Do you have a Smartphone, tablet, or any other wifi enabled precious gadget? Do you leave the wifi connectivity always on or use free services from shopping centres, cafes, etc? Then you may or may not be aware that other people can tap into your device, send you unwanted adverts and even get hold of your emails and data. We are not talking about the well publicised spying from secret services working for governments. These are commercial uses of the technology, although nothing prevents secret services from getting hold of the data.

According to a report from the BBC  “Security firm SensePost has unveiled its Snoopy drone, which can steal data from unsuspecting Smartphone users, at the Black Hat security conference in Singapore.

“The drone uses the company’s software, which is installed on a computer attached to a drone.

“That code can be used to hack smartphones and steal personal data – all without a user’s knowledge.

“It does this by exploiting handsets looking for a wireless signal.

“Glenn Wilkinson, who developed Snoopy, says that when the software is attached to a drone flying around an area, it can gather everything from a user’s home address to his or her bank information.

“Every device we carry emits unique signatures – even pacemakers come with wi-fi today,” Mr Wilkinson tells the BBC.”

Joanna Long for Ethical Consumer:

“Location information can also be passively detected on a mobile phone by a third party. Sometimes this is done at the request of the subscriber via that third party. For example, applications exist that enable subscribers to locate lost or stolen phones through their WiFi signal (providing it is switched on) and their phone signal (providing it is on and connected to the network).

“Similarly, companies such as MobileLocate, Creativity Software and Mobile Commerce offer services that can ‘find’ specific individuals through their mobile phone handsets. Legally these services require the consent of the ‘locatee’ to be located, meaning that parents cannot monitor their children without their children’s knowledge, or employers their employees.

“Some passive location services, however, are operational without subscribers’ knowledge and without any clear indication on the phone handset.

“…Shopping centres can also use this information to set rents for retail units, advertise events, as well as improve the sitting of emergency exits and amenities. Path Intelligence claims that this kind of tracking is equivalent to the way online shops track customers’ movements and that FootPath simply levels the playing field for offline retail outlets.

“The information gathered from mobile phones by FootPath are the unique numbers assigned to handsets by the network operator – the Temporary Mobile Subscriber Identifier or TMSI. They do not identify the user, their telephone number or the content of texts, phone calls or emails. This enables Path Intelligence to promote FootPath as gathering ‘anonymous’ data.

“Mobile phones with WiFi receivers are also open to passive location services, otherwise known as WiFi ‘sniffing’. A recent high profile example of this concerned recycling bins installed in the City of London. These bins recorded information from nearby mobiles phones with WiFi turned on and used this to target the electronic adverts on the bins to specific passers-by. By sniffing WiFi across an area, these bins can track the movements of people/phones over time, learn their habits and enable advertisers to target particular individuals…

What you can do

“You can minimise the possibility of being tracked by commercial organisations in several ways. Firstly, turn off the WiFi receiver when you leave a WiFi zone and turn off all location services. If you want to avoid being located through your signal, you can turn this off manually or by switching your phone to ‘flight mode’ whenever possible.

“Subscribers should be able to stop targeted advertising messages simply by texting STOP to a specified (free) number. If such messages continue even after you have requested them to stop, you should report this to Ofcom.”