41 percent of Android phones are vulnerable to 'devastating' Wi-Fi attack

[vienna]

Those are good points for enhancing individual security. However, I would add the fact a surprising number of apps have the capability to turn on the WiFi port(s) on their own, under certain conditions. If you have the WiFi turned off and happen to have one of these apps, they can override your choice and reopen the connection; for example, say you have an app from some big box store or other and you walk into the store with WiFi off; the store's system will detect your presence and reestablish contact. If you really want to be certain about your security, you should re-check the WiFi status from time to time...





<O>

[Skybird]

Quote:

Originally Posted by vienna

say you have an app from some big box store or other and you walk into the store with WiFi off; the store's system will detect your presence and reestablish contact.

That was new to me, and I would be seriously pissed if I get attacked like this, for an attack it definitely is. I rate this as a criminal violation, because if I turn off WLAN, I have declared my will and expressed clearly a certain prohibition regarding the way others may approach me, and when someboy else without my consent forces my device to switch in on again, it is a a non-consensual and unlegitimised intrusion of my privacy, comparable to a stranger all of a sudden standing in my flat. Such an intruder has expect nothing good from me. A store doing like you described is like an attacker kicking in my locked appartment door by force. Or sneaking in through a window in the basement.

Can something like this also be done by identifying the presence of a smartphone due to the mobile phone cell it is currently situated in, even if its WLAN and mobile internet connections are turned off? One needs to remember all the time that a smartphone perate in three different radio circuits, minimum: phone, mobil internet, WLAN.

I once have red somewhere that the NSA even has methods to turn on a smartphone that was completely switched off, although this, as I remember it, needed a quite targetted an deliberate effort. At least for the time being.

And are RFID chips - in plastic cards - really blocked from getting passively read by a close-by detector if you put aluminium metal foil around it?

Tin foil hats - that joke maybe already has lost it legitimacy, eh?

[mapuc]

About 3-4 times per year I open my WIFI on the Smartphone and I always do it at home. I do it to get new updates to what I have, antivirus and other stuff.

I do not watch it all the time when I'm shopping or doing other things when I'm outside.

Furthermore, if my WIFI should be turned on by some apps or program, maybe, maybe I would not detect at once but I would sooner or later I would detect it. ´cause it has never happen to me.

I'll ask some of my online friends if their WIFI have turned on without their knowledge.

Markus

[vienna]

To be clear, the apps in question do not turn on shut down phones; they only turn on the WiFi function on an already on phone. As for the question of the unauthorized access to your cell's WiFi, if you install an app that is capable of independent turn on, they almost always tell the user of that ability during the install process and/or in some form of EULA available to the user(s); basically, like a lot of other forms of online consumer offers, you often end up giving up some control in order to get the end "benefit"...






<O>

[Rockin Robbins]

Again, the problem isn't your phone. The malware attacks the router. And the malware is useless. No crook is going to put his body in your driveway when he can hack you in his underwear from Uganda.

Travel is expensive. You have to buy clothes. You have to come up with a vehicle. You must sit in someone's driveway or in front of their house for hours. No crook is going to do this. You don't have enough good stuff for him to be interested in.

Now if you are a small business, things might be different. You have no IT department, you are very busy running your business and probably wouldn't notice a wardriver in front for several hours, and probably DO have something worth taking.

[vienna]

Quote:

Originally Posted by Skybird

...

Can something like this also be done by identifying the presence of a smartphone due to the mobile phone cell it is currently situated in, even if its WLAN and mobile internet connections are turned off? One needs to remember all the time that a smartphone perate in three different radio circuits, minimum: phone, mobil internet, WLAN.

I once have red somewhere that the NSA even has methods to turn on a smartphone that was completely switched off, although this, as I remember it, needed a quite targetted an deliberate effort. At least for the time being.

And are RFID chips - in plastic cards - really blocked from getting passively read by a close-by detector if you put aluminium metal foil around it?

...

Even with the internet and WLAN functions turned off, yes, a cell phone can be located if it has GPS built in; even without GPS, pinging and triangulating off nearby towers can get someone a pretty close approximation of your position and/or location...

The NSA has long been reputed to have the ability to turn on turned off devices, but the NSA has been very coy about actually admitting the capability; given it is the NSA, the good bet would be "Yes". However, in order to legally do such an action, the NSA would need a warrant from a FISA court, which would mean a very limited access, both in scope and time and the NSA, or any other agency, would have to give the court very, very specific reasons and/or evidence to back up a warrant request...

I've read varied views on the efficacy of aluminum foil to block RFID; some (usually those wanting to sell their nigh-priced alternatives) claim foil does little to block RFID. The most consistent view I've seen is foil will block most RFID readers at long range, but at closer range, say, a couple of inches, the reader may detect an RFID device; what is interesting, in most of the tests I've seen, a majority of the more thorough tests have shown, while the RFID devices are detectable, the foil actually prevents the RFID device from transmitting back to the reader, essentially a one-way situation, sort of like a diode...





<O>

[em2nought]

I wonder if I've downloaded an app that turns my wifi on? I've noticed it on a few times lately when I didn't intentionally turn it on. hmm? I wonder if it's that bank app, it's probably counting my money, and telling the police to seize it as in asset forfeiture. lol

At work I have everything on cat 5 with no need for wireless so I have it turned off, until now that is. I'm thinking of introducing a few security cameras to the mix and I believe they'll require wireless. Maybe I can just turn it on each night, and then off the next morning.

[Skybird]

I have GPS off by default, to. Though to ease battery drain, not so much for secuirty concerns. But if I do establish an online connection, the web would know with utmost preicison then where I am, if GPS is on, the web could read out the precise position data. So I only have it on when I need it: both GPS, and internet connections.

I recommend for navigation OsmAnd over Google. Not only doe sit have the far b etter and more updated maps, but it doe snot need online connectivity, can be used via downloaded offline maps and GPS alone. Google Maps does not want to work without online status, even when it is not needed. They want the user to be easily trackable.

GPS alone however is fully passive, I believed I understood!? If it emits no signals, how can it be used to track you?

Its all no impenetratable walls, its about setting up hurdles nd trapwires.

The FISA courts operates outside any countercontrol mechanisms, and below the radar of anyone or anything thta is not the closest circle of the president. Which means they can do what they want, practically. Wich means they are only as responsible as the president thinks he is. Which raises a fundamental principle problem, for it unites legislation, jurisdiction and partly even executive in one and the same hand. These three are not for no reason separated in Western state theory. Considering that the FISA and FISC bodies were created to overview the work of the intelligence services, makes it all even more dangerous. These courts very easily can become part of what they were created to control. To me, their creation always appeared to be more an alibi only and even an indirect strengthening of he intelligence services autonomy (which to huge degrees they de facto have). Lesson of the story: you cannot fight bureaucracy by adding new bureaucracy that should fight bureauracy.