Mobile phones users have "insufficient protections" from stalkers, experts from the University of Oxford have warned.
Research assistant Piers O'Hanlon told attendees of the BSides London security conference that there were a range of ways stalkers can track devices.
"The current security deployments make it too easy to perform these attacks," he explained.
He told Sky News: "There are problems I discovered in the way that mobile phones communicate over WiFi that means that the phones can potentially be tracked by unknown parties, and be tracked by their unique mobile identifier."
Currently, smartphones hand out their identities freely to any phone network base station that requests it.
Mr O'Hanlon said that without spending much, someone can "set up one of these fake access points, and then get your phone to connect to it".
Most of the attacks that he described to the conference did this using WiFi to "catch" the International Mobile Subscriber Identity (IMSI), a 15-digit number which uniquely identifies phones and their subscriptions to the network.
These potential stalkers "might be criminal outfits, potentially, trying to track the movements of people of interest.
"It could potentially be used by terrorists," Mr O'Hanlon said.
There is a limit to how much most people want to know about mobile security, he said.
"Generally they need to run their updates, especially if they're running banking apps or if they have personal information on their phone
"But there's not really much else that an end-user can do."
The security issues he highlighted have to be tackled by mobile firms, he added.
"I contacted Apple, Google, Microsoft and BlackBerry, and it's kind of in that order that they actually responded and were proactive in trying to address it," Mr O'Hanlon said.
"Apple specifically developed a feature into iOS 10 to improve the situation.
"Google initially were not so worried but then when I told them that Apple were concerned they eventually said 'Okay, let's have another look'."
Sky News has contacted the companies mentioned for comment.
No comments:
Post a Comment