Many customers have reacted angrily in recent months to security breaches from Target and other retailers which have suffered hacking attacks that revealed details on millions of people.
Yet many do not realize how much information their phones share about them every minute, not just to cell providers, but to whomever goes through the trouble of picking up the signals that smart phones emit.
The new chief technology of the Federal Trade Commission, Latanya Sweeney, recently detailed this issue in the first article in an series of detailed posts on tech issues that discusses at how smart phones interface with Wi-Fi by constantly sending out probes looking for networks.
“Anyone can setup wireless sensors to record the appearance of your phone’s probes to track where you are and where you have been – say, where you are when you’re ambling through store or mall, or when you’re walking or driving down a street,” she writes.
The paper discussed how every smart phone contains a unique identifier known as a MAC address that in effect shouts out “I am here” to anyone who has set up the right Wi-Fi receiver technology: “Your phone’s MAC address remains the same regardless of the network and transmits even without actually connecting to the Internet.”
Sweeney goes on to discuss how such technology could help loyalty programs and eliminate the need to carry a wallet full of loyalty cards and numbers from Starbucks, hotels, airlines and others. It can also help stores better lay out their displays based on patterns of customer movement they follow.
At the same time, such abilities will make some customers uncomfortable. To avoid such tracking in stores today, you need to turn off the phone or shut off its Wi-Fi capabilities. The article goes on to discuss four possible technological options that could make it less onerous for users to decide for themselves what they want others to see. Some of these possible solutions will be discussed at an FTC conference on mobile tracking on Wednesday which will also be webcast live.
Another vulnerability of smart phones comes from their cellular signals. A few years ago Chris Paget (now Kristin Paget) gave an interesting demonstration at an RSA Security Conference of how an ordinary person could intercept cellphone calls and data by, in effect, creating a desktop GSM cell phone tower. In this video Paget shows off an IMSI (International Mobile Subscriber Identity) catcher built for less than $1,500:
The technology demonstrated there is also commercially available from companies such as Shoghim in India, which says its devise is “designed for government agencies and law enforcement organizations.” Septier, an Israeli-based company, says their “Septier IMSI Catcher is the perfect solution for both extracting identities from MS (GSM Mobile Stations) in its area of coverage (when these identities are previously unknown) and detecting the presence of known cell phones in the area.” CEO Yaron Baratz said he preferred that the device not be mentioned in this article as it represents a “negligible part of our business.”
Meganet Corporation in Las Vegas advertises that their device allows “you to intercept, block, follow, track, record and listen to communications using unique triangulation and other advanced technology.” It goes on to add: “This product is available only for use by the Government of the United States or any agency thereof.”
Here is a video for their Dominator 1, which says among other things that “it is totally undetectable by the user and the operator”:
All of these technologies show that users concerned about others snooping on cell phone use need to take pro-active steps to boost communications security. One interesting product in response to such vulnerabilities is the Blackphone, which advertises itself as “the world’s first smartphone to put privacy and control ahead of everything else.” Its makers plan to unveil it at the Mobile World Congress in Barcelona on Feb 24.