Security vs convenience. They are inversely proportionate. Current smartphones.. especially Iphones are very porous. Easy solution..everything runs over wpa2 and ssl or both. this requires work though and folks are adverse to this. In short you are going to have to manage your smartphone just like you manage your computers. Smartphones are a bigger problem for your data than modern computers are as smartphones have not caught up to the security levels of pc/servers yet.
As a security professional who gets paid to hack into high-value networks, Mark Wuergler often gets a boost when his targets use smartphones, especially when the device happens to be an iPhone that regularly connects to Wi-Fi networks.
That’s because the iPhone is the only smartphone he knows of that transmits to anyone within range the unique identifiers of the past three wireless access points the user has logged into. He can then use off-the-shelf hardware to passively retrieve the routers’ MAC (media access control) addresses and look them up in databases such as Google Location Services and the Wireless Geographic Logging Engine. By allowing him to pinpoint the precise location of the wireless network, iPhones give him a quick leg-up when performing reconnaissance on prospective marks.
“This is interesting on a security level because I’ll know where you work, I’ll know where you live, and know where you frequent,” Wuergler, who is a Senior Security Researcher for Miami-based Immunity Inc., told Ars. “If the last access point you connected to was your home, for example, I’ll know right where to go to get to you later or get to your data. If I’m an attacker that wants to break into your company, this becomes a disclosure that an attacker isn’t going to pass up.”
The exposure of MAC addresses extends not only to iPhones, but to all Apple devices with Wi-Fi capabilities, he said. It means that whenever the wireless features are enabled and not connected to a network—for instance, during a brief encounter at a Starbucks—they broadcast the unique identifiers, and it’s trivial for anyone nearby to record them. Wuergler speculates the behavior is a feature designed to automate configuration for networks users regularly access.
In many respects, Stalker is a dramatic example of the risks posed by today’s smartphone, which was designed with speed and utility as its chief selling points.
“It’s widening all of the attack vectors that I can use against you,” Wuergler said. “All of the conveniences that are being extended to you are also being extended to an attacker, just making it easier for identity thieves and corporate attackers.”
He said the best advice for people concerned about smartphone security is to limit the kinds of personal information they entrust to their devices. Users can also benefit by turning off their device’s Wi-Fi as much as possible.
“I do use my phone on wireless networks, but I don’t store a lot of personal data on my phone,” he said. “If you put your personal data on there, you don’t even need to be connected to a wireless network for me to be able to break into your phone.”