Mobility: freedom or failure

February 2014 Information Security

The average smartphone sends out hundreds of thousands of pieces of information every day, giving away its location and unique identity to advertising agencies around the world. The findings come from a special Channel 4 News investigation, which used a black box from IT security company MWR InfoSecurity to track data sent from a mobile phone.

In one day a smartphone can contact dozens of servers across the world.
In one day a smartphone can contact dozens of servers across the world.

Channel 4 News technology producer, Geoff White, came up with the concept of ‘Data Baby’, a project that would look at the personal information of a fictitious young woman who lives in London and uses a variety of social media and IT devices in her personal life.

White said: “On this occasion we wanted to look at how information is sent from mobile phones automatically to a variety of websites. We approached MWR InfoSecurity and asked them to build a data interceptor that would track what the phone was doing and then analyse the results. What came back was amazing.

“In a 24 hour period the phone sent and received 350 000 packets of information and was in contact with 350 servers across the world.”

He added: “Every time we go online, we leave a digital trail in our wake. The websites we visit, products we browse and forms we fill out are all turned into code and stored on computers across the world – it’s almost impossible for the average person to keep a track of their digital footprint. Channel 4 wanted to find out who was using this data, and how. And more importantly, how does it affect our experience online?

For this, Channel 4 News created the Data Baby, a virtual persona for whom they have created an entire online life. Called Rebecca Taylor (two of the most common names in the UK), she has a Facebook page, a Twitter account and an active life on the Web. But because she is, in fact, just a laptop and a mobile phone, it was possible to follow her every move, tracing where her data went and who was using it.

White said: “Smartphones have taken the use (and abuse) of our personal data to a whole new level. Always with us, always connected and usually running dozens of apps, our phones have massively increased the amount of information we send and receive every day. They have also added a whole new layer: location data. By knowing where its owner is, a phone can offer maps and other useful information. Yet it also allows our movements to be tracked by advertisers across the globe.”

In order to gather and analyse the hundreds of thousands of mini-messages sent and received by the Data Baby’s phone every day, Channel 4 News worked with MWR InfoSecurity to build a ‘black box’ which could intercept the data.

White commented: “The black box works only with the Data Baby’s phone, storing the torrent of communications flowing to and from it to servers around the world. Even during a one-hour period when the phone was ‘idle’ it sent more than 30 000 packets to 76 servers worldwide. The phone’s exact location was sent to an advertising agency in the Ukraine, and its unique identifier was sent out half a dozen times to ad networks in the US.

“We take it for granted that when we stop talking, texting or browsing, our phones stop communicating. But our experiment shows that whenever it’s switched on, the phone is sending out hundreds of thousands of messages every day.”

He added: “Some of this traffic is useful; it helps the phone to function. But some of it seems to serve little purpose than putting personal information into the hands of advertisers, unknown – and very probably unwelcome – to the phone’s user. Thanks to MWR InfoSecurity’s work on the Data Baby project we now have a glimpse of just how far our personal information is carried thanks to smartphones.”

Recent revelations about intelligence agencies’ use of surveillance have made the public much more aware of who is handling mobile devices’ data.

Rob Miller, security consultant at MWR InfoSecurity, said: “We are well aware of how mobile devices communicate with other servers but most users are not and they should be very careful about what permissions are given to applications. I am sure that most users would be shocked at the amount of information that is sent and received.”

Alex Fidgen, director at MWR InfoSecurity, added: “It is extremely important that broadcasters like Channel 4 carry out these investigations and make them public. We see and deal with security issues and vulnerabilities on mobile devices on a regular basis and were delighted to work with Channel 4 News on this project.”

For more information contact MWR South Africa, +27 (0)10 100 3159, [email protected], www.mwrinfosecurity.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.