When it comes down to the actual abilities to pull the data off our phones, it appears that researchers don't think either OS is worse than the other.
What seems to be more important is the manufacturer's design of the device.
ie, some don't give the user the ability to choose to have the phone perform a full Format and Data wipe after a certain number of failed Locked Screen attempts.
The researchers' conclusions
When offline attacks are involved, the researchers do not consider Android and iOS all that different (which means difficult at best to pull off) if configured correctly by the device's manufacturer and the end user.
That is not the case with online attacks. "We found differences for online attacks, based on user and remote management configuration: Android has a more secure default for online attacks at start-up, but our Nexus 4 did not allow the user to set a maximum number of failed attempts from the lock screen (other devices may vary)," explain the researchers. "Devices running iOS have both of these capabilities, but a user must enable them manually in advance."
The big difference between Android and iOS firmware occurs when remote control software is used. "Android security may also be weakened by remote control software, depending on the software used," state Enck and Nadkarni. "Though the FBI was unable to gain access to the iPhone 5c by resetting the password this way, we were successful with a similar attack on our Android device."
The tech rumor mill has an interesting albeit unsubstantiated theory about being unable to reset the iPhone 5c password: might that be what the FBI has figured out?
Also see
The Original Article:
http://www.techrepublic.com/article/how-would-android-fare-under-the-fbis-scrutiny
What seems to be more important is the manufacturer's design of the device.
ie, some don't give the user the ability to choose to have the phone perform a full Format and Data wipe after a certain number of failed Locked Screen attempts.
The researchers' conclusions
When offline attacks are involved, the researchers do not consider Android and iOS all that different (which means difficult at best to pull off) if configured correctly by the device's manufacturer and the end user.
That is not the case with online attacks. "We found differences for online attacks, based on user and remote management configuration: Android has a more secure default for online attacks at start-up, but our Nexus 4 did not allow the user to set a maximum number of failed attempts from the lock screen (other devices may vary)," explain the researchers. "Devices running iOS have both of these capabilities, but a user must enable them manually in advance."
The big difference between Android and iOS firmware occurs when remote control software is used. "Android security may also be weakened by remote control software, depending on the software used," state Enck and Nadkarni. "Though the FBI was unable to gain access to the iPhone 5c by resetting the password this way, we were successful with a similar attack on our Android device."
The tech rumor mill has an interesting albeit unsubstantiated theory about being unable to reset the iPhone 5c password: might that be what the FBI has figured out?
Also see
- FBI says its iPhone-cracking tool works only on the 5C (CNET)
- The FBI's problems just got worse: WhatsApp is encrypting all its data (CNET)
- Apple won't sue FBI to reveal hack used to unlock seized iPhone (ZDNet)
- Apple/FBI saga: The only winners may be cybercriminals (TechRepublic)
- Apple/FBI battle highlights IT blunders and need for strong mobile device management (TechRepublic)
The Original Article:
http://www.techrepublic.com/article/how-would-android-fare-under-the-fbis-scrutiny
