The Internet of Things has everything from our cars and appliances to clothes, lights, and even beds connected. Using a WiFi hub and some IFTTT recipes, you can really automate everything in your life. However, with this wireless, mobile-centric convenience comes security risks.
As you install the appropriate software on your smartphone (which also holds your personal information, contacts, financial information, passwords, etc.), you create a vulnerability for attackers to gain access to your connected devices.
Your smartphone is one of the weakest points of your home network’s security, and you may not even realize it. Accessing your data and devices from the cloud is great, but you need to protect yourself while doing it with a VPN and proxy.
How Smartphone Networking Works
While our smartphones are connecting to high-speed 4G LTE networks, there’s only so much wireless bandwidth these mobile carriers can use. They’re bottlenecked by restrictions in the FCC’s wireless spectrum while online content pushes toward 4k and 8k resolutions, 360-degree videos, and more.
On top of this, tons of apps constantly checking for updates, putting a heavy burden on wireless data carriers who can charge hefty data overage penalties.
To help alleviate the issue, smartphones are designed to actively seek out WiFi networks (even when you turn this option off). This uses the public and enterprise WiFi infrastructure to help alleviate the burden of congestion that could slow data speeds.
Unfortunately this means your smartphone is actively working against you, sending out signals for anyone listening to pick up. Google even got in trouble a few years back for private WiFi data its Google Maps cars picked up while driving around the world for Street View.
Every time you reset your device, move out of a network, or reconfigure network settings, it will automatically send out WiFi probe requests. A lot of times it can happen from just installing a new app or game. Anyone with a laptop can monitor this data without even needing to be connected to the same network.
Google may have ended up in court over sniffing WiFi traffic, but not everyone does. In fact, major retailers like Krogers, Sephora, and Nordstroms actively use these probe requests to track customers and provide real-time mobile marketing.
Of course this is all well and good for the wireless carriers and brick-and-mortar retailers, but where does that leave consumers?
Protecting Your Smartphone
The worst thing an attacker can pick up from sniffing for probe requests is the SSID of every network you’ve connected to. It may seem trivial, but don’t underestimate it. Using SSID’s, I can figure out where you live, work, hang out, and map your general commute.
That’s powerful information to have, and disabling auto-connect features will help alleviate this issue while making your life a little more annoying. But SSID and location history is just metadata – you have a lot more precious data to protect on your phone.
You also need to protect the personal and private data you transfer every time you connect to a public network. If I’m sitting at a McDonald’s on a busy corner running a couple of programs, I can simultaneously pick up every SSID of every device and use packet injection to execute a man-in-the-middle attack.
With a man-in-the-middle attack, I trick your device into believing I’m the network and vice versa and can transparently intercept data sent between them. The only way to stop someone like me from doing this is by encrypting your connection.
Using a VPN, you create an encrypted tunnel to your home network that remains in place regardless of which public network you connect to. It acts as a proxy server that reroutes all data, so while people may be able to see the network you’re connecting to, they won’t be able to see the data.
VPNs based on the OpenVPN protocol have been used by government and enterprise user for decades to keep remote devices secure and allow business to run from multiple locations. Many desktop users of Windows, Mac OS, and Linux swear by VPNs and install them on every laptop and desktop, but sometimes we can forget about our smartphones.
Installing a VPN on your mobile device protects you from having your Skype, IFTTT, Spotify, and other services reveal more about you in public than you may have even realized.
You can’t keep your smartphone from constantly pinging networks – it’s just how they’re designed. You can, however, keep it from revealing too much sensitive data by encrypting the connection and bringing your home network security with you everywhere you go.