A Channel 4 News special investigation in association with MWR InfoSecurity has revealed some startling information.
The average smartphone sends out hundreds of thousands of pieces of information every day, giving away its location and unique identity to advertising agencies around the world.
The findings come from a special Channel 4 News investigation, which used a “black box” from IT security company MWR InfoSecurity to track data sent from a mobile phone.
Channel 4 News technology producer Geoff White came up with the concept of “Data Baby”, a project that would look at the personal information of a fictitious young woman who lives in London and uses a variety of social media and IT devices in her personal life.
Geoff said: “On this occasion we wanted to look at how information is sent from mobile phones automatically to a variety of websites. We approached MWR InfoSecurity and asked them to build a data interceptor that would track what the phone was doing and then analyse the results. What came back was amazing.”
“In a 24 hour period the phone sent and received 350,000 packets of information and was in contact with 350 servers across the world.”
He added: “Every time we go online, we leave a digital trail in our wake. The websites we visit, products we browse and forms we fill out are all turned into code and stored on computers across the world – It’s almost impossible for the average person to keep a track of their digital footprint. Channel 4 wanted to find out who was using this data, and how – and more importantly, how does it affect our experience online?”
For this, Channel 4 News created the Data Baby, a virtual persona for whom they have created an entire online life called Rebecca Taylor (two of the most common names in the UK), she has a Facebook page, a Twitter account and an active life on the web. But because she is, in fact, just a laptop and a mobile phone, it was possible to follow her every move, tracing where her data went and who was using it.
Geoff said: “Smartphones have taken the use (and abuse) of our personal data to a whole new level. Always with us, always connected and usually running dozens of apps, our phones have massively increased the amount of information we send and receive every day. They have also added a whole new layer: location data. By knowing where its owner is, a phone can offer maps and other useful information, yet it also allows our movements to be tracked by advertisers across the globe.”
In order to gather and analyse the hundreds of thousands of mini-messages sent and received by the Data Baby’s phone every day, Channel 4 News worked with MWR InfoSecurity to build a “black box” which could intercept the data.
Geoff commented: "The black box works only with the Data Baby’s phone, storing the torrent of communications flowing to and from it to servers around the world. Even during a one-hour period when the phone was “idle” it sent more than 30,000 packets to 76 servers worldwide. The phone’s exact location was sent to an advertising agency in the Ukraine, and its unique identifier was sent out half a dozen times to ad networks in the US."
“We take it for granted that when we stop talking, texting or browsing, our phones stop communicating. But our experiment shows that whenever it’s switched on, the phone is sending out hundreds of thousands of messages every day.”
He added: “Some of this traffic is useful; it helps the phone to function. But some of it seems to serve little purpose than putting personal information into the hands of advertisers, unknown – and very probably unwelcome – to the phone’s user. Thanks to MWR InfoSecurity’s work on the Data Baby project we now have a glimpse of just how far our personal information is carried thanks to smartphones.”
Recent revelations about intelligence agencies’ use of surveillance have made the public much more aware of who is handling mobile devices’ data.
Rob Miller a security consultant at MWR InfoSecurity said: “Most users are not aware of how mobile devices communicate with other servers and they should be very careful about what permissions are given to applications. I am sure that most users would be shocked at the amount of information that is sent and received.”
Alex Fidgen a director at MWR InfoSecurity said: “It is extremely important that broadcasters like Channel 4 and companies like ours carry out these investigations and make them public. We see and deal with security issues and vulnerabilities on mobile devices on a regular basis and were delighted to work with Channel 4 News on this project.”