Unauthorized Access to Smartphones
Unlike unlock authentication, which is an active defense against physical intrusion, passive defenses aim to primarily provide awareness, traceability, and recovery from intrusions; and to only secondarily engage counter-measures like blocking access. In sensitive computer systems, passive security is embodied in Intrusion Detection and Response (IDR) systems. To end-users, however, parallel capabilities remain unavailable, or lack security and usability validation, despite the severe privacy implications of intrusions. We thus envision a mobile IDR which is usable by individuals with no technical training; which can detect suspicious activity based on semantics of intrusion behavior; and which can respond to threats per their importance.
Vulnerability & Blame: Making Sense of Unauthorized Access to Smartphones
Diogo Marques, Tiago Guerreiro, Luís Carriço, Ivan Beschastnikh, Konstantin Beznosov
ACM Conference on Human Factors in Computing Systems, Glasgow, Scotland, May, 2019