Ain't no way to hide your prying eyes

I was having dinner with a friend recently when a distinguished looking gentleman glided past, a glamorous siren draped over one arm, both besieged by fussing waiters. When the obsequious whispers had subsided, my friend turned to me, face flushed. “I would never marry a good looking guy,” she huffed. “Pray why not?” “You can never trust a good looking man.” 

There is a serious trust deficit when it comes to modern relationships. This has spawned bizarre solutions like FlexiSPY that enables eavesdropping on your near and dear. “You have the right to know if your partner is sleeping with someone else,” the company advertises. I guess it’s time to toss out my teddy bear. The programme is easily installed on any cell phone and enables the wiretapper to listen in to calls, read SMS messages and e-mail, track GPS location, send an alert if the SIM card is changed, and even turn the target’s phone into a live microphone to pick up ambient sound.

Your best friend, that humble mobile phone or Wi-Fi enabled device, is under threat from phishers, scammers, and now, jealous partners willing to shell out US$349 a year. Travel has never been so precarious. 

The wireless world comes with the certain knowledge that someone may be able to snoop on you and compromise your conversations – and bank accounts. Most travellers never consider it might affect them. Yet it does. In a number of ways. The problem arises with “unsecured” connections between your mobile device and the network you are currently plugged into. Unsecured, or unencrypted, exchanges are a constant source of vulnerability. This applies equally to your wireless router at home or at the office that may be open to easy hijack.

The simplest scenario is where you flip open your laptop or cell phone and attempt to pick up a Wi-Fi signal, say at the local Starbucks. Your device identifies a network and logs on. This might be a network identified simply as “Free Public Wi-Fi”. The potential problem here is the network you have accessed could be a scam with the result your data is now moving first to the rogue interceptor device – perhaps a laptop at the next table – before continuing to any legitimate network. If your data is unencrypted it is open to viewing by any third party. This sort of attack or information heist is effected through clever use of a “bridge” between you and the real network. 

A scammer might log on to your unsecured home or company Wi-Fi transmitter, and begin operating on the internet under your “shield”. Whatever this person does will appear to be activity originating from your PC or mobile device. He can burn up your bandwidth allowance with child pornography downloads leaving you to pick up the bill and the consequences. And once his laptop has remembered your location, he will have little trouble logging on subsequently. 

“Packet sniffing” is another egregious practice, easily accomplished with a Firefox plug-in like Firesheep that literally sniffs for cookies in the vicinity from social network sites and Web mail. Once you’ve hijacked someone’s live session you can then log on as that person to cause endless embarrassment on Facebook or any mail account. 

Fortunately, the growing use of HTTPS (secure hyper-text transfer protocol) on Web servers is denting some of Firesheep wannabes’ woolly enthusiasm. There are encryption solutions like OC Shield) too that scramble Wi-Fi data. But then the best scams are the simplest ones. Like ringtone downloads. This is the easiest way to import a Trojan virus into your phone turning it into a potential zombie awaiting its master’s call for the next DoS (denial of service) attack. 

At airports, turn off your Bluetooth device or disable the “discoverable” mode. This prevents prying eyes. And beware of pretty women. Especially if they ask you to marry them. It’s NOT a compliment. Safe travels.

 

Vijay Verghese edits www.SmartTravelAsia.com – a Hong Kong-based travel website.