Listen to this article
I recently noticed a bunch of The Lord of the Rings buffs. They were not dressed in wizard cloaks or sporting fan T-shirts. There was nothing obvious, outwardly, to identify them, but I knew I was in the company of Middle Earth aficionados because of the names that popped up on my laptop’s list of nearby mobile WiFi “hotspot” connections, which you can switch on and off in your smartphone settings. Gandalf, Frodo, Legolas, Boromir . . . and someone in that airport lounge even had a phone whose WiFi was renamed as “Treebeard”.
It is one of the geekier forms of modern communication — playing with the name of your wireless internet connection. Most people call their phone WiFi hotspot something mundane like “my iPhone”. A few use it to make a statement.
The BBC identified this as a trend among home WiFi users. People were changing the names of their home internet routers to send passive-aggressive messages to their neighbours: “Go away and don’t steal my broadband” or “Stop slamming the door!”. It is the electronic equivalent of leaving an anonymous sticky note.
Pranksters can use it to give their hotspots names like “FBI Surveillance Van” or “NSA Mobile Wiretap Unit 034” to make people nearby jump. A Qantas flight was grounded earlier this year when a passenger noticed that one of the WiFi networks available on the aircraft was named “Mobile detonation device”. Frightened, she showed the message to the crew. Around 40 passengers were so unsettled that they had to be let off the flight with their luggage, leading to a two-hour delay.
It was a poor joke to make at an airport. But there is a serious side to this. The people who play with WiFi names are at least aware their phones are broadcasting information in a multitude of ways. Most people are not. Most mornings on the train, my tablet picks up WiFi networks displaying several people’s full names. I could virtually take a roll-call in the carriage based on these. Are they aware they are wearing invisible, electronic name tags? Probably not. I am thinking about you, Sam Piggott in carriage four.
And this is just the tip of the iceberg as far as the information your mobile phone gives out. Phones are packed with accelerometers, gyroscopes and sensors to detect speech, light levels and whether the phone is on your desk or in your pocket. People will routinely give apps permission to gather data from these without too many checks on how the data might be used, stored or protected. Even if you are vigilant and switch off all tracking permissions, there are many different ways a phone can be traced.
Karsten Nohl, a German security researcher, recently demonstrated on CBS’s 60 Minutes TV show that he could hack a helpful US congressman’s phone, track his movements, listen to calls and read his texts, simply by knowing his mobile phone number.
Researchers at Stanford University and an Israeli defence research company last year showed that it is possible to map a mobile phone user’s movements simply by tracking the handset’s power consumption. The technique uses the fact that a cell phone uses more or less power for transmissions depending on how far it is from a base station and whether there are obstacles such as mountains or buildings in the way.
The UK government’s Communications-Electronics Security Group gives sobering advice to British officials about phones:
• “Even when turned off, mobile devices are never truly off. It is possible for attackers to remotely turn on the microphone and record conversations. Consider not taking your device into buildings or rooms where sensitive discussions are being held.”
• “In high threat countries, we recommend ‘single use’ mobiles for personal use to contact family whilst you’re overseas. These should not be used to contact associates or colleagues, or be used for personal communication in the UK. These mobiles will not be any less vulnerable to intercept, but will not contain stored personal or business information which might be exploited by a foreign intelligence service.”
Many people might shrug at this. Most of us are not spies or negotiating top-secret deals. We have come to expect nothing to be secure and feel there is little we can do about it.
But could things be different? Should we be asking device manufacturers to do more to protect our privacy? Apple was prepared to defy the FBI in court over an order to unlock the San Bernardino gunman’s iPhone. Silicon Valley companies have made a great show of protecting their customers against intrusion. But the same companies are designing products that let users unwittingly haemorrhage personal data right from the outset. They could do better. Consumers should demand better.