Mobile phones and Siri-style assistants a growing threat to online security

Photo: Dr Hannay says opting out of location monitoring on your device may not work. (ABC News; Emily Piesse)
In Hollywood movies, all it takes to track a villain is a laptop and a GPS scanner.

But as mobile phones become more sophisticated, the gap between fantasy and reality is narrowing.

“In terms of where you’ve been and what you’re doing, everyone is being monitored basically all the time,” Edith Cowan University cyber security expert Peter Hannay said.

“To try and improve the locational functionality [of a device], this data’s being collected and analysed all the time by a wide number of actors, whether they’re the companies manufacturing the devices or people trying to sell data or just interested people that are having a look.”

Location services rely on mobile phones constantly sending out signals to check for wi-fi networks, phone towers and other devices.

“They’re constantly sending out these beacons asking for more information,” Dr Hannay said.

“Within a few seconds of somebody being nearby … you can figure out where they work, where they live, how they travel between these locations.

“Essentially, anyone who’s listening with the right equipment and the right skills can learn a lot about you as you stroll past on the street or in your car.”

Siri is always listening

But location monitoring through wi-fi may be less of a threat than the microphone in your pocket.

The rise of online personal assistants, such as Apple’s Siri, along with more sensitive microphones in higher-model phones, has increased the amount of information captured by mobiles.

“[The phone] listens for key words, so it has to be listening all the time for what you’re saying,” said cyber security adviser Robbie Whittome.

“Whether it records [you] or not really comes down to the software.

Photo: Personal assistants such as Siri increase the amount of data captured by mobiles. (ABC News: Malcolm Sutton)

“The improvement of what it can hear and the ranges it can pick up will improve over time, so things which may have been muffled before in a pocket may not be as well anymore.”

Information captured through a recording is stored on the device itself, before being uploaded to the internet.

And it’s not just conversations that mobile phone microphones can pick up.

“If the keypad is making an audible noise, which then the microphone can hear, it can then pick that up and use that as required,” Mr Whittome said.

The pattern made by different keypad sounds could be sufficient to allow a hacker to decode a password, he added.

“Whether that’s being removed before it gets into the cloud comes down to the software that you’re using,” Mr Whittome said.

“Each provider will have a different take on how that is used or what it’s used for.”

Data ‘stitched together’

While the data that is captured may not be useful to hackers by itself, Edith Cowan University Associate Professor Paul Haskell-Dowland said data from different sources — legitimate and illegal — can be powerful when combined.

“There have been some examples where data has been stitched back together again, including geographical locations, but there’s not been a huge number of cases so far,” he said.

Photo: Paul Haskell-Dowland says hackers try to combine legitimate and illegally-obtained mobile phone data. (ABC News: Emily Piesse)

“But as this data becomes more valuable there will be an increased demand for it, there’ll be increased appetite, and that will of course encourage the attackers — the hackers who want to misuse this data or want to sell it on — to find a way to obtain that information.”

eSafety Commissioner Julie Inman Grant says both voice and personal biometric data, sourced from phones and fitness trackers, has the potential to be exploited.

“Once it’s in the Cloud, we lose control of it and we don’t know where it could end up or how it could be used,” she said.

“What I’ve found from working in the tech space for more than 25 years is you can think about the worst case scenario and some nefarious person will come up with a use that you haven’t even contemplated.”

Ways to guard against fraud

Dr Hannay, who works with law enforcement agencies to extract data from electronic devices, says most companies allow individuals to opt out of location monitoring, although that functionality is not required by law.

“Even if you opt out, depending on the implementation of that opt-out technology, you may still be monitored,” Dr Hannay said.

That may be due to “nefarious” activity, he said, or simply because the device or application wasn’t tested properly.

In order to minimise the risk of being monitored, cyber expert Robbie Whittome says people may need to occasionally adjust their phone’s settings.

“It is up to you to really make sure you’re turning those services off when you don’t need them or just being aware of what you are doing,” Mr Whittome said.

“If you’re unsure, you can always muffle, physically muffle the microphone to reduce audibility. You can always turn your services off from the internet, again turning the wi-fi off, turning mobile data off, they’re all click-button activities.”

“You just have to be very cognisant of what you are doing.”

Advertisements

Posted on January 10, 2018, in ConspiracyOz Posts. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: