Dr Lorrie Cranor, Carnegie Mellon University
Listen Now Download as mp3 from the show Your Smartphone: What's it Saying to Cyber-Criminals?
This week we’re going to be looking more closely at the trusty devices we now carry with us everywhere and seem to use for almost everything; and that’s our mobile phones.
Today’s smartphones are capable of doing so much more than the mobile phones of a few years ago and, as a result, we’re spending more and more time on them - logging what we’ve eaten that day, looking up where our next meeting is or uploading a snap to Facebook.
All this has some obvious benefits but it’s brought with it some serious security risks - most of which the average user is completely oblivious to. Did you realise, for instance, that leaving your phone’s wifi switched on is broadcasting to the world where you eat, sleep and work, as well as potentially more sensitive information you definitely don’t want revealed... Dr Lorrie Cranor from Carnegie Mellon University is an expert in data security and she spoke to Kat Arney about why don’t perceive our smart phones to be at risk...
Lorrie - Our data is constantly at risk whenever we’re using our mobile phone whether the wi-fi is on or not actually. At the very least, your telephone company is tracking you and perhaps others as well. Certainly, turning your wi-fi on, turning your Bluetooth on is going to put you at additional risk. Even when you're using your desktop or laptop computer and you're surfing the web, you're also being tracked as far as what websites you are visiting.
Kat - What kind of personal data might be at risk from our phones?
Lorrie - Well, it depends what you do with your phone, but there's your address book, your email, your location, if you're doing online banking. All of this data is potentially at risk.
Kat - And I guess then if someone got hold of it, they could do pretty bad things with it.
Lorrie - Yeah. Especially if you leave your phone without any sort of a password or pin, then anybody picking up your phone can basically act as you.
Kat - Pretty scary stuff. But what do the general public think are the risks? I mean obviously, a lot of people seem to be fairly oblivious that their phone is leaking data around them.
Lorrie - Yeah. I think most people are fairly oblivious and are unaware of the risk.
Kat - You’ve done some nice research with children, about how children view this because obviously, more and more kids are getting smartphones and going online with tablets and these kind of things?
Lorrie - Yeah. We have a project called Privacy Illustrated where we have gone into schools with magic markers and paper and asked kids to draw pictures of privacy and what privacy means to them. We’ve also done it with adults. But the children’s drawings have been particularly interesting. We find with the youngest children, they're not yet thinking about technology. They're thinking about being able to go to their room or to the bathroom and close the door. But then as they get older, then we start seeing images of kids using smartphones and computers and some concern about privacy when they go online. A big thing with kids is, as they start using text messages, this becomes an extremely private form of conversation for them.
Kat - I assume not wanting their parents or anyone else seeing what they're saying.
Lorrie - Exactly.
Kat - Why do you think the public does seem quite oblivious about the risks of data leaking out of our smartphones?
Lorrie - Well, because it’s a leak that we don't see. There is no tell-tale drip, drip, drip that you see and so, people don't know what's happening.
Kat - Should they be concerned? You know, I'm just walking down the street with my phone. How at risk am I as an individual of someone getting hold of my data and doing something bad with it? Can we be overly paranoid about this?
Lorrie - Well, there's a lot of different types of risks and there are some of them that may never impact you until they do. I mean, one type of risk is somebody actually stealing your identity, being able to break into your bank accounts, things like that, and that's a very tangible risk that people can understand. But there are also risks associated with just having things that you wanted only your friends to see or hear being made public. That actually can be devastating to people depending on what that information is and if it is passed on to their employers or their parents or their spouse, there's definitely information that can get out that can be really harmful to people.
Kat - Do you have a Smartphone and are you very careful about what you put on it?
Lorrie - I do have a Smartphone and I do try to be careful with it. I never post anything that would be upsetting to me if I saw it on the front page of a newspaper.
Kat - Are you going to post that you've been on the Naked Scientists?
Lorrie - Yeah. I think that's probably okay.