Press Release

In 24hrs a smartphone can send 350,000 packets of personal information and contact 350 servers worldwide

News

A Channel 4 News special investigation in association with MWR InfoSecurity has revealed some startling information.

The average smartphone sends out hundreds of thousands of pieces of information every day, giving away its location and unique identity to advertising agencies around the world.

The findings come from a special Channel 4 News investigation, which used a “black box” from IT security company MWR InfoSecurity to track data sent from a mobile phone.

Channel 4 News technology producer Geoff White came up with the concept of “Data Baby”, a project that would look at the personal information of a fictitious young woman who lives in London and uses a variety of social media and IT devices in her personal life.

Geoff said: “On this occasion we wanted to look at how information is sent from mobile phones automatically to a variety of websites. We approached MWR InfoSecurity and asked them to build a data interceptor that would track what the phone was doing and then analyse the results. What came back was amazing.”

“In a 24 hour period the phone sent and received 350,000 packets of information and was in contact with 350 servers across the world.”

He added: “Every time we go online, we leave a digital trail in our wake. The websites we visit, products we browse and forms we fill out are all turned into code and stored on computers across the world – It’s almost impossible for the average person to keep a track of their digital footprint. Channel 4 wanted to find out who was using this data, and how – and more importantly, how does it affect our experience online?”

For this, Channel 4 News created the Data Baby, a virtual persona for whom they have created an entire online life called Rebecca Taylor (two of the most common names in the UK), she has a Facebook page, a Twitter account and an active life on the web. But because she is, in fact, just a laptop and a mobile phone, it was possible to follow her every move, tracing where her data went and who was using it.

Geoff said: “Smartphones have taken the use (and abuse) of our personal data to a whole new level. Always with us, always connected and usually running dozens of apps, our phones have massively increased the amount of information we send and receive every day. They have also added a whole new layer: location data. By knowing where its owner is, a phone can offer maps and other useful information, yet it also allows our movements to be tracked by advertisers across the globe.”

In order to gather and analyse the hundreds of thousands of mini-messages sent and received by the Data Baby’s phone every day, Channel 4 News worked with MWR InfoSecurity to build a “black box” which could intercept the data.

Geoff commented: "The black box works only with the Data Baby’s phone, storing the torrent of communications flowing to and from it to servers around the world. Even during a one-hour period when the phone was “idle” it sent more than 30,000 packets to 76 servers worldwide. The phone’s exact location was sent to an advertising agency in the Ukraine, and its unique identifier was sent out half a dozen times to ad networks in the US."

“We take it for granted that when we stop talking, texting or browsing, our phones stop communicating. But our experiment shows that whenever it’s switched on, the phone is sending out hundreds of thousands of messages every day.”

He added: “Some of this traffic is useful; it helps the phone to function. But some of it seems to serve little purpose than putting personal information into the hands of advertisers, unknown – and very probably unwelcome – to the phone’s user. Thanks to MWR InfoSecurity’s work on the Data Baby project we now have a glimpse of just how far our personal information is carried thanks to smartphones.”

Recent revelations about intelligence agencies’ use of surveillance have made the public much more aware of who is handling mobile devices’ data.

Rob Miller a security consultant at MWR InfoSecurity said: “Most users are not aware of how mobile devices communicate with other servers and they should be very careful about what permissions are given to applications. I am sure that most users would be shocked at the amount of information that is sent and received.”

Alex Fidgen a director at MWR InfoSecurity said: “It is extremely important that broadcasters like Channel 4 and companies like ours carry out these investigations and make them public. We see and deal with security issues and vulnerabilities on mobile devices on a regular basis and were delighted to work with Channel 4 News on this project.”

 

 

Accreditations

As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
We are certified in the ISO 9001 quality management system (QMS) in the UK, ensuring reliable delivery of our products and services.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR are approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.