Researchers are making a smarter “kill switch” for phones that knows when a gadget is in the hands of a thief.
Software on the phone watches how you use your phone to build a portrait of your “normal” behaviour.
The software logs which apps were used and when, where the phone goes as well as more subtle indicators such as how the phone is held.
The software quickly spots if a phone is not being used by its owner and shuts down to stop data being stolen.
“We’re leveraging the predictability in our everyday lives,” said Dr Gunes Kayacik who is heading the research project at the Interactive and Trustworthy Technologies Group of Glasgow Caledonian University (GCU).
The research was carried out by Dr Kayacik, Dr Mike Just, Prof Lynne Baillie and Nicholas Micallef from GCU and Dr David Aspinall from the University of Edinburgh.
Phone-owners use different apps at different times of the day and the patterns of use are usually linked to the same locations, said Dr Kayacik.
Using seven separate sources of data generated by a phone it becomes possible to quickly build up a profile of a smartphone owner’s typical behaviour, he said.
Profiling-software developed by the Glasgow team logs the apps being used, the base stations the phone talks to and which wi-fi networks are nearby as well as ambient data about noise, light, magnetic fields and the handset’s orientation and location.
Early versions of the behaviour-logging software currently take a few days to build up a profile of average use, said Dr Kayacik. The software gets better at spotting its real owner the longer it runs.
“We look at when the applications are being used and where,” he said. “If a phone is being used out of place and out of time we can detect it.”
In addition, he said, the behavioural cues the software picks up can also detect if a phone has fallen into the hands of an unauthorised user even if they are in a location where the phone is regularly used by its real owner.
Current versions of the logging software can spot if a phone has been stolen in a couple of minutes, he said.
As well as acting as an anti-theft device, the software can also be used as a guarantor of identity when people use their phones to shop online or send messages to friends and family.
Prof Baillie said the software could be used in place of the Pin and screen-swipe systems currently used to safeguard phones against unauthorised use.
Research suggests people have to swipe or tap in their Pin up to 100 times a day just to unlock their handset and use it, she said.
That system is so cumbersome many people do not bother with any security measures at all, said Prof Baillie.
By contrast, the behaviour modelling system would keep a phone unlocked as long as it was in the hands of its owner, she said.
“You may still have to use a Pin but only when it was really needed,” she said. The extra security measures could be triggered only in certain circumstances such as when someone was shopping or trying to log on to a corporate network, she added.
Mobile security expert Nigel Stanley of consultancy Open Sky said the Glasgow research looked “interesting”.
“Clearly something needs to be done to secure these devices in a smarter way,” said Mr Stanley.
“However,” he said, “we need to think about the privacy implications of putting into practice such monitoring – is it sent back to a central site for processing or is it simply used locally on the device?”