Tablet a security risk

[lenny2]

A tablet i obtained at Staples reveals letters/numbers/symbols of passwords i typed for a split second before hiding them. This is a security risk & the employees there didn't know what to do about it.

Evidently they had never encountered this before. In the end they suggested to contact Norton & or Amazon, the two sites where this happened & the only two where i typed in a password.

The box the tablet came in says "fire HD 10":

 

[explorerzip]

I believe that all smartphones and tablets do this. They do this so you can see what you are typing because you don't have a physical keyboard. I don't know if there is a way to turn off that behaviour. It is a bit of a security issue if another person happens to be looking at your screen and can remember the password while you are typing it. The fix for that is very simple. Be aware of your surroundings and not allow people to look at your screen.

It's just like using an ATM. Better yet wait until you're not in public (and not on public WIFI) if you need to do secure tasks like online banking, shopping, etc. where you need to type in a password.

 

[Indiana]

 

[lenny2]

I believe that all smartphones and tablets do this.

Really? Even the dumbphones? If that were so, how is it that the tablet area staff at Staples seemed like they had never encountered this issue before.

In 20 some years of using PC's i've never had this issue.

Searching this problem yesterday i found a very easy - fix - for this issue for a certain type of tablet via the Security section of the tablet. However, upon trying the same with my tablet, it did not work. If i can find again the fix page i will post it.

They do this so you can see what you are typing because you don't have a physical keyboard.

That's completely unnecessary. Are people retards they can't use the onscreen keyboard to correctly type in their passwords? Whenever i type it incorrectly it always gets corrected upon a subsequent & more careful attempt.

I don't know if there is a way to turn off that behaviour.

There should be, either via the tablet itself, or at sites where the password is being typed in (giving an option for not displaying, even momentarily, the symbols of one's password.

It is a bit of a security issue if another person happens to be looking at your screen and can remember the password while you are typing it. The fix for that is very simple. Be aware of your surroundings and not allow people to look at your screen.

Not only a risk for someone standing or sitting near enough to you to physically observe, via binoculars or whatever, but also anyone seeing your screen virtually, as in a hacker, who could be videotaping or otherwise obtaining the symbols you are entering.

It's just like using an ATM. Better yet wait until you're not in public (and not on public WIFI) if you need to do secure tasks like online banking, shopping, etc. where you need to type in a password.

Using an ATM i can put something over my hand to block the vision of others from seeing my password. With the tablet i'd need to be concerned not only about others seeing what i'm typing but also the area where the password is being typed in. And, as mentioned above, hackers seeing the password that my tablet is exposing.

 

[lenny2]

One solution would be to use the tablet to login on some site, exposing your password. Then using your PC that doesn't expose your password, change the password to that site ASAP thereafter. Not a perfect solution, but reducing the risk of a security breach & any negative consequences as a result.

 

[luvyeah]

https://forums.tomsguide.com/faq/ho...displayed-when-i-type-them-in-android.332078/

 

[explorerzip]

Really? Even the dumbphones? If that were so, how is it that the tablet area staff at Staples seemed like they had never encountered this issue before.

In 20 some years of using PC's i've never had this issue.

Searching this problem yesterday i found a very easy - fix - for this issue for a certain type of tablet via the Security section of the tablet. However, upon trying the same with my tablet, it did not work. If i can find again the fix page i will post it.

That's completely unnecessary. Are people retards they can't use the onscreen keyboard to correctly type in their passwords? Whenever i type it incorrectly it always gets corrected upon a subsequent & more careful attempt.

There should be, either via the tablet itself, or at sites where the password is being typed in (giving an option for not displaying, even momentarily, the symbols of one's password.

Not only a risk for someone standing or sitting near enough to you to physically observe, via binoculars or whatever, but also anyone seeing your screen virtually, as in a hacker, who could be videotaping or otherwise obtaining the symbols you are entering.

Using an ATM i can put something over my hand to block the vision of others from seeing my password. With the tablet i'd need to be concerned not only about others seeing what i'm typing but also the area where the password is being typed in. And, as mentioned above, hackers seeing the password that my tablet is exposing.

Dumb phones don't typically have touch screens or full keyboards. They usually have letters on the number keys aka T9 keyboards. Some dumb phones might have a web-browser, but typing anything especially a password is a hassle.

Since you've been using PC's for 20 years you should know that they are not the same as phones or tablets. Phones and tablets typically don't have full hardware keyboards and the software on them is different. Most phones and tablets you'll come across are running Android or iOS that have a different design philosophy than Windows or Blackberry. Clearly, the designers thought that enough people wanted to be able to see their password even for a split second or they would not have put that feature in.

How is it possible that your password gets corrected when you try to enter it more carefully? That doesn't make any sense. A device that corrects your password no matter what you type is a bigger security threat than seeing each character for a split second.

If someone can clearly see your screen and password then you would be in very close quarters like a jammed train or holding your device at arm's length. Again, the easy fix to that is not to open sensitive web-sites or apps in public areas.

If someone is using binoculars, camera with zoom lens, sniper scope, etc to look at your screen or has managed to hack your device then you have much bigger problems. If you're really that security conscious then don't buy a $100 tablet from Staples. Or wait until you're in a more private place to do those sensitive tasks. That doesn't take any technical knowledge like logging into your tablet and then logging into your computer to immediately change the password.

 

[lenny2]

Clearly, the designers thought that enough people wanted to be able to see their password even for a split second or they would not have put that feature in.

Apparently the android devices allow for that security risk to be easily "corrected". The many google search items telling people how to do so suggests that's what many in fact do. Unfortunately i haven't yet found a fix, easy or otherwise, for this piece of crap Amazon item i bought as per the OP.

How is it possible that your password gets corrected when you try to enter it more carefully? That doesn't make any sense.

If the first time i type in the password hastily & incorrectly, the second time i am more careful & correct the error i just made. Therefore correcting the incorrect typing of my password that just occurred.

If someone can clearly see your screen and password then you would be in very close quarters like a jammed train or holding your device at arm's length. Again, the easy fix to that is not to open sensitive web-sites or apps in public areas.

If someone is using binoculars, camera with zoom lens, sniper scope, etc to look at your screen or has managed to hack your device then you have much bigger problems. If you're really that security conscious then don't buy a $100 tablet from Staples. Or wait until you're in a more private place to do those sensitive tasks. That doesn't take any technical knowledge like logging into your tablet and then logging into your computer to immediately change the password.

If i had known this piece of crap Amazon product exposed my passwords, i might have bought something else that doesn't do that. But hopefully someone with some wisdom re this device will come along & tell me how that piece of crap can be used so it doesn't pose various security threats in different situations, even when i'm home alone.

 

[explorerzip]

Apparently the android devices allow for that security risk to be easily "corrected". The many google search items telling people how to do so suggests that's what many in fact do. Unfortunately i haven't yet found a fix, easy or otherwise, for this piece of crap Amazon item i bought as per the OP.

If the first time i type in the password hastily & incorrectly, the second time i am more careful & correct the error i just made. Therefore correcting the incorrect typing of my password that just occurred.

If i had known this piece of crap Amazon product exposed my passwords, i might have bought something else that doesn't do that. But hopefully someone with some wisdom re this device will come along & tell me how that piece of crap can be used so it doesn't pose various security threats in different situations, even when i'm home alone.

I think Amazon devices are running a stripped down / locked down version of Android and do not let you access any Google services like Gmail, Maps, and the Play store for apps or movies. Amazon wants you to use their services like Prime Video, etc. You can "side-load" the Google apps, but that takes a bit of tech knowledge. Security and other settings that are on a regular Android device might not be available on your Amazon tablet.

For some reason I thought that you said that your tablet auto corrects passwords for you, which again does not make any sense.

Obviously, it's too late for you to return your tablet. The thing with Staples or just about any retailer is that the staff are seldom tech savvy or even care about these things. Maybe Apple store employees are better, but I've never bought anything from there so who knows.

Personally, I never understood the purpose of a tablet. The only benefit is a larger screen than a phone, but it still has the same limitations. Depending on the software you use, you might not be able to do any real work on it and you're limited to the apps that you can install on it without pirating / jailbreaking of course.

 

[HungSowel]

You probably have a very easy to type password that you use across multiple devices across multiple sites which is why you do not need cues from the screen to let you know what you are typing.

 

[lenny2]

Personally, I never understood the purpose of a tablet. The only benefit is a larger screen than a phone, but it still has the same limitations. Depending on the software you use, you might not be able to do any real work on it and you're limited to the apps that you can install on it without pirating / jailbreaking of course.

I've never had a use for one before. However on one trip overseas i got questioned about having 2 PC's going through security either into or out of Bangkok. I figure on any future trips having instead 1 PC + 1 tablet would draw less attention. I could justify it to security by saying i use the lighter device (the tablet) for when i'll be out and about, e.g. at a restaurant or mall. The lighter weight will also be easier on my back & better as regards carry on (the plane) weight limits. Though i'm still feeling unsafe as regards logging into any account that i care a lot about it being compromised, unlike say some online forum site. Using it for surfing the WWW & viewing online porn, etc, will be fine i expect, though i haven't yet given that much of a test drive. If not i'll be back here to whine some more ;

 

[lenny2]

You probably have a very easy to type password that you use across multiple devices across multiple sites which is why you do not need cues from the screen to let you know what you are typing.

If you have difficult passwords (either written down or memorized), why would you need "cues from the screen" to help you type them in?

If you're implying i use the same password for multiple sites, i don't. And AFAIK they are considered quite strong.

 

[HungSowel]

To me this is an example of a strong password <s&J!!4l;l^M, those are the types of passwords I use and ontop of that I use 2-factor authentication. I also do not use the same password twice.

 

[TeeJay]

Unless you are running a secure OS the point is pointless

Both Windows and Android leak your password even if you "hide" the characters

 

[lenny2]

Unless you are running a secure OS the point is pointless

Is there such a thing as 100% "secure OS"?

Both Windows and Android leak your password even if you "hide" the characters

They don't leak passwords to people standing behind you & the like. Or anyone on your network who merely sees your screen.

 

[explorerzip]

Is there such a thing as 100% "secure OS"?

They don't leak passwords to people standing behind you & the like. Or anyone on your network who merely sees your screen.

There is no 100% secure anything. You can make it more difficult for someone to compromise your device security with anti-virus, firewall, stronger password for your computer and wifi network, etc. Or you can build a mission impossible style room with one secure entrance that acts as a faraday cage. The room wouldn't allow any signal to pass into it. You can also disable any network cards, etc. on the computer. Even then, someone can theoretically get in from the air vent in the roof and you have to protect the one door in.

Computers can "leak" passwords if someone manages to covertly install software called a key-logger, which does what it says it does. An attacker doesn't need physical access or see the screen.

 

[kevinz98]

This is probably the smallest and most preventable security risk ever, just make sure nobody is behind you or cover your screen

 

[lenny2]

I read that i could have returned the tablet to Staples within 14 days, but decided to hang onto it.

 

[lenny2]

I much prefer an Acer Chromebook from BestBuy at not much more than the OP tablet price.

 

[TeeJay]

Computers can "leak" passwords if someone manages to covertly install software called a key-logger, which does what it says it does. An attacker doesn't need physical access or see the screen.

A hardware keylogger is far more effective if you really want to "get" someone

Is there such a thing as 100% "secure OS"?

Sure there are secure OS out there