User Tools

Site Tools


securing_your_phone

This is an old revision of the document!


Your phone when out and about

IMSI grabbers / “fake base stations”

Exploit weaknesses in the way cellular networks are designed, to create fake base stations, to which your phone connects. According to the National CyberSecurity Centre, this could lead to “access to all call content and metadata for all users on that base station”.

Not easy to mitigate the risk.

Collect some information from your device over Wi-Fi

Analytics: Bluetooth and Wi-Fi

Because of the way in which a phone with Wi-Fi enable talks to wireless access points, generally pretty easy to extract information from devices passing by. Cheap and easy to do, and result in small pieces of hardware which can be battery powered and kept in a pocket, picking up details of phones in the area.

You could either stop the phone from automatically connecting to any Wi-Fi access points (even those which you “trust”), or else switching off Wi-Fi. Not great if you are trying to user Personal Hotspot or some other Wi-Fi tethering feature, so perhaps best just to use a cable.

Even getting cellular information over Wi-Fi May be able to get information about your cellular subscription too: some Wi-Fi operators offer access to users of particular mobile networks, and use a protocol called EAP-SIM to authenticate the device.

Again, switching Wi-Fi off when you are not using should mitigate this, and probably prolong your device’s battery life too. https://www.theregister.co.uk/2016/11/03/wifi_imsi_catcher/

Turn your phone off when you are not using it?

Might not be conductive to the “always connected” way of working, but you could consider keeping your phone switched off, and turning it on when you need it.

A Faraday cage pouch

For the extra paranoid?

Don’t keep your phone switched on when in it — likely to drain the battery pretty quickly.

securing_your_phone.1564933492.txt.gz · Last modified: 2021/07/06 09:26 (external edit)