluetooth when near a dot placed in a car, etc. The problem, as you can imagine, is that it gives thieves and malicious actors the ability to unlock a stolen or misappropriated phone merely by possessing the “Skip” itself. Seeing as it’s attached via magnets, and likely to be near the phone itself, gaining both items gives the possessor the literal keys to your smartphone’s kingdom. The Skip Dots also add another easy vector for malicious actors who are familiar with the phone owner, such as a co-worker, fellow student or roommate, and take advantage of an unattended phone and a known Skip Dot location.

Smartphone PINs are there for a reason: to make it difficult to unlock your phone. What’s the point of putting a lock on your front door if you are going to leave the key sitting in plain view for anyone to use? My advice to you: don’t use devices like the Skip (or any NFC device) to bypass security. It’s there for a reason, and imagine how inconvenienced you would be if your phone (and everything on it) was compromised.