Hacker News new | ask | show | jobs
by pennyintheslot 1846 days ago
You assume here that you are aware of the fact that your device is in the hands of someone else.

I could ask you for your device under the pretense of making a phone call and then secretly transfer your account to my device. I could then secretly read your chats from my device and no one would be aware of it - until you check the amount of active sessions in settings.
1 comments
9wzYQbTYsAIc 1846 days ago
All security ultimately reduces to physical security.

If you can’t secure your physical phone, all digital security is moot.

link
rsj_hn 1846 days ago
I would say "requires" rather than "reduces to". Just like all security requires vetting personnel. There are just a lot of checkboxes that need to be ticked as table stakes in the security game.
link
9wzYQbTYsAIc 1846 days ago
I would state that physical security is both necessary and sufficient to protect information.

Vetting personnel isn’t necessary, nor is it sufficient, to protect information.

Protecting more than just the information, is a different argument.

If we’re talking about securing personal information that has a physical footprint of a cell phone, vetting personnel is irrelevant. Never let your phone leave your person, on pain of death, so to speak.

If we’re talking about securing a building, vetting personnel is just an extension of physical security, anyways.

All of those checkboxes will ultimately reduce to being an extension of physical security.

link