Dubbed Android/Lockerpin.A, the new trojan app tricks users into granting it device administrator privileges. To achieve this it mimics a patch installation window on top of an activation notice. When victims click on the continue button, they actually grant the malicious app rights that allow it to make changes to the Android settings. Lockerpin the sets or resets the PIN that unlocks the screen lock, effectively requiring users to perform a factory reset to regain control over the device. By contrast, earlier forms of Android ransomware generally were thwarted, usually by deactivating administrator privileges and then uninstalling the app after the infected device is booted into safe mode.
The app is notable mostly for the innovation it shows rather than the real-world threat it poses. It’ is distributed in third-party app stores and masquerades as an app for serving pornography. It wouldn’t be surprising to see this type of app evolve further. If it were to find its way into the official Google Play market—as happens as with most malicious Android apps—it could represent a real threat for a much larger number of people.
Pattern lock screens are also not the most secure form of protection – just like obvious passwords and combinations, the patterns that most people draw on the screen to unlock their smartphones are usually quite easy to guess.
By analysing nearly 4 000 real user patterns, experts were able to discover a series of inadvisable practices which are repeated all too often. The average number of swipes used for the pattern is five, which reduces the number of possible combination to only 9 000. However, it turns out that the majority of users only opt for four swipes (the minimum allowed), which means that the range of patterns that the average user chooses is limited to a little more 1 600, which is clearly not enough.
44% of users start the pattern in the top–left corner of the screen. If that wasn’t worrying enough, 77% of the patterns start in any one of the four corners of the grid. By knowing that the pattern is usually made up of just four points, and that one of them could be in any of the corners, then this considerably reduces the security of the pattern. Furthermore, it turns out that we are more likely to trace the pattern from left to right and from top to bottom, which makes it even easier to guess.
The user is the weakest link in the chain when it comes to cyber-security.
The original post can be found on here.