Wi-Fi security flaw for smartphones puts your credit cards at risk

Millions of smartphone users and BT customers who use Wi-Fi wireless internet "hotspot" connections in public are vulnerable to fraud and identity theft, a Gaurdian investigation has established.

In tests conducted with volunteers - to avoid breaching telecommunications and computer misuse laws - security experts were able to gather usernames, passwords and messages from phones using Wi-Fi in public places.

In the case of the best-selling Apple iPhone 4 and other smartphone handsets, the information could be harvested without the users' knowledge and even when they were not actively surfing the web if the phone was turned on.

BT. the UK's biggest provider of such hotspots with five million of its "Openzone" connections in the UK in train stations, hotels and airports, admitted that it has known of the weakness for "year" and that it is working on a permanent fix. But it has no timetable for when it might be implemented.

Using a $49 piece of communications equipment and software freely available for download from the internet, the investigation established that crooks could set up bogus Wi-Fi "gateways" to which the lastest generation of mobile phones would automatically connect. Once a connection is established, all the information passing through the gateway can be either be read directly or decrypted using software that will run on a laptop.

In another test, a fake Wi-Fi hotspot invited people to "pay" for internet access with their credit card - but required them to click a box to accept terms and conditions which clearly stated "you agree we can do anything we like with your credit card details and personal logins".

A number of people entered their details. The Guardian did not retain any users' details in the experiment.

Not only could the information be used to steal identities, hijack email accounts and commit fraud but also to gather information about individuals and company employees. With the information gained in our investigation, fraudsters could have bought goods online or sent multiple e-gift voucher worth as much as $1,000 each to pre-set email addresses. It is believed that such vouchers are already being traded by crook over the internet.

The attack works because public Wi-Fi hotspots have no form of identification except their name, which an off-the-shelf device can mimic. Many smartphones are sold with automatic connectivity to BT's Openzone Wi-Fi hotspots to enhance the contract and reduce the load on the mobile carrier's data network form the phones, while offering faster connectivity.

Jason Hart, chief executive of the security company Cryptocard in Europe, said: "An O2 iPhone will automatically connect, because BT Openzone connectivity is usually part of the package for free internet access. It will pass over its credentials and because it can see the internet through the hotspot, it will start sending and receiving data."

BT, which boasts of having 2.5 million Wi-Fi hotspots available to its 5 million broadband customers said: "This hack is known as 'Evil Twin' and has been known to the industry and others for some years."

The company is working with the Wireless Broadband Alliance, an industry group which aims to help hotspot providers deliver a "reliable and trustworthy" service, to introduce a security system known as 802.1x, which forces detailed authorisation when devices connect. But it is not clear whether the devices themselves will be able to detect fake hotspots.

Apple, manufacturer of the top-selling iPhone series, declined to comment. O2 did not respond to requests for comment.

BT broadband customers who agree to allow a part of their Wi-Fi bandwidth to be used publicly are, in turn, allowed to use the Wi-Fi of other subscribers. The resultant Wi-Fi community is called BT Fon and utilises wireless routers – boxes which broadcast the Wi-Fi signals – in people's homes. BT Openzone users have to provide usernames and passwords. Subscribers may use both services through their smartphones. On the first use anywhere, they must give a username and password – but after that, their phones forever hunt out hotspots with the names "BT Fon" and "BT Openzone" hotspots automatically, and will join them.

Stuart Hyde, the Association of Chief Police Officers' lead on e-crime prevention, said: "We became aware of the potential for criminals to use Wi-Fi in this way last year and have become increasingly concerned. All they need is to set themselves up in a public place with a laptop and a mobile router called 'BTOpenzone' or 'Free Wifi' and unsuspecting members of the public come along and connect to them.

"Once that happens, there is software out there that enables them to gather usernames and passwords for each site a user signs in to while surfing the net. And once criminals have access to your email accounts, Facebook account, Amazon history and so on, the potential for fraud and identity theft is very serious indeed.

"Until there are improvements in security, I would advise people to be very wary indeed when using insecure Wi-Fi in public places."

Professor Peter Sommer, a cyber-security expert at the London School of Economics, said: "This is all very alarming. It means that literally millions of people who use Wi-Fi in public could be at risk. If criminals are able to harvest the usernames and passwords of all the websites you visit, they could do significant damage in terms of identity theft and fraud.

"The safest route for existing users of mobile phones, particularly if they use BT Fon or Openzone, is to switch off their Wi-Fi when they leave home and only use it on systems they know to be secure – such as at home or at work. Everywhere else you use Wi-Fi – whether in a coffee shop, an airport, a railway station and especially out in the street – you are taking a calculated risk."

参考：http://www.guardian.co.uk/technology/2011/apr/25/wifi-security-flaw-smartphones-risk?CMP=twt_gu

Almost 200 operators investing in LTE

The Global mobile Suppliers Association (GSA) has published an update to its Evolution to LTE report which confirms almost 200 operators are now investing in LTE.

The report confirms 140 firm operator commitments to deploy commercial LTE systems in 56 countries. The number of committed operators is 118% higher than one year ago. A further 56 pre-commitment trials have been identified. Taken together, the report confirms 196 operators in 75 countries are currently investing in LTE. The report covers both LTE FDD and LTE TDD modes.

Seventeen operators have commercially launched LTE networks, in Austria, Denmark, Estonia, Finland, Germany, Hong Kong, Japan, Norway, Poland, Sweden, USA, and Uzbekistan.

GSA has raised its market outlook and now anticipates that at least 73 LTE networks will be in commercial service by end 2012.

The regional breakdown of 140 firm operator commitments to deploy is as follows:

• Americas = 29 networks
• Europe = 64 networks
• MEA = 14 networks
• APAC/Oceania = 33 networks

The ecosystem of user devices is quickly building. In a related report published by GSA earlier this month, (Status of the LTE Ecosystem – March 16, 2011), a total of 98 LTE-capable user devices were confirmed launched in the market by 35 suppliers.

Alan Hadden, President of the GSA, said, “LTE is the fastest developing mobile communications system technology ever and continues to make excellent progress. Investments in LTE are now extending beyond traditional public communications carriers as we saw with the FCC mandating of LTE for first responders, which underlines the progress towards a single mobile technology with LTE.”

The Evolution to LTE report covers regulatory developments (including spectrum), operator commitments and network deployments, launches, trials worldwide, related industry initiatives and user devices [continues after image]

A number of auctions of new spectrum for LTE – including 2.6 GHz and in the digital dividend bands (700, 800 MHz), are scheduled in the coming months in various countries across the world. Access to new spectrum is essential and welcomed, however these procedures take time. There is a growing momentum for re-using (re-farming) current cellular bands to allow the option of introducing more efficient technologies including LTE. The 1800 MHz band, which was originally allocated for GSM, is widely available across much of the world and has emerged as a key candidate for LTE deployments, with improved coverage being a key driver – twice the coverage area can be achieved using 1800 MHz compared to 2.6 GHz. Shorter time to market is another key benefit. Recent announcements by leading operators committing to LTE1800 deployments will help to establish 1800 MHz as a core band for LTE.

参考：http://www.gsacom.com/news/gsa_324.php4

iPhone keeps record of everywhere you go

Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised.

The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program.

For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010.

"Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been," said Pete Warden, one of the researchers.

Although mobile networks already record phones' locations, it is only available to the police and other recognised organisations following a court order under the Regulation of Investigatory Power Act. Standard phones do not record location data.

MPs in 2009 criticised the search engine giant Google for its "Latitude" system, which allowed people to enable their mobile to give out details of their location to trusted contacts. At the time MPs said that Latitude "could substantially endanger user privacy", but Google pointed out that users had to specifically choose to make their data available.

The iPhone system, by contrast, appears to record the data whether or not the user agrees. Apple declined to comment on why the file is created or whether it can be disabled.

Warden and Allan have set up a web page which answers questions about the file, and created a simple downloadable application to let Apple users check for themselves what location data the phone is retaining. The Guardian has confirmed that 3G-enabled devices including the iPad also retain the data and copy it to the owner's computer.

If someone were to steal an iPhone and "jailbreak" it, giving them direct access to the files it contains, they could extract the location database directly. Alternatively, anyone with direct access to a user's computer could run the application and see a visualisation of their movements. Encrypting data on the computer is one way to protect against it, though that still leaves the file on the phone.

Graham Cluley, senior technology consultant at the security company Sophos, said: "If the data isn't required for anything, then it shouldn't store the location. And it doesn't need to keep an archive on your machine of where you've been." He suggested that Apple might be hoping that it would yield data for future mobile advertising targeted by location, although he added: "I tend to subscribe to cockup rather than conspiracy on things like this – I don't think Apple is really trying to monitor where users are."

Only the iPhone records the user's location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file and are presenting their findings at the Where 2.0 conference in San Francisco on Wednesday. "Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any," said Warden. "We haven't come across any instances of other phone manufacturers doing this."

Simon Davies, director of the pressure group Privacy International, said: "This is a worrying discovery. Location is one of the most sensitive elements in anyone's life – just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage."

Warden and Allan point out that the file is moved onto new devices when an old one is replaced: "Apple might have new features in mind that require a history of your location, but that's our specualtion. The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental." But they said it does not seem to be transmitted to Apple itself.

The location file came to light when Warden and Allan were looking for a source of mobile data. "We'd been discussing doing a visualisation of mobile data, and while Alasdair was researching into what was available, he discovered this file. At first we weren't sure how much data was there, but after we dug further and visualised the extracted data, it became clear that there was a scary amount of detail on our movements," Warden said.

They have blogged about their discovery at O'Reilly's Radar site, noting that "why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored."

The pair of data scientists have collaborated on a number of data visualisations, including a map of radiation levels in Japan for The Guardian. They are developing a Data Science Toolkit for dealing with location data.

Davies said that the discovery of the file indicated that Apple had failed to take users' privacy seriously.

Apple can legitimately claim that it has permission to collect the data: near the end of the 15,200-word terms and conditions for its iTunes program, used to synchronise with iPhones, iPods and iPads, is an 86-word paragraph about "location-based services".

It says that "Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services."