The personal spy: the smartphone in your pocket may be spying on you, II

Published 20 October 2009

The advances in smartphone technology could well be exploited in much the same way that e-mail and the Internet can be used to “phish” for personal information such as bank details

By next year about 1 in 3 new smartphones will have accelerometers. Pressure sensors and gyroscopes will follow, and soon your handset may keep tabs on your health and pay your bills too.

Linda Geddes writes that Nokia is experimenting with adding biosensors capable of monitoring heart and breathing rates, as well as glucose and oxygen levels in the blood. “Your phone could act as a wellness diary, and start to integrate data with the primary health records kept by your doctor,” says Marc Bailey, a researcher at the Nokia Research Center in Cambridge, United Kingdom.

Meanwhile mobile commerce, or M-commerce, in which phones are used to transfer money or pay for shopping, is already expanding rapidly. Cellphone users in Japan can buy train or airline tickets with their handset, while people in Afghanistan, the Philippines and east Africa can use their handsets to transfer money to each other. “M-commerce is coming, and the expectation is that it will become prevalent in the U.K. and other European countries within four years,” says Joe McGeehan, head of Toshiba’s research lab in Europe.

Though these developments should bring many benefits, security is expected to become a problem. “As soon as you put money on anything, criminals become more interested in it,” says McGeehan.

To counter this, manufacturers are developing more secure ways of encrypting data on handsets. According to Nokia, users will be able to alter security settings depending on how much data they want available at any one time. Phones with built-in fingerprint scanners are already on the market, and Sharp has experimented with face recognition on handsets, though hackers have recently shown that face recognition is easily defeated with just a photograph.

Meanwhile, Apple is thought to be considering adding biometric security measures, such as a fingerprint scanner, to future iPhones. However effective these security features are, though, they will only work when turned on.

Geddes sought the answers of industry experts to security-related questions. Here are few of the Q&A.

If I delete a message or photo on my phone will it disappear completely?

Data often remains on a phone’s memory chip until it is overwritten. Phones also create extra copies that are spread around its memory. It is possible to overwrite files by copying new data onto the phone. Commercial software will “zero fill” a memory or SIM card to overwrite it.

Where do recycled handsets end up?

According to Andy Jones, a security specialist at British Telecommunications, the main markets for recycled phones are Nigeria and China, “both of which are regarded as areas posing a high threat to the security of information.”

What if I smash up my SIM card?

Forensic analysts can often recreate SIM cards using the data that’s stored on the handset. How much information they can retrieve depends on the phone model. It is also possible to stick a damaged SIM card back together and then extract its data.

Can my movements be tracked, even if I don’t have GPS on my phone?

A technique called cell site analysis can be used to track someone to within 10 to 15 meters, using cellphone masts to triangulate their position. GPS can give more detailed information, such as your altitude or the speed you are traveling at.

Can my handset be used to spy on me?

If someone can get direct access to your handset, they can install software that lets them listen to conversations and monitor text messages without your knowledge. Without direct access, they can still monitor your phone usage remotely, but not eavesdrop on your conversations. It is also possible to send text messages that look like they come from someone else — a technique called SMS spoofing. This makes it possible to upload messages to someone else’s Twitter account, or send your boss rude messages using a colleague’s number.

How do I improve my phone’s security?

Switch on all security options such as handset PIN codes. Download software to wipe your phone before you throw it away or send it for recycling. Consider buying a handset with fingerprint recognition security. Alternatively, add software that can find your phone or even take control of it remotely should it be stolen, allowing you to encrypt all data stored on it, disable it entirely or even make it emit a loud alarm.

Is it legal for my employer or partner to send my cellphone for analysis?

If it is a company phone, or was a present from your partner, beware. Chances are that they can claim legal ownership and so can do what they want with it.