Mobility: freedom or failure

February 2014 Cyber Security

The average smartphone sends out hundreds of thousands of pieces of information every day, giving away its location and unique identity to advertising agencies around the world. The findings come from a special Channel 4 News investigation, which used a black box from IT security company MWR InfoSecurity to track data sent from a mobile phone.

In one day a smartphone can contact dozens of servers across the world.
In one day a smartphone can contact dozens of servers across the world.

Channel 4 News technology producer, Geoff White, came up with the concept of ‘Data Baby’, a project that would look at the personal information of a fictitious young woman who lives in London and uses a variety of social media and IT devices in her personal life.

White said: “On this occasion we wanted to look at how information is sent from mobile phones automatically to a variety of websites. We approached MWR InfoSecurity and asked them to build a data interceptor that would track what the phone was doing and then analyse the results. What came back was amazing.

“In a 24 hour period the phone sent and received 350 000 packets of information and was in contact with 350 servers across the world.”

He added: “Every time we go online, we leave a digital trail in our wake. The websites we visit, products we browse and forms we fill out are all turned into code and stored on computers across the world – it’s almost impossible for the average person to keep a track of their digital footprint. Channel 4 wanted to find out who was using this data, and how. And more importantly, how does it affect our experience online?

For this, Channel 4 News created the Data Baby, a virtual persona for whom they have created an entire online life. Called Rebecca Taylor (two of the most common names in the UK), she has a Facebook page, a Twitter account and an active life on the Web. But because she is, in fact, just a laptop and a mobile phone, it was possible to follow her every move, tracing where her data went and who was using it.

White said: “Smartphones have taken the use (and abuse) of our personal data to a whole new level. Always with us, always connected and usually running dozens of apps, our phones have massively increased the amount of information we send and receive every day. They have also added a whole new layer: location data. By knowing where its owner is, a phone can offer maps and other useful information. Yet it also allows our movements to be tracked by advertisers across the globe.”

In order to gather and analyse the hundreds of thousands of mini-messages sent and received by the Data Baby’s phone every day, Channel 4 News worked with MWR InfoSecurity to build a ‘black box’ which could intercept the data.

White commented: “The black box works only with the Data Baby’s phone, storing the torrent of communications flowing to and from it to servers around the world. Even during a one-hour period when the phone was ‘idle’ it sent more than 30 000 packets to 76 servers worldwide. The phone’s exact location was sent to an advertising agency in the Ukraine, and its unique identifier was sent out half a dozen times to ad networks in the US.

“We take it for granted that when we stop talking, texting or browsing, our phones stop communicating. But our experiment shows that whenever it’s switched on, the phone is sending out hundreds of thousands of messages every day.”

He added: “Some of this traffic is useful; it helps the phone to function. But some of it seems to serve little purpose than putting personal information into the hands of advertisers, unknown – and very probably unwelcome – to the phone’s user. Thanks to MWR InfoSecurity’s work on the Data Baby project we now have a glimpse of just how far our personal information is carried thanks to smartphones.”

Recent revelations about intelligence agencies’ use of surveillance have made the public much more aware of who is handling mobile devices’ data.

Rob Miller, security consultant at MWR InfoSecurity, said: “We are well aware of how mobile devices communicate with other servers but most users are not and they should be very careful about what permissions are given to applications. I am sure that most users would be shocked at the amount of information that is sent and received.”

Alex Fidgen, director at MWR InfoSecurity, added: “It is extremely important that broadcasters like Channel 4 carry out these investigations and make them public. We see and deal with security issues and vulnerabilities on mobile devices on a regular basis and were delighted to work with Channel 4 News on this project.”

For more information contact MWR South Africa, +27 (0)10 100 3159, harry.grobbelaar@mwrinfosecurity.com, www.mwrinfosecurity.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Work from home securely
Issue 5 2020 , Cyber Security
First Consulting provides enterprise-level IT security to working-from-home employees at more than 40 South African organisations.

Read more...
Agility, meticulous alignment and testing
Issue 5 2020 , Cyber Security
Data loss can put the nails in the coffin for unprepared businesses. Investing in cyber resilience is key to succeed in the age of digital transformation.

Read more...
Cybersecurity comment: Cyber threats remain relentless
Issue 5 2020, CA Southern Africa , Cyber Security
Over 80% of email-based threats in Q1 2020 leverage COVID-19 in some form to feign legitimacy to the end user.

Read more...
11 essential steps to reinforce cybersecurity
Issue 5 2020 , Cyber Security
Wayne Olsen has compiled a guideline to ensure that businesses and their employees are protected while working remotely.

Read more...
Cybersecurity comment: Securing the real endpoint
Issue 5 2020 , Cyber Security
The corporate perimeter is fast becoming irrelevant, as the so-called security boundary extends to wherever an Internet connection exists.

Read more...
Don’t squeeze your cyber assets
Issue 5 2020 , Cyber Security
Inadequate investment in cybersecurity is directly related to the spate of cyberattacks we’re seeing in South Africa now.

Read more...
Cybersecurity comment: Create layers of security
Issue 5 2020 , Cyber Security
Any organisation, whether large or small, public or private, should follow an established framework in order to protect itself against cyber threats.

Read more...
Next-generation security operations centre
Issue 4 2020, AVeS Cyber Security , Cyber Security
Pay-as-you-use cybersecurity from AveS allows all businesses access to world-class expertise.

Read more...
Strengthen your passwords for world password day
Issue 4 2020 , Cyber Security
May 7 is World Password Day and KnowBe4 is providing tip sheets, videos and tools to help people strengthen their passwords.

Read more...
Tips on secure remote working
Issue 3 2020 , IT infrastructure, Cyber Security
NordVPN advises how to stay secure while working from home during the coronavirus outbreak.

Read more...