Your Smartphone: What's it Saying to Cyber-Criminals?

How and where your phone is leaking your personal information to and how to stop it...
17 February 2015
Presented by Chris Smith, Kat Arney
Production by Graihagh Jackson.


This week, how we're haemorrhaging personal information through our smartphones. We hear how snoopers can eavesdrop on your mobile signals while you're out in public to track down your home address. A computer scientist tells us what he discovered on a bunch of second-hand mobile phones picked up off eBay, and the website that grades the threat's you face from any app yu install. Plus, the stories making the headlines from the world of science and technology, including figuring out how much dark matter is in the Milky Way, and a breath test to diagnose Parkinson's Disease...

In this episode


01:02 - Smart insulin: a diabetes game changer?

A self-regulating insulin molecule, that works by sensing blood sugar levels, could revolutionise type 1 diabetes treatment...

Smart insulin: a diabetes game changer?
with Dr Matthew Webber, Massachusetts Institute of Technology

For people with type 1 diabetes, whose pancreas doesn't make enough of the Diabetesglucose-regulating hormone insulin, life is dominated by pricking fingers to measure blood sugar levels, and injections of insulin. But what if this injected insulin could be made smarter, circulating in the body until the exact time it's needed, only springing into action after a meal? It sounds too good to be true, but now, publishing in PNAS, MIT scientist Matthew Webber has made it happen, at least in mice, as he explains to Kat Arney...

Matthew - The idea was to try to make insulin a little bit more autonomous, if the insulin molecule itself could remain in the body but not be functional unless it was needed. So, if blood glucose levels go up as a result of a meal, then the insulin could turn on and become active versus the patient having to kind of know when their blood glucose level was high and inject themselves.

Kat - Describe to me a bit more about this particular insulin. What does it look like and how does it work?

Matthew - So, the vision for the insulin or at least how we anticipate it to work is that the small molecule that we've attached to the insulin protein itself would enable the insulin to become sequestered within the body and be inactive.

Kat - So, it would hide away when it's not needed?

Matthew - Right. So yeah, it would remain sequestered and hide until it was needed.

Kat - And then what happens when someone say, has a dinner and their blood glucose starts to go up?

Matthew - The general idea we tried to simulate in a mouse was a meal. So, we inject glucose to simulate a meal and then the insulin in theory will turn on and will become active and ready. And then will result in a reduction of blood glucose levels, the way insulin is supposed to normally work in a healthy functioning pancreas.

Kat - So explain a little bit more about how does the glucose actually make this clever insulin come out of hiding? How does that work?

Matthew - So, the mechanism is not entirely clear to us.

Kat - Even though you built it?

Matthew - Even though we built it, yes. So, we had an envisioned mechanism in mind which was that it would bind to a protein that is in very high concentration in the blood which would make it inactive. And then in the presence of glucose, it would reduce the binding of this protein and then it would become more active. We weren't able to verify that mechanism in situ in a test tube but that doesn't necessarily mean the mechanism isn't working that way when it's in the body when you get into the complex physiologic environment of the body, a lot can change.

Kat - But I guess the key thing and for anyone who's listening who is affected by type 1 diabetes is going to be: Does it work? And how soon is it going to be here?

Matthew - Right. So, does it work? It works in mice. Some of our studies demonstrate that it works as well as a healthy pancreas which is really the ultimate gold standard for glucose control. That's the way a healthy person would control their glucose. So, it works in mice. As far as moving forward, we're currently in negotiations with some pharmaceutical companies and some other people that might have interest in helping us to advance this clinically. And hopefully, that's a process that can begin in the coming months and years before we'll actually know for sure if it's working well in the human setting.

Kat - Assuming that all goes well in the further tests and eventually taking it into humans does go well, how do you envisage it working? Would someone say, take it once a week?

Matthew - So, the idea I think would be that a person would maybe take this once a day. I think it would kind of serve to provide a basal level of insulin in the body that could become activated to help with some of the glycaemic control issues that diabetics often experience.

04:29 - Investigating the secrets of the violin

What makes some violins sound better than others? To find out, physicists have subjected hundreds of the instruments to scientific scrutiny

Investigating the secrets of the violin
with Professor Nick Makris, MIT and Cambridge violin-maker Juliet Barker

The golden age of violin-making harks back 250 years, when the Italian families of Amati, Stradivari and Guarneri of Cremona carved some of the finest musical instruments ever made. Today they sell for millions but what makes these violins sound so powerful? Scientists from MIT have measured hundreds of these Cremonese violins in the hope of unlocking some of the secrets and it could come down to the f hole - the slim opening either side of the strings. Graihagh Jackson's been hearing how...

Graihagh - Nick's love affair with stringed instruments began 10 years ago after a trip to Istanbul. What you can hear is Nick playing the lute. It's similar to a guitar except it has a mere 26 strings and the body is shaped a bit like half an egg. It wasn't until Nick was leafing through a friend's sheet music collection that his background in science and music really came to head.

Nick - I happened to see a renaissance song book that a friend of mine had lying around. On it, I saw a picture of something that looked like a violin that an angel was holding and it didn't have an F-hole on it. I thought, "Hmm, this is interesting." It had more of a C-shaped hole. I thought, could there have been an evolution?

Graihagh - It turns out there was, from a C-shaped hole to an F-shaped hole. F-holes are these slim cousins either side of the bridge in the strings that reveal the innards of the violin. The thing is, the violin complete with F-holes was first designed in 1555 by Andrea Amati. After the Amati family's reign of violin making, there was the Stradivari family and then the Guarneri family. All three families carved out these F-shaped holes. All three families were from the Italian town of Cremona and all three family's designs of violin are still revered to this day. However, by the 1750s, this Cremonese dynasty of violin makers died and with them, their trade secrets.

Nick - For us now, to go back and understand what their methods and approaches were is a bit of a mystery for violin makers as well as scientists. And so, what we're trying to do in our analysis is go back and look at the physical remains and see how they changed.

Graihagh - Everyone wants to recreate the sounds of these famous Cremonese violins, but it's pretty hard. Each violin has its own distinct sound even when building like for like because of the handmade nature of the trade.

Juliet - I'm Juliet Barker. I've been a violin maker for 60 years and I've been teaching violin making to amateurs for 50 years now. I actually play the violo.


Graihagh - So talk me through how you might go about making a violin. I'm sure there are many, many steps involved.

Juliet - Well, there's also many, many ways of doing it. The best job of all of course is choosing the wood and you look at all the pretty maple for the back, the ribs and the scroll. And then you look for a nice piece of spruce to make the front. So, you have to shape a couple of blocks, bend a couple of ribs, and then you've got your outline fixed. And then you can get onto the carving. For us, the things that matter is the choice of material to begin with and then getting the right curves on the outside, the arching, and thickness in the wood, correct for that piece of wood and every piece of wood of course is different. And they're the things that will make the instrument sound good or not.

Graihagh -    For Nick, the MIT professor, it was the F-hole that caught his ear. Like a detective, Nick took measurements of 470 Cremonese violins, plotted them against other design variants and...

Nick - One of the fascinating things that we found is that the F-hole length increased from the Amati time period to the Guarneri time period.

Graihagh - And how did that affect their sound?

Nick - Well, what it's going to do is it's going to make instruments with a longer F-holes, more powerful in that low frequency register. What we found going across the Cremonese period, it was about 60% increase in power. And some of the other design changes that we found that led to increasing power was also an increase in the back plate thickness.

Graihagh - This would make sense. Amati violins are usually chosen to play in smaller venues, are quieter less powerful whereas Garneri's violins with their bigger F-holes are known for very powerful and are used in huge concert halls. But why does increasing the size of the F-hole increase its power?

Nick - If you consider what happens on a windy day near a tall building, the wind comes and the skyscraper is obstructing the flow. Well, that air has to escape somewhere. It goes around the skyscraper. So, if you're standing near the base of the skyscraper, you're going to feel it's very, very windy at the perimeter. If you walk some meters away from the perimeter, away from a building, you can find it's a lot less windy and that's essentially what we found. So, if you maximise the perimeter length and minimise the void area, you're actually more efficient acoustically. So, the circle is going to be the least efficient, has the most wide area and the smallest perimeter. And something like the F-hole that turns out has very, very high perimeter and very little wide area so it's extremely efficient.

Graihagh - Does that mean we can now build these sort of optimal violins that are super powerful?

Nick - Well, I wouldn't say that. what we do know for sure is that at these frequencies, we're very confident that these are the effects that are important. How everything plays together and how the coupled evolution with the other frequencies and the other ranges, we can't answer those questions yet. But that's the way science works. It works one piece at a time. and the nice thing about this is that the physical data that we've uncovered from the Cremonese instruments is consistent with basic physics. So, what this has enabled us to do is eliminate a lot of trial and error and guess work, and repetition when you have a physical principle guiding you.

Kat - Music to my ears. That's Graihagh Jackson speaking with MIT's Nick Makris and violin maker, Juliet Barker.

Chris - Indeed it must be Kat because you're a string player, but of harps so slightly different technology there.

Kat - Yeah, I am. Interestingly, yes. I think my sound board of my harp is also made of spruce and I had to take it to be repaired once: it's fascinating going to a harp workshop.

Chris - I'm lucky enough about 10 years ago almost to interview a gentleman from Texas A&M University called Joseph Nagyvary. He was interested in this same question of why these violins from this part of Italy and this segment of history all sounded so good. He had luckily managed to get hold of some bits of wood from some of the Stradivari and Guarneri violins when people send them in for restoration, you get little fragments of wood.

He did some analysis and his conclusion was that the wood had been chemically brutalised by boiling in various copper and iron salts and things because you could still see the chemical fingerprint of that having happened. And they suggested that this had in turn affected the acoustic properties of the wood. Others have suggested that the wood got brutalised in that way merely as a form of kind of insect control because furniture from that period is riddled with woodworm but these violins never are. So, one wonders if that might be part of it too.

The Milky Way

12:07 - Dark matter detected in the Milky Way

Scientists have found the best evidence yet that the centre of our galaxy contains significant amounts of dark matter.

Dark matter detected in the Milky Way
with Dr Chamkaur Ghag, UCL

The subject of this story makes up a significant fraction of the mass in our The Milky WayUniverse. We can't see it, or weigh it - but we know it has to be there. This elusive substance is called dark matter, and now a paper in the journal Nature Physics, has found evidence that it's all around us. UCL's Chamkaur Ghag, who wasn't part of the study but pursues his own research detecting dark matter, here on Earth, explains the significance of the discovery to Kat Arney...

Chamkaur - We can look at galaxies sort of outside of our own and measure, in particular, the velocity of stars on the very edges of those galaxies. And you can see those stars on the edges are  just whizzing around far too fast, if they were being held in just by the gravity of all the other stars in there. And that's telling us that there's this extra mass, there's this extra gravity coming from this dark matter that's all around that galaxy. And that's all well and good, sort of, looking out at other galaxies but it would be quite nice to know what the distribution or how much dark matter there is in our own galaxy. And that's really important if we're going to try and detect it here on Earth. It would be quite nice to know just how much there is, is there any in our galaxy, and just, is there any sort of around our local neighbourhood. And this paper is telling us that yes, there is.

Kat - So, by looking at how stars and things like that in our own galaxy are moving, they can infer that, "Oh, there must be this much push from the dark matter here, there must be this much dark matter here."

Chamkaur - That's right. More of a pull really. They're kind of saying this is all being held together to allow these stars and other gas clouds to be whizzing around at the speeds that they're moving around at. They must be being held on by a lot of sort of force, a lot of strength there, and that must be dark matter. They've got a really strong sort of statistical significance here and stating that there is dark matter here in our own galaxy.

Kat - That's still pretty big. Is there dark matter on Earth? Could there be dark matter here in this office?

Chamkaur - Yes. As the Earth is sort of going around the sun and as the sun is moving around the centre of the galaxy, we'd be feeling, experiencing a sort of dark matter wind coming at us. And so, this dark matter wooshes through the Earth all the time and for every sort of pint of volume, any pint glass you hold up, there's roughly one dark matter particle in there, we think. And it's moving through at about 220 km a second. So, it's whizzing through all the time. There's millions of these things going through your body all the time. It's just a case of, do any of them interact, do they scatter, do they sort of bounce off regular atoms? If they do, great because then we've got a chance to actually find them with terrestrial detectors that we put underground.

Kat - Now we know roughly I guess how much dark matter we think is in our galaxy, what next? What's the significance of this finding?

Chamkaur - What this paper has allowed us to do is really increase our sort of statistics in mapping how much dark matter on average there is in our own Milky Way and extending out to where we are right now. And it's giving us a good handle, some nice evidence, some confidence for when we do go and search for dark matter. It's really telling us that, "Look, it's okay. There is stuff here." We would expect to see this stuff. If it interacts away, we think it does. And if we can start to do this with more and more precision with greater accuracy, we might start to figure out the distribution of dark matter also. We might be sitting in a pocket where there's a lot of dark matter or there's not much dark matter. And that really impacts our chances for finding the stuff.

FameLab International Semi-Final 2014

16:19 - FameLab: DNA Sequencing

This month, Cambridge scientists are battling it out in an effort to become the city's FameLab champion! We hear from the semi-finalist...

FameLab: DNA Sequencing
with Kerstin Göpfrich, University of Cambridge

In Cambridge, scientists are battling it out in an effort to become theFameLab International Semi-Final 2014 city's FameLab champion. Six finalists have been chosen by a panel of judges and they're set to go head to head on 9th March 2015 at the Cambridge Junction. Between now and then, we'll be hearing one each week. First up was Kerstin Göpfrich and she told Chris Smith about her work on DNA sequencing...

Kerstin - I'm a PhD student at the Cavendish Laboratory. That's the department of physics of the University of Cambridge. That is actually where Watson and Crick discovered the structure of the DNA about 60 years ago. Actually in my lab, we're also working with DNA.

Chris - And so, it's entirely relevant that your 3-minute piece is going to be on how we read the sequence of DNA.

 Kerstin - Yes. I believe as a scientist that it's my duty to make people aware of a technology which I believe will have a big impact on our lives in the very near future. We as scientists, we can only deliver tools but we have to decide as a society on how we want to use them. This is why I believe information is the key and I want to make people aware of what is the state of the art of DNA sequencing.

 Chris - Right. the rules of FameLab, you get 3 minutes and we're going to time you. We're going to give you your 3 minutes. Kerstin Göpfrich, your time on DNA sequencing starts now...

 Kerstin - DNA is the molecule that stores the information of life, a molecule that can copy itself. Surely, the greatest invention of nature and actually, the reason we're all here today. Volumes of history are written in the ancient alphabet of A and T, C and G, stories of the present and past that we're just starting to decipher. And that is where DNA sequencing comes in. DNA sequencing means decoding the information of life, reading the 3 billion letters of the human genome. That is a lot of information. The Naked Scientists would have to broadcast continuously day and night for a hundred thousand years before they will have broadcasted 3 billion podcasts.

So why do we even bother? We scientists believe that by sequencing DNA, we can give the right drug to the right patient. We can help to cure a disease before we even suffer from the symptoms. That is why we started the human genome project.

It took 150 scientists 13 years and $3 billion to decode one single human genome. That was back in 2003. Sequencing for everyone? Certainly not. But what if we could do it in under 10 minutes using a small device like this one, like this USB stick for under a thousand dollar? Well, this might be possible using a technique called nanopore sequencing which is pioneered by our collaborators, Oxford Nanopore. Actually, the "thousand-dollar genome" became the catchphrase for the sequencing industry. It was last year that Illumina, the sequencing giant, announced that they can actually sequence a genome for less than 1,000 dollar.

You may believe that computers have developed that unprecedented speed, but that's nothing compared to DNA sequencing. Computing power has doubled every 2 years, but the speed and the cost of DNA sequencing has dropped by a factor of 100,000 in just a decade. To me, that is overwhelming but there's not much time to be overwhelmed because we are facing a new reality. Do we want to predict our future with DNA sequences? Do we want to accept that we are fat because we have the couch potato gene? DNA stands for, Do Not Abuse, Do Not Alter, or Dignity Needs Awareness.

Let's be aware of what is out there. Let's be aware that DNA sequencing is at our fingertips and it has the power to change our lives in a good and in a bad way. This is why I would like to invite everyone to contribute to achieve sensible guidelines for our future.

Damaged blood-brain barrier

20:53 - A breath test for Parkinson's

Parkinson's Disease is extremely hard to diagnose but scientists have been trialing a breath test in mice, which is showing promise...

A breath test for Parkinson's
with Dr Simon Stott, University of Cambridge

More than seven million people worldwide are living with Parkinson's Disease.
blood brain barrierBut one in ten of those people might actually have a disorder that resembles Parkinson's, but is in fact a slightly different disease that might need treating in a different way. Now scientists in Cambridge and Israel are working on a breath test which can make diagnosis of the disease more accurate. Simon Stott spoke to Chris Smith...

Simon - Parkinson's disease is a neurodegenerative condition. That means that you're losing cells in the brain. One of the issues with the disease is diagnoses. The only definitive diagnosis comes at the post-mortem stage. When we look at the brains of individuals at that stage, 10% to 15% get rediagnosed with something else. That's quite a sizeable part of the affected population.

Chris - Is that a problem for those people because their treatment might not be optimal?

Simon - Exactly.

Chris - Given that the post-mortem stage is probably a bit late for the majority of cases, you would like to bring that diagnostic forward?

Simon - Exactly and the way we want to do that is look for biomarkers. These are chemicals that the body is producing that we can use to differentiate between two populations of people. We are looking at blood, we are looking at urine samples, we're looking at cerebrospinal fluid. These are all very invasive approaches though. So, using a breath test is much more simplified.

Chris - For real, you're able to literally take a sample of breath and this would tell you what's going on in someone's brain?

Simon - So, this is a question that often pops up. How is it there's something in the brain could be coming out of your breath? Two of the main pathways for excretion of waste or unnecessary material on the body, the respiratory system and the gastrointestinal system, both of them are connected with the mouth and what we breath out will include everything from coffee and what you had for breakfast, to other metabolic processes going on in the body. We have about 1500 people with Parkinson's disease on our books; we have clinical data for most of these people going back 15 to 18 years. And we're going to take all the clinical data, lining it up alongside the chemicals that are coming out of the breath test and see if we can start to put people into subpopulations with the condition.

Chris - You take the person, their diagnosis, and their breath chemicals, looking for chemicals that keep behaving like a repeat offender. This person with this diagnosis has this level of this, more often than someone who doesn't have that diagnosis. So, you see that pattern and then you can say, right, on the basis of just now sampling a person at random from the population, if they've got that particular chemical composition in their breath, they may well be developing or actually have Parkinson's.

Simon - Exactly. We also hope to use this technology to track the disease over time. So, some of the chemicals that might be present in very early stage Parkinson's might change towards later stages. There's a lot of exciting potential for this work.

Chris - How likely do you think it'll be that you'll get a breath test for Parkinson's?

Simon - A lot of the preliminary data coming from our collaborators in Israel, they've done animal pilot studies where they can differentiate between different models of Parkinson's disease. And now, they have the clinical data, which has just been published this month where they can differentiate between people with Parkinson's disease and people without. So, we are reasonably confident.

Broken phone

24:35 - Is your phone leaking personal data?

Most of us know we need antivirus software on our PCs, but what about our phones? Why do we need to protect them and how do we do it?

Is your phone leaking personal data?
with Dr Lorrie Cranor, Carnegie Mellon University

This week we're going to be looking more closely at the trusty devices we nowBroken phone carry with us everywhere and seem to use for almost everything; and that's our mobile phones.

Today's smartphones are capable of doing so much more than the mobile phones of a few years ago and, as a result, we're spending more and more time on them - logging what we've eaten that day, looking up where our next meeting is or uploading a snap to Facebook.  

All this has some obvious benefits but it's brought with it some serious security risks - most of which the average user is completely oblivious to. Did you realise, for instance, that leaving your phone's wifi switched on is broadcasting to the world where you eat, sleep and work, as well as potentially more sensitive information you definitely don't want revealed... Dr Lorrie Cranor from Carnegie Mellon University is an expert in data security and she spoke to Kat Arney about why don't perceive our smart phones to be at risk...

Lorrie - Our data is constantly at risk whenever we're using our mobile phone whether the wi-fi is on or not actually. At the very least, your telephone company is tracking you and perhaps others as well. Certainly, turning your wi-fi on, turning your Bluetooth on is going to put you at additional risk. Even when you're using your desktop or laptop computer and you're surfing the web, you're also being tracked as far as what websites you are visiting.

 Kat - What kind of personal data might be at risk from our phones?

Lorrie - Well, it depends what you do with your phone, but there's your address book, your email, your location, if you're doing online banking. All of this data is potentially at risk.

 Kat - And I guess then if someone got hold of it, they could do pretty bad things with it.

Lorrie - Yeah. Especially if you leave your phone without any sort of a password or pin, then anybody picking up your phone can basically act as you.

Kat - Pretty scary stuff. But what do the general public think are the risks? I mean obviously, a lot of people seem to be fairly oblivious that their phone is leaking data around them.

Lorrie - Yeah. I think most people are fairly oblivious and are unaware of the risk.

Kat - You've done some nice research with children, about how children view this because obviously, more and more kids are getting smartphones and going online with tablets and these kind of things?

Lorrie - Yeah. We have a project called Privacy Illustrated where we have gone into schools with magic markers and paper and asked kids to draw pictures of privacy and what privacy means to them. We've also done it with adults. But the children's drawings have been particularly interesting. We find with the youngest children, they're not yet thinking about technology. They're thinking about being able to go to their room or to the bathroom and close the door. But then as they get older, then we start seeing images of kids using smartphones and computers and some concern about privacy when they go online. A big thing with kids is, as they start using text messages, this becomes an extremely private form of conversation for them.

Kat - I assume not wanting their parents or anyone else seeing what they're saying.

Lorrie - Exactly.

Kat - Why do you think the public does seem quite oblivious about the risks of data leaking out of our smartphones?

Lorrie - Well, because it's a leak that we don't see. There is no tell-tale drip, drip, drip that you see and so, people don't know what's happening.

Kat - Should they be concerned? You know, I'm just walking down the street with my phone. How at risk am I as an individual of someone getting hold of my data and doing something bad with it? Can we be overly paranoid about this?

Lorrie - Well, there's a lot of different types of risks and there are some of them that may never impact you until they do. I mean, one type of risk is somebody actually stealing your identity, being able to break into your bank accounts, things like that, and that's a very tangible risk that people can understand. But there are also risks associated with just having things that you wanted only your friends to see or hear being made public. That actually can be devastating to people depending on what that information is and if it is passed on to their employers or their parents or their spouse, there's definitely information that can get out that can be really harmful to people.

Kat - Do you have a Smartphone and are you very careful about what you put on it?

Lorrie - I do have a Smartphone and I do try to be careful with it. I never post anything that would be upsetting to me if I saw it on the front page of a newspaper.

Kat - Are you going to post that you've been on the Naked Scientists?

Lorrie - Yeah. I think that's probably okay.


29:51 - Apps are selling your personal data

Why does a gaming app needs to know your location? It might be tracking you - even when you're not using it - and selling this information

Apps are selling your personal data
with Professor Jason Hong, Carnegie Mellon University

You've probably heard the phrase "there's an app for that" - be it Facebook, PhoneAngry Birds, Google Maps, WhatsApp... there are thousands of apps available online. You download them to your phone or tablet computer and your every need can be catered for at the swipe of a screen... And it's big business. Each of us uses - on average - 25-30 of these phone applications. So it's no wonder we tend to just hit 'accept' when an app asks for permission to use our device's camera, have access our contacts, or even look at our location.

But why does a game app need to know this information? And what exactly are these apps doing with this unrestricted access? Could some of them be recording private conversations, or logging where we go for coffee every Tuesday morning to sell the data to third parties? It sounds scary, but it's real: several app developers have already been fined in America for doing just this.

Carnegie Mellon University's Professor Jason Hong has set up a website to grades apps based on their threat to our privacy and he told Chris Smith why apps collect this personal data...

Jason - There's lots of different kinds of data that these Smartphone apps can store. So for example, they might gathering your phone's unique ID, might be getting your current location, or they might be trying to get access to your contact list.

Chris - The big question is, well, why do they need that information?

Jason - Well, in some of these cases, the apps are trying to use these kinds of data sources in new ways. So for example, we've seen apps that are games that are using your location data to create location base kinds of game. But other times, they're using it for advertising purposes or they're also trying to bootstrap their social network by getting your entire contact list, and then spamming your friends to see if they're interested in joining as well.

Chris - But this is illegal, isn't it?

Jason - It really depends. In some cases, the information is actually disclosing a privacy policy that that's what they're going to do.

Chris - When you install this software on your phone because your phone is often quite a powerful computer at the end of the day, isn't it? can it leave a sort of vestige of itself there even if you get rid of it so that there is always a danger that it's done something to your phone that means someone somewhere could still nonetheless have access to the information even though the app is no longer there?

Jason - Yes, that's right. Whenever you use a lot of these free apps, they're primarily funded by advertising. And so, what happens is that these advertisers are trying to collect a lot of data about you. So, even if you remove a specific app, you might still be using other apps or using the same kinds of advertising services.

Chris - So, you are motivated to setup your website to try to point the finger at some of the worst offenders and also highlight some good practice?

Jason - That's right. and so, what we did is we downloaded about a million different android Smartphone apps and we started analysing them to try to understand what the behaviours were. So for example, right now, you can easily tell that an app is using location data but you can't tell why it's using that data. So what we did is we try to infer the purpose. So for example, is it using location data for social networking, advertising or analytics? And then for the second part of the work, we also used a whole bunch of these crowd sourcing techniques. You can imagine this being a very large scale kind of survey where we're asking a lot of people how they felt about these kinds of behaviours. So for example, people are very unhappy about contact lists being used for advertising but are mostly okay with contact list being used for social networking.

Chris - Can you give us some physical examples of the kinds of apps that you think behave appropriately and perhaps some examples of ones that have been downright malicious?

Jason - So, one app that has a very surprising kind of behaviour but is sort of fun, there's this dictionary app where you can actually look up what other words that people around you are looking up. And just sort of as a funny joke, one time, I was in Washington DC and I was showing some other people this app and the word that was being shown nearby was 'corruption'.

Chris - Don't do that in Westminster either. You might catch one or two MPs on that one. I was looking at an example because I saw this newsflash come around and excuse the pun on 'flash' but it was about this flashlight app. Because I've downloaded this myself. You can turn the flash on your camera phone into a steady light source that you can use as a sort of torch in the night. There's evidence that some of those are being used to do things like turn on the microphone in your phone when you don't want to so that people can eavesdrop on your conversations even though the phone isn't making a phone call.

Jason - That's right. There are some really unusual kinds of behaviours. So, we've seen some flashlight apps that requests internet access. They're trying to get your phone's unique ID and they're also trying to get your current location. Now, the reason that they're trying to do this again is mostly for advertising purposes. So right now, this trade-off that's, "You can download me for free, but we, the developers need to make revenue off of it. and so, we're going to try to show you ads. But to show you better ads, we're going to try to get more data about you" so for example again, your location data and your unique phone ID.

Chris - Sounds pretty scary doesn't it? Looking at the trajectory of this, where does your research suggest the next threat is coming from or where are we going to be in the future because more and more, these phones and these devices are becoming a dominant part of our lives?

Jason - Yes. I think in the near future, our Smartphones probably will know almost everything about us. I think in many ways, this will actually be a good thing because our Smart phones will be able to help us with healthcare, transportation and sustainability. But these same technologies might also offer a lot of kinds of privacy problems as well.


35:13 - Got your WiFi turned on? Error!

How leaving your WiFi 'on' is haemorrhaging personal information to the world, like where you eat, sleep and work...

Got your WiFi turned on? Error!
with Glenn Wilkinson, SensePost

Many of us are unaware how much personal information we permit apps to take but what about our phones alone. If we had no apps, our personal data would be safe, right? Wrong: As it turns out, just by having your wifi switched to 'on,' you could be broadcasting messages to the world about who you are, what you like and even where you sleep at night. This is all possible with a free bit of software, available online, called Snoopy. Graihagh Jackson reports...

Graihagh - I'm whizzing down on a train to London for work. I've got my coffee and a long list of emails to attend to but my phone signal is a bit patchy. What to do? Well, wi-fi would of course be a perfect solution and sure enough, if I go into my phone's settings, there are loads of networks to connect to. Normally, I wouldn't hesitate to click connect, but today, I'm having second thoughts. Why? Well, it could be that I'm broadcasting information about myself to the world. I've come to Finsbury Park in North London to meet Glenn Wilkinson, the designer of some software called Snoopy. Snoopy can gather sensitive information from Smartphones simply by using their wi-fi signal. So hit me. What is the unvarnished truth? If I've got my wi-fi on now on my phone, what can you really tell about me?

Glenn - There's all types of different things we can tell from your mobile phone. Now essentially, the way wi-fi works is that if you've got wi-fi on, your phone is constantly looking for every wireless network you've ever connected to. It's looking for Starbucks, it's looking for LAX wi-fi, it's looking for McDonalds free wi-fi, it's looking for your home wi-fi or work wi-fi, and it's quite easy to detect those messages. There's two useful bits of information in that message - one, the name of the network your phone is looking for; and two, a unique serial number that identifies your phone in particular. It's called the MAC address. So immediately, I can tell what kind of phone you have and I know what networks you've previously connected to.

Graihagh - Could I think of this as like a unique digital fingerprint?

Glenn - Yup, absolutely. So, the over-arching idea of the research I'm doing is looking for a unique fingerprint for individuals based on the devices that they carry. Now, understanding what networks you've connected to could be useful for all kinds of reasons. At the very least, I can understand a little bit about you. If you've previously connected to networks like "Hilton Premier Suite" and "British Airways first class lounge", I can infer you're a bit of a high roller. I can maybe also figure out where you work. An example of that recently, I was on a train and I noticed there were these five mobile phones looking for a network, we'll call it Acme Bank Incorporated, and two of the devices were also looking for Hooters, so, hmmmm. I didn't know what Hooters was I had to Google it, but apparently it's some kind of bar...

Graihagh - Of course, you didn't.

Glenn - But immediately quite interesting.

Graihagh - I find this - well, terrifying. I'm going to let you demonstrate this. You've attached Snoopy to a drone. Why have you attached it to a drone?

Glenn - So, Snoopy is inherently mobile. You can run it on certain mobile phones and put it in your pocket and walk around in an area. If you attached that to a drone, we can fly the drone autonomously. So we can plot missions. Say, I want you to canvass this entire neighbourhood of London. It's unfortunately illegal to do this, but I guess criminals won't really care.

Graihagh - I was going to say, let's canvass Finsbury Park, but obviously, we're not allowed to do that. So, why don't we just canvass what we can see and see what sort of data we can pick up. I have to admit, it's pretty cold and there's not many people about. There's a dog walker and a man picking up some litter over there. So, do you think we might be able to pick up where these people are from?

Glenn - Yeah, absolutely. So what we'll do, we'll just hover Snoopy within a safe distance of these people, buzz around the park a bit and just illustrate the data being collected in real time and sent back to my laptop where we can analyse it. So, we've got the drone here.

Graihagh - Okay, so the drone is not very big. It's about 500 grams with 4 propellers. Oh my goodness! It's really fast. How fast can this thing go?

Glenn - So, this one probably on the order of 60 km an hour. So, if we just go hover within 15 meters of those people over there, we'll probably get reading in a few seconds. So, if we see here, we can see the data.

Graihagh - Wow!

Glenn - So, that's a lot there that's from a coffee shop. So, we met earlier and we detected 254 devices. And now, flying out here, we've got 11. Now, what's interesting is we've seen this one device both inside the coffee shop and around the park here. I'm a bit paranoid because what that indicates is someone is following us.

Graihagh - They could be knowing what you're up to and what your software is capable of. Is that not? That's why they're still here somewhere.

Glenn - Could be someone has been intercepting our emails to each other, they know we're here, and this is a sign that they're watching us.

Graihagh - Oh dear!

Glenn - Let's have a look at some of the other ones here. So somebody around us has an unknown device. That probably means it's a fairly new one that's not in our database yet. It's looking for this "SKY BA etc." which is, someone's got a Skybox at home and what we can do is, we can try and figure out where that person lives. And here, excellent, we got a hit. So, if you double-click on that, we get a photograph and a street address. So, Endymion Road, London, it's the postcode and that photograph that we saw is a photograph of their house or of their neighbourhood I guess.

Graihagh - Some beautiful sort of Georgian houses with pillars at the front.

Glenn - So now, we could go and pay them a visit if you wanted to.

Graihagh - Remind me, why have you built this because it seems like a fairly potent and clever, and potentially quite dangerous bit of software and hardware to be putting freely available on the internet?

Glenn - I get a lot of comments about why, "Why are you releasing this? It's dangerous." But the point of doing research like this is to raise awareness. To just show the public, look, how easy this is. Look how broken these standards are. I mean, just as a trivial example, if you go to the mall, you'll notice on the entrance, there's a very small sticker that says, something along the lines of, "Patrons will be monitored via their mobile phones to enhance their shopping experience." That kind of stuff is already being done. The difference is, we have released Snoopy for free to put pressure on the manufacturers to actually think about what they're doing and realise that, "Hey, maybe it's not the best way that we're doing things. Maybe we can enhance our security to protect our customers."

Graihagh - As soon as I got home, I turned my wi-fi back on but in the future, I'll be turning it off when I don't need it. Glenn also suggested I flush my preferred network lists to get rid of the Hooters type wi-fi and I should do this every 6 months.


43:00 - Is your phone wiped after factory reset?

Most folks know to wipe their phone before selling it, but few realise their contacts, emails and naked selfies may still be lurking there

Is your phone wiped after factory reset?
with Laurent Simon, University of Cambridge

Often, when upgrading our smart phones, we're given the option to recycle our old ones, and why not? It's better for the environment and you might even walk away with some extra cash in your wallet. So you delete everything on your phone and hand it over... End of story, right? Wrong! Last year, Laurent Simon bought some second-hand Android phones from eBay. All were advertised as 'wiped' of all personal data.  But, when Laurent plugged them into his laptop, he could recover almost everything. He told Chris Smith how he looked through old photos, text messages and even passwords... 

Laurent - Well, more and more phones are actually being sold online and the market is actually booming. We expect I think, more than a hundred million phones being traded by 2018. So, we thought it would be a good idea to figure out whether data was still available after you wipe it.

Chris - Are the majority of them sold as wiped?

Laurent - Most of them were wiped, yes.

Chris - When someone defines their phone as wiped, does that mean they've sort of gone into the settings because there's a button you can select on the phone that says "reset to factory" isn't it? That resets it to how the phone apparently was when it came out of the box. Is that actually what happens?

Laurent - Most people actually use this setting on the phone. And that's what the vendors suggest you to do before you sell your phones. It doesn't always delete the data and why this data is not properly deleted, you first have to understand how the data is stored on your phones. So, phones basically store the data the same way a library would store books. So essentially, you have books on your shelf and every time you want to access a book, you have to look up its location in a search index table. Now, some phones, when they wipe the data, they will actually delete both this index table and remove the books from the shelves. But some phones will actually only remove the index table. So, it appears to you as if your data has vanished, but if you look directly at the shelf, the data is still present.

Chris - The books are all still standing there. So, if you just wander along the shelves, you could potentially retrieve a book?

Laurent - Exactly.

Chris - And is that what you did with your project?

Laurent - Yes, exactly. We looked at the shelves directly and looked at the data rather than relying on the index table. Well, we found actually quite a lot of data. So, on some phones, we were not able to recover data but on some other phones, it was possible. This depends on versions and models.

Chris - What's sorts of juicy things were coming up? 

Laurent - So basically everything that you can think of. So, most phones will have...

Chris - I don't know I've got quite an imagination Laurent so...

Laurent - Yeah. So pictures basically. There are dozens or even thousands of pictures on the phones. So, you'd find selfies, you'd find family pictures, pictures of kids and babies. You might also find conversations either these could be emails, chats or text messages. You'd be able to find out which websites people have visited and which apps they have installed. And also, their contact list.

Chris - So, it's all potentially quite sensitive stuff?

Laurent - Yeah, exactly. Well, more importantly, you can also recover passwords. For example, passwords from third party apps that you install on your phone or password that is used by the phone in order to backup your data online.

Chris - Because people tend to use the same password many times in many places, it's possible also that could be a bigger breach than just for that thing that's on the phone. Is this something that happens on all kinds of mobile devices or are some more vulnerable to this?

Laurent - The market is sort of split between the Apple phone and the android smartphones.

Chris - It's about 50/50, isn't it?

Laurent - Yeah. I haven't personally looked into the IOS devices so I can't really comment on that.

Chris - This is Apple?

Laurent - Yeah, Apple. I haven't heard reports of data being recovered from those phones.

Chris - But what about android?

Laurent - It's more on a case to case basis. There isn't really a magic version that is vulnerable and another one that isn't. There are versions sold about 2 or 3 years ago that are more vulnerable and these are often the ones that people are actually selling online.

Chris - So, what can someone do about this? If you're someone who's about to flog an old phone or give it away to your kids or something, what can you do to make sure you're not a victim of something like this happening?

Laurent - Okay, so that's a difficult question because as I said, all phones are different and it depends on the model. But there are some steps that we can take to try to improve the situations. One of the things you can do before you resell your phone is to enable the encryption option in your settings. This basically scrambles your data to make it difficult to retrieve by someone. This technique essentially is often as reliable as the strength of your passphrase. So you're better off with a really long passphrase. Once you've enabled this option, you restart your phone, you ask for the passphrase and you can wipe your phone. For multimedia files, it's a little bit different especially on the android platform. So, if you actually want to get rid of this data, you have various possibilities, none of them are fully reliable but they will improve the situation. So, one of them is to use an external memory card to save your pictures instead of the default one on the phone. A second option is to connect your phone to your computer via a USB cable and delete manually the files on your phone and copy large files on the phone into your...

Chris - Basically, just fill up your phone with stuff and it's a bit like shoving new stuff onto the shelves of your library. It's going to push out all the old stuff so the fingerprint of it being there is gone. So, even though you're giving some data away, it's still stuff you don't care about because it's just random rubbish?

Laurent - Exactly. So, as I said, this is not fully reliable but this will help. Another way you can do this is also by trying to record a really large video until some of the memory is full.

49:13 - Fending off smartphone intruders

What can we do to defend ourselves against cyber-criminals exploiting smartphones to steal our personal data?

Fending off smartphone intruders
with Professor Lorrie Cranor and Professor Jason Hong, Carnegie Mellon University

Let's come back to some practical advice. Carnegie-Mellon scientists Lorrie Cranor and PhoneJason Hong. Lorrie, let's begin with you. So, what good advice could you give our listeners on how they can better protect themselves, if they're not wiping phones? What else could they be doing to make sure that they're not falling victim to these sorts of threats?

Lorrie - Well, I think the first thing is that they should setup a password or pin on their phone so that to protect themselves from somebody finding their phone and being able to access their information. So, I think that's important. And then I think they should also be careful about what apps they download and realise that most of the free apps, the part of the reason they're free is because they are essentially spying on you and trying to send you targeted advertising.

Chris - Basically, just don't download them in the first place.

Lorrie - You don't download them, unless you know what you're doing.

Chris - Jason, any sort of thoughts that you could add to the equation?

Jason - Well, in the short term, one of the thing you can also do is put your phone into airplane mode before you play some of these games. That way, it won't get your location data and also, won't use internet access. But in a long term, we're definitely going to need a lot more support for app developers and for regulators to make sure that they can help ensure our privacy.

Chris - Does this mean that people basically have to vote with their thumb, tell manufacturers and writers that you're not happy to have your data being exploited in this way and they'll get the message?

Jason - That's basically right. We need as a society to figure out what's the right balance between these app developers making revenue while also protecting our privacy.

Using a mobile phone

50:51 - Are smartphones changing our brains?

Using our thumbs to control our smartphones is changing the activity in our brains.

Are smartphones changing our brains?

Are smartphones changing our brains? If so, how and is it a permenant change? We put these questions to Zurich University neuroscientist Professor Arko Ghosh...

Arko - If you take the brain of a London taxi driver, regions associated with memory are on average, bigger than the general population even when compared to bus drivers who navigate on more constrained routes. Our brains are very flexible and can allocate their resources depending on our experiences. This can be very specific. For instance, concert violinists who grew up playing the instrument have higher activity in the part of the brain linked to the little finger of the non-bowing hand but not of the bowing hand.

Danielle - Estimates suggests that more than a third of world's population will own a smartphone by 2017. What is in store for this growing smartphone community? Are we also changing our brains like the taxi drivers or violinists?

Arko - We recently found that the part of the brain that receives information from the thumb generates more electrical activity in people who use touchscreen phones compared to old fashioned phone users. We think this brain difference reflects the heavy reliance on the thumb in the more modern users.

Danielle - Hold the phone! How soon before our smartphones have an impact on our brain and is it permanent?

Arko - These changes seem to occur rather quickly, immediately falling a period of say, intense texting. The brain area that receives information from the thumb becomes more active. So, do not think these brain changes are permanent. In fact, we believe that the brain is continuously updated according to how we use our thumbs. This activity is likely to tail off after a period of non-use. Possibly taking a few weeks to revert back to normal. But we don't fully understand this as yet.

Danielle - It's good to know your brain does go back to normal after a phone detox, but is this change something we need to be worried about in the first place?

Arko - Every time you thumb through your phone, you do change your brain a little. But it is too early to say if this is something to be concerned about. We have a lot to learn about how the ever-changing brain impacts our behaviour in general.

Danielle - So, our interactions with our smartphones are shaping the way our brains work and respond. With always increasing possibilities of new technology, it looks like our brain will be changing for as long as our futures last. But we still have a lot to understand about how and why this is happening.

Arko - In fact, smartphones offer a beautiful opportunity to understand how our brains are shaped by our daily lives as the day to day behaviour is seamlessly stored into the phone logs.

Danielle - A big thumbs up to Arko, that brain tingling answer. Next week, we'll be releaving ourselves of this question sent in from Johannes...

Johannes - Why is it that I want to urinate more frequently in colder weather?


Add a comment