Mobile Devices - WiFi
Demonstration of Mobile Phone Operational (In)Security.pptx (Microsoft PowerPoint)
Some of the Privacy & Security risks with WiFi on Mobile Devices:
- Domestic or Foreign intelligence agencies usually do not spy on you directly, they use & abuse the massive Commercial / Private Sector / Domestic WiFi infrastructure
- Provided you do not exceed the radio transmission power levels, there is no regulation of WiFi
- i.e. snoopers have equal rights to use the same WiFi signals & protocols that you do
- Some devices, sort of, periodically randomise MAC addresses e.g. Apple IoS, but not if they are probing for an Out of Range SSID access point connection i.e. your Home or Work Access Point
- Connecting to multiple Access Points or to those with characteristic Serial Numbers or unique SSID names makes your device easy to track even in massive surveillance datasets
What you can do to reduce the risk of being traced by WiFi when on the move, especially to meet with contacts:
- Disable WiFi (& BlueTooth) on your mobile device before you leave home or work (also saves battery)
- Do not enable Connect Automatically
- Check you have not enabled advanced persistent WiFi settings
- WiFi on whilst in sleep mode
- Automatically connect to Open Networks
- Use common SSID at home or work without router serial number i.e. change VM123456 to Virgin Media
- Change your WiFi Router default admin password
- It is easy for attackers to change the SSID of their own "Evil Twin" WiFi access points to something plausible e.g. McDonalds Free WiFi to try a Man-In-The-Middle attack on you.
- Only use encrypted https:// web connections if you are logging in to email or banking or e-commerce sites
- Use a commercial or private Virtual Private Network VPN if using public "Free" WiFi