SARAH SMITH |
You might think you've got pretty good online security. You've devised long and complicated passwords. You only log onto trusted Wi-Fi networks.
So how could anyone access your personal data?
Well it doesn't take millions of pounds worth of high tech infrastructure. It's not only state security services that can do it.
Anyone, with a bit of inexpensive kit, and a little bit of know-how, could be reading your emails right now.
To show how easy it is to hack into just about anyone's emails, we invited a group of students to participate in a short experiment. We promised them a free lunch and that was enough to tempt them in. And we told them it had something to do with mobile phones. We did not tell them precisely what was about to happen.
We've invited you here to ask what your mobile phone says about you. And by the time we're all finished here, I think you're going to be pretty surprised when you find out just how much information your phone is giving away about you, all the time, without you even knowing it.
While they ate some free sandwiches and, inevitably, started playing with their phones, we started the electronic eavesdropping. They had no idea what we were up to next door. What our volunteers don't know is that hidden behind this bookcase, are our tech security experts. Right now, they are using a bogus Wi-Fi network to connect to our volunteers' phones and access all kinds of personal data.
Glenn and Daniel are here to show us, and our student guinea pigs, just how easy it is to hack into their phones and start reading their emails, tracking where their phones have been, and see what they're looking at online. |
GLENN WILKINSON |
So, Rachel Powell, we've got her Mac address. |
DANIEL CUTHBERT |
Can we find her? |
SARAH SMITH |
Using only a small receiver attached to their laptops, they're able to create Wi-Fi networks that look like the familiar trusted networks the students use all the time.
Any of our students might have been wary if they had knowingly logged onto an insecure public network, like you might find at a bar or a coffee shop.
But their phones are being tricked into automatically joining what looks like an approved and trusted network, sending all their traffic through our hackers' laptops.
They had no reason to suspect anything, but while they dug into the egg and cress. |
DANIEL CUTHBERT |
Her Facebook profile is open. She shows where she lives. |
SARAH SMITH |
Glen and Daniel could see their Facebook pages, check where they'd been, even read their personal emails. Whilst you've been patiently waiting for us here, we have secretly had two tech security experts in the next room trying to find out as much as they possibly can about each and every one of you, without them knowing your names.
They don't know your telephone numbers, none of that. But they've still been able to glean quite a lot of information about you.
Our students are about to discover just how much. By leaving their phones switched on, they've inadvertently given away their names, online identities, and allowed access to deeply private communications. |
GLENN WILKINSON |
I'm seeing your Facebook and your email.
Your Yahoo mail, it turns out, was, it's not encrypted |
ALLIE KURTZ |
Are you going through my email? |
GLENN WILKINSON |
We can go through your inbox.
At that point, we have control.
So Dan was looking at, like, a sent email. |
ALLIE KURTZ |
I do know I have quite an open online profile.
But to see the emails come up on the screen, that was a bit shocking, all my work emails, personal things.
So that was surprising.
It's, like, really scary to know that can happen. |
SARAH SMITH |
And it's not just your email.
Our hackers could identify the precise locations where our students' two phones had previously logged on to Wi-Fi networks. |
GLENN WILKINSON |
Someone went to the States and connected to a network with a unique name.
So that's the only one that's in the database.
So I know you've been there.
And anyone from Romania or visited Romania? |
SARAH SMITH |
Did you realise that the phone in your pocket was practically a GPS tracking device? |
RACHAEL PELLS |
Not to that extent.
I didn't realise it was that easy to track my whereabouts, even if, you know, even if they don't have anything on me in the first place, they can just find out everything they need to know through my phone. |
GLENN WILKINSON |
We are the good guys.
We are on your side.
This is an example too – if we were the bad guys, we wouldn't be showing you this.
We'd be clearing out your bank accounts and running for the border. |
DOMINIQUE BRUNDLER |
I had no idea, really.
We were just talking, eating sandwiches.
So really just surprised and shocked. |
SARAH SMITH |
So at any point, somebody could be hacking into your phone and trying to access all this information about you... and you've realised there's no way you would know that was happening. |
DOMINIQUE BRUNDLER |
Yeah, basically, I will now turn off my Wi-Fi while I'm around. |
SARAH SMITH |
Worried now? You should be.
So how can you carry on, using convenient Wi-Fi hotspots, without giving away all your secrets? |
DANIEL CUTHBERT |
They've got to be more aware of what they're connecting to.
Mobile phones and smartphones today leak out a lot of information.
The way we use the internet, we give away a lot of what we're doing. |
SARAH SMITH |
You're the white hat hackers. You are doing this for good purposes.
Are other people out there using technology like this without quite such good purposes? |
DANIEL CUTHBERT |
Definitely.
The criminal market is abusing this kind of technology now.
Advanced malware, custom viruses, et cetera - and they're going after people.
They want people's email boxes. They want access to computers. Because that way you can then start doing a lot more fraud than you could do with the old fashioned style attack. |