Âé¶ą´«Ă˝

Your phone is constantly betraying you

Chances are, your smartphone is broadcasting sensitive data to the world, says Glenn Wilkinson, who hacks people’s phones to demonstrate the risk
Your phone is constantly betraying you

“In certain shopping centres in the UK, marketing firms are tracking you in this way” (Image: Anna Cura)

You present a live show that involves hacking cellphones. How does it work?
We look at the repercussions of the fact that your phone constantly looks for every Wi-Fi network you have ever connected to. It’s looking for the Starbucks network, it’s looking for the Los Angeles airport network, it’s looking for “BT Homehub 123”. This information is flying from the phones of our audience members. We can geolocate these networks to discover where people have been and often where they live. There is also a unique serial number called the MAC address given out by your phone in those messages, so we can identify individuals.

Give me an example of what you can do with this intercepted data.
There was a woman in one audience whose smartphone was broadcasting the label “Emma’s iPhone”. We could see where she lived and we could see that she had been to a hotel in Mauritius so as we opened the show I said, “Hey Emma did you enjoy your trip to Mauritius at hotel so-and-so?” We could even tell what side of the hotel she had stayed in – her room had a sea view. These kind of things are surprising to people.

How do you do it?
The hardware is just a Wi-Fi card with particular properties. You can get them off Amazon for about £10. And we use open source software called Wireshark – which chops up data packets that are being broadcast – and software that I wrote called Snoopy, which organises and visualises this data.

Is this dubious, legally speaking?
It’s perfectly legal In the UK and to a large extent in the US as it is unencrypted broadcast traffic. It’s like you are at a bar and someone walks in shouting the names of all their friends and you write it down: it’s permissible to collect that stuff. And businesses are. In certain shopping centres in the UK, marketing firms are tracking you in this way, profiling you and figuring out how many times they have seen you at this store, if you live in a posh or poor area and so on.

Could people be in danger thanks to their data leaking form their phones?
I can think of all kinds of scenarios. If you are a police officer involved in an arrest or protest, say, and an adversary figures out where you live. Or if you are in the military and deployed in a foreign country, there could be an insurgent on a hill with a long-range antenna pointed at your base figuring out where you live when you are not on a tour, putting your family at risk.

How do hacked audience members react when you explain all this?
When we have figured out something personal about somebody they are often taken aback. But we delete all the data after the show, and I guess because we are perceived as the good guys they are not too stressed about it. But the audience does leave with a much greater awareness of the need to better secure themselves.

Profile

Glenn Wilkinson is a hacker and security analyst for . He co-presents a live show in the UK called with Channel 4 News technology journalist

Topics: Hacking