Following recent research and investigation by some well-regarded National newspapers, a potential weakness has been identified when using SmartPhones to access Wi-Fi hotspots in public places.
On the basis of this, it has been established that almost all Android-based phones are vulnerable to personal data theft, as are BT customers who use the ‘Openzone’ Wi-Fi network.
When a phone is hacked, personal details in the phone including messages, passwords and credit card details can be accessed and potentially misused by the recipient i.e. fraudulent use or identity theft.
Using a low cost mobile router and so called ‘sniffing’ software, which can be downloaded free from the Internet; it is easily possible to set up a bogus Wi-Fi portal which the latest range of SmartPhones would connect to automatically.
When a connection has been made, any data passing through the portal can then be collected. Some handsets can even be accessed when they are not connected to the internet, they only need to be switched on and not have a password in use.
To prove how easy it is to obtain credit card details without hacking, an experiment was recently set up by a prominent daily newspaper. A fake Wi-Fi hotspot was set up and phone users were invited to obtain access to it by paying with their credit card.
A number of people entered their details, despite one of the terms and conditions clearly stating “You agree we can do anything we like with your credit card details and personal logins”. Naturally no harm was done as it was an experiment, but it does accentuate the need to be security conscious.
A relatively new technology is NFC (Near Field Communication) which enables payment with a credit card by simply scanning the card across a reader rather than having to place it in a machine and enter a PIN number.
There is currently only one such contactless credit card available in the UK, the Oyster Card from Barclaycard, but the high street banks are sure to follow suit in the near future. Advice on obtaining a credit card with Moneysupermarket will help to find the most suitable credit card for your individual circumstances.
Many UK SmartPhones are already NFC enabled, as using a phone to make payments is already in place in the USA and Europe, however, there are pitfalls with them.
Apart from the obvious problems which could arise should the phone be lost or stolen, hacking, eavesdropping and data modifications are the main concerns.
To ensure security, it will be essential to protect phones, reading devices and data with passwords, locks, anti-virus software and encryption.
As quickly as technology advances, so do the ways in which it can be misused. Research is under way to improve Wi-Fi hotspot security, much of it is being carried out by the WBA (Wireless Broadband Alliance), an industry group whose aim it is to make Wi-Fi “reliable and trustworthy”.
In conjunction with hotspot providers, they are trialling a new security system called 802.1 xs, which will force individual identification before a connection can be made.
Until this or another system is perfected, it is going to be up to individual SmartPhone users to be vigilant and protect their devices as much as possible, by keeping anti-malware software up to date and using keypad locks and passwords at all times.
This article was written by Sam. Sam is a writer based in the UK and specialises in finance.