Mobility: freedom or failure

February 2014 Cyber Security

The average smartphone sends out hundreds of thousands of pieces of information every day, giving away its location and unique identity to advertising agencies around the world. The findings come from a special Channel 4 News investigation, which used a black box from IT security company MWR InfoSecurity to track data sent from a mobile phone.

In one day a smartphone can contact dozens of servers across the world.
In one day a smartphone can contact dozens of servers across the world.

Channel 4 News technology producer, Geoff White, came up with the concept of ‘Data Baby’, a project that would look at the personal information of a fictitious young woman who lives in London and uses a variety of social media and IT devices in her personal life.

White said: “On this occasion we wanted to look at how information is sent from mobile phones automatically to a variety of websites. We approached MWR InfoSecurity and asked them to build a data interceptor that would track what the phone was doing and then analyse the results. What came back was amazing.

“In a 24 hour period the phone sent and received 350 000 packets of information and was in contact with 350 servers across the world.”

He added: “Every time we go online, we leave a digital trail in our wake. The websites we visit, products we browse and forms we fill out are all turned into code and stored on computers across the world – it’s almost impossible for the average person to keep a track of their digital footprint. Channel 4 wanted to find out who was using this data, and how. And more importantly, how does it affect our experience online?

For this, Channel 4 News created the Data Baby, a virtual persona for whom they have created an entire online life. Called Rebecca Taylor (two of the most common names in the UK), she has a Facebook page, a Twitter account and an active life on the Web. But because she is, in fact, just a laptop and a mobile phone, it was possible to follow her every move, tracing where her data went and who was using it.

White said: “Smartphones have taken the use (and abuse) of our personal data to a whole new level. Always with us, always connected and usually running dozens of apps, our phones have massively increased the amount of information we send and receive every day. They have also added a whole new layer: location data. By knowing where its owner is, a phone can offer maps and other useful information. Yet it also allows our movements to be tracked by advertisers across the globe.”

In order to gather and analyse the hundreds of thousands of mini-messages sent and received by the Data Baby’s phone every day, Channel 4 News worked with MWR InfoSecurity to build a ‘black box’ which could intercept the data.

White commented: “The black box works only with the Data Baby’s phone, storing the torrent of communications flowing to and from it to servers around the world. Even during a one-hour period when the phone was ‘idle’ it sent more than 30 000 packets to 76 servers worldwide. The phone’s exact location was sent to an advertising agency in the Ukraine, and its unique identifier was sent out half a dozen times to ad networks in the US.

“We take it for granted that when we stop talking, texting or browsing, our phones stop communicating. But our experiment shows that whenever it’s switched on, the phone is sending out hundreds of thousands of messages every day.”

He added: “Some of this traffic is useful; it helps the phone to function. But some of it seems to serve little purpose than putting personal information into the hands of advertisers, unknown – and very probably unwelcome – to the phone’s user. Thanks to MWR InfoSecurity’s work on the Data Baby project we now have a glimpse of just how far our personal information is carried thanks to smartphones.”

Recent revelations about intelligence agencies’ use of surveillance have made the public much more aware of who is handling mobile devices’ data.

Rob Miller, security consultant at MWR InfoSecurity, said: “We are well aware of how mobile devices communicate with other servers but most users are not and they should be very careful about what permissions are given to applications. I am sure that most users would be shocked at the amount of information that is sent and received.”

Alex Fidgen, director at MWR InfoSecurity, added: “It is extremely important that broadcasters like Channel 4 carry out these investigations and make them public. We see and deal with security issues and vulnerabilities on mobile devices on a regular basis and were delighted to work with Channel 4 News on this project.”

For more information contact MWR South Africa, +27 (0)10 100 3159, harry.grobbelaar@mwrinfosecurity.com, www.mwrinfosecurity.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Check Point appoints new regional director for Africa
September 2019 , News, Cyber Security
Check Point Software Technologies has appointed Pankaj Bhula as regional director for Africa.

Read more...
ISO standard for protecting personal data
September 2019 , News, Cyber Security
Tackling privacy information management head on: first ISO standard for protecting personal data has been published.

Read more...
The hunt for the Carbanak group
September 2019 , Editor's Choice, Cyber Security, News
Tomorrow Unlocked has released a free four-part documentary that tells the story of the notorious Carbanak APT group and its $1 billion bank heist.

Read more...
Preventing data breaches in small and medium businesses
September 2019 , Cyber Security
To minimise the likelihood of a data breach, companies should hire dedicated cybersecurity specialists, make sure their data is well encrypted and segmented, and only provide limited access to it.

Read more...
Building automation vulnerable to hacks
September 2019 , News, Cyber Security
New vulnerability revealed in Internet-connected building automation devices at the DEF CON IoT Village that could impact critical building systems.

Read more...
Threats spread to IM, collaboration tools
September 2019 , Cyber Security, Residential Estate (Industry)
The average office worker now spends up to 80% of their time using collaboration tools, but many lack adequate security.

Read more...
Becoming more cyber-savvy within the OT environment
September 2019 , Cyber Security, Industrial (Industry)
Organisations running operational technology (OT) have increasingly come under cyberattack, with malware sending shockwaves through these sectors.

Read more...
Cybersecurity requires a new approach
September 2019 , Cyber Security
From digital transformation through to the arrival of the Fourth Industrial Revolution (4IR), decision-makers are changing their views on how technology can benefit the organisation.

Read more...
Inundated with cyberattacks from all directions
August 2019 , Editor's Choice, Cyber Security, Security Services & Risk Management
IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up-to-date technology.

Read more...
Under cyberattack
August 2019, Kaspersky Lab , Cyber Security, Residential Estate (Industry)
Cybersecurity is not something one usually associates with residential estates, but the threats from cybercriminals apply equally to estates as they do to businesses and the individual homeowner.

Read more...