This post was originally published on November 25, 2014.
Now that smartphones are everywhere, it’s easy to forget just how remarkable they really are. When you take a moment to think about everything a smartphone can do – from organizing your address book to taking care of your banking – it’s almost beyond belief.
But all of the functionality available in our small, pocket-sized devices depends on data. Unfortunately, these wireless, constantly-connected devices are also where the safety of your data is at most risk.
Just ask the NSA.
Dirtboxes do a dirty job
According to The Wall Street Journal, the NSA has been running a secret project with the Justice Department, using Cessna airplanes to intercept data transmitted from cell phones and wireless devices.
The planes, affectionately referred to as ‘dirtboxes’, are equipped with devices designed to imitate cell phone towers. These fake towers receive all incoming data within a given range – and this is exactly why they create a complex privacy issue.
Most of us are happy with the idea that criminals and terrorists should forego the right to privacy. Intercepting their calls allows crucial evidence to be collected and analyzed, preventing crime and supporting legal proceedings.
But when a ‘dirtbox’ flies through the sky, it does not collect targeted sets of data – it grabs as much as it can. According to insiders, the unwanted data is then discarded.
This blanket approach to intelligence gathering is flat-out illegal. Of course, the Justice Department deny it exists.
Meanwhile, an anonymous source reported by USA Today claims that the program is large enough to cover the entire population of the United States.
Interception made easy
It would be natural to assume that cell phones are by nature insecure, since data is transmitted openly through the air. But while cell phones transmit data wirelessly, intercepting that wireless signal is difficult.
By design, Bluetooth is an easily discoverable type of radio signal, and relatively simple to intercept. However, most devices limit the data access available over Bluetooth connections, making this a negligible risk for most of us.
Conversely, it’s much more complex to intercept a 4G, 3G, or GPRS signal. The most effective technique is precisely the one allegedly used by intelligence agencies – pretend to be a cell phone tower. In fact, when you imitate a cell phone tower, even data encryption won’t help.
This requires an investment of time and money into research and development. It means building a physical device smart enough to trick cell phones into making open connections.
But once an imitation tower is up and running, scooping up call data is effortless. The terrifying truth is that criminals have enough to gain from intercepting your data that developing a false tower is worth the investment.
Defend your cell phone data
While connecting to a fake cell phone tower is a serious risk to your data, it’s not a risk that most of us will face day-to-day. But that doesn’t mean your data is safely stored on your device.
The biggest threat of all is the data we send through the internet. After all, when you go online to use an application or visit a website, you pass information through a chain of different servers – not all of them secured and verified. You leave a trail everywhere you go, and any data that you share is potentially exposed.
Finally, remember that the vast majority of cell phone data breach doesn’t come from transmission at all. It’s when the entire handset is handed to a criminal.
To protect against physical theft, be sure to take advantage of any on-board security measures including passwords, encryption, and remote wipe features. If you are selling your device, restore it to factory default to remove your data entirely.
And whatever you’re doing with your device – whether you’re sending emails, making calls, or browsing the web – always be aware of the wireless connections you’re opening and the data you could be sending.