Skip to main content

SmartLock - what's it good for?

SmartLock is a tool that joins your Android phone and your ChromeOS device. When logging into your ChromeOS device it will attempt to locate an open or unlocked Android device. When ChomeOS identifies the paired device it it will change the lock icon in the login dialog from yellow or spinning to green.  The green icon means that I need only click on the picture in the login form in order to perform that function.

There is a related feature on the phone.  I can identify and record "safe" locations on the phone so that when the phone is found to be in that location it does not require a password. You are automatically logged in by GPS location. This is great when you're home or maybe even work... if you do not mind the obvious complications.

So you can see that if your:

  • home
  • SmartLock knows home is safe
  • the phone has auto unlocked
  • and paired with a ChromeOS device
  • and the devices are in range
your ChromeOS device will auto unlock with a click of a button. (you can temporarily disable this feature by clicking on the lock when you logout).

This is a particularly good feature when your in public. Clearly you do not want people to see what you might have logged into and correlating that with your password which can be captured with a gopro or even the store or coffee shop store camera. It's no longer the thing of science fiction. So having your phone handy, and unlocked, means not having to worry about your password.

However, this does create a different attack vector. If you at a location that is not SAFE then you need to unlock your phone manually; which can be recorded. And then there is the potential that there is a backdoor for the Bluetooth detector thing/code. All someone needs to do is steal your phone and get to one of your safe locations before you and they have access to the family jewels.

The good news (a) I do not have the family jewels on my phone. (b) the tough ones still require a password. (c) I never access them from the public.

The bad news (a) it might still happen if one of the vendors I depend on is vulnerable and I've been exposed. (b) someone is able to steal my computer and phone and get to my safe place before me... or even at some distance depending on the geo limits of SmartLock.

The really bad news is that Google has not yet provided a killswitch so that SmartLock can be disabled from anywhere. Once the bad guy has my phone and computer changing my password may not help.

Comments

Popular posts from this blog

Entry level cost for CoreOS+Tectonic

CoreOS and Tectonic start their pricing at 10 servers. Managed CoreOS starts at $1000 per month for those first 10 servers and Tectonic is $5000 for the same 10 servers. Annualized that is $85K or at least one employee depending on your market. As a single employee company I'd rather hire the employee. Specially since I only have 3 servers.

The pricing is biased toward the largest servers with the largest capacities; my dual core 32GB i5 IntelNuc can never be mistaken for a 96-CPU dual or quad core DELL

If CoreOS does not figure out a different barrier of entry they are going to follow the Borland path to obscurity.

UPDATE 2017-10-30: With gratitude the CoreOS team has provided updated information on their pricing, however, I stand by my conclusion that the effective cost is lower when you deploy monster machines. The cost per node of my 1 CPU Intel NUC is the same as a 96 CPU server when you get beyond 10 nodes. I'll also reiterate that while my pricing notes are not currently…

Agile is still dead and has been since 1991

[updated 2011.09.30] yet another response to Agile is good.
When you have so much of you career invested in something like Agile, XP etc... it can be hard to see the forest for the trees. I had a consulting job in The Haag many years ago. IBM was the incumbent contractor at the customer site (a bank) but after 5 years on the job they had not written a single line of functioning code. In the office there were two teams of software people... both behind closed doors. The first team was the Data team and the second team was Functional. They rarely spoke and they never shared information. I was there for a week, introduced the client to OO and we had a functioning prototype. Smart people do smart things, You cannot make an underachiever exceptional by using Agile. Either they get "it" or they don't.
I just commented on a blog. I'm sure there is some validity to his post beyond observing that Agile Scrum is broken. It certainly is not what it was originally intended but for…

eGalax touch on default Ubuntu 14.04.2 LTS

I have not had success with the touch drivers as yet.  The touch works and evtest also seems to report events, however, I have noticed that the button click is not working and no matter what I do xinput refuses to configure the buttons correctly.  When I downgraded to ubuntu 10.04 LTS everything sort of worked... there must have been something in the kermel as 10.04 was in the 2.6 kernel and 4.04 is in the 3.x branch.

One thing ... all of the documentation pointed to the wrong website or one in Taiwanese. I was finally able to locate the drivers again: http://www.eeti.com.tw/drivers_Linux.html (it would have been nice if they provided the install instructions in text rather than PDF)
Please open the document "EETI_eGTouch_Programming_Guide" under the Guide directory, and follow the Guidline to install driver.
download the appropriate versionunzip the fileread the programming manual And from that I'm distilling to the following: execute the setup.sh answer all of the questio…