SC Congress – Day 1 – 9:50am – The Honey Stick Project

SymantecDay 1 – Tues June 11 2013:
9:50am – “The Honey Stick Project: Opportunistic threats and human vulnerabilities”, Scott Wright, @streetsec, security coach and consultant, Security Perspectives

Scott’s presentation was one of my favourites at SC Congress 2013. Here’s a summary of Scott’s presentation:
In 2011, an experiment was conducted where “lost” smartphones were allowed to be picked up by the public in order to gather data about human threats to data accessible on those devices. What were the results?

Some additional links:

What a fantastic experiment! Scott shared some statistics from his experiment:
Of all of the people that “found” the phones:

  • 50% of people offered to return the phone;
  • 89% of people accessed personal data;
  • 83% of people accessed business data;

I was interested to hear how Scott’s work was funded by Symantec. This is a great example of industry funding some great independent research.

Scott also talked about the need to limit the collection of personal data during his research. In a project like this, the potential to capture photos, location info and behavioural information from those that took the phones could lead to embarrassing or otherwise awkward disclosures of data. Scott did a good job of avoiding the collection of personal info by stating which info he would and would not collect during his research.

Scott left me with a parting thought that still resonates: “We still need more innovation in human studies. People pay attention to stories about other people.”

And, Scott also left me wondering, “what will Scott work on next?”! I look forward to hearing about future projects.

By Todd Dow

Author, Geek, CF fundraiser & Cancer Survivor. My family, baseball, infosec, privacy & devops are a few of my favorite things.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s