FireSheep and Hotspot Hacking

Back in April I wrote a post on the dangers of NOT using a VPN over public Wi-Fi hotspots. As data is not encrypted, anyone in range using a network tracing tool on a notebook or other devcie can tap into the data traffic of the hotspot and filter out email passwords from non-encrypted POP and SMTP connections and session cookies e.g. from social networking sites (think Facebook, Twitter, …) that are only using non-encrypted http connections. While email passwords are straight forward to be used, things are a bit more tricky with the session cookies. But nothing a willy hacker with a bit of background knowledge couldn't overcome. Agreed, it takes a bit of effort which has so far probably prevented this sort of identity stealing from taking off so far.

But now cookie stealing in unencrypted public Wi-Fi hotspot seems to have become almost trivial with a Firefox plugin called FireSheep. It requires the Winpcap network driver to be installed, the same that is also used by programs such as Wireshark for network tracing. This way FireSheep can intercept all data traffic in a public hotspot and with some processing of the intercepted data, all computers used in the hotspot are shown to the user. As soon as someone with that computer accesses a service only using http, cookies are extracted and the computer running FireSheep can now be used to impersonate the other user with a single click on an icon in the browser. This is really scarry as it doesn't take a lot of effort or knowledge to install FireSheep and Winpcap. When I checked, the software was already downloaded 600 000 times! So I wonder when the first victim stories will appear. How far this will spread probably depends on the precentage of Wi-Fi adapters FireSheep can set into promiscuous mode so all packets are delivered to higher layers of the protocol stack.

Let's be clear, FireSheep does not exploit weaknesses in the browser or the OS that could be fixed. No, FireSheep exploits the intended design of public hotspots, i.e. to send data without any protection. But there's an easy fix: Use secure SMTP and POP (available from most email providers today) and make sure to only use web based services that offer https (still not done by many web sites today). If and when victim stories pop up I wonder how long it will take popular sites to switch over to https!?

On a further note, have a look at Dean Bubley's blog, he's got some interesting thoughts how this "click and shoot" hacking method might influence future 3G offload technology. Especially in that area, automatically established VPN tunnels as part of a Wi-Fi offloading solution would fix the issue for good. For the ordinary use of public Wi-Fi's, however, most users will probably still not care, know, be willing or capable of using a VPN solution. So for that scenario, https is likely to be the best defense.

3GPP Rel. 8 Fast Dormancy Moves Quickly

Back in summer this year I ran a post on UMTS state switching and Fast Dormancy evolution to highlight the challenge current mobile devices have with battery consumption due to applications running in the background that access the Internet periodically. A major part of the current solution to the issue is a functionality referred to as "Fast Dormancy" which saves battery capacity by setting the radio link into Idle state quickly. This comes at the expense of a longer delay once data has to be exchanged again with the network and an increased signaling load in the network.

The fix for both downsides comes with the introduction of a new parameter in the Signaling Connection Release Indication message in 3GPP Release 8. With this parameter, the radio connection is not put into the Idle state but instead in the Cell-PCH state which is similar but doesn't have the afore mentioned downsides. Have a look at this post for a more detailed explanation. Usually, standards changes take years before they end up in real networks. This one, however, is quite simple to implement and there is real demand for it today. Now there are first indications from NSN, a vendor for 3G infrastructure, that they have implemented it and have run some first tests in a lab together with Qualcomm, one of the companies producing 3G radio chips.

Good stuff, let's see how quickly this is pushed out to real networks and real devices.

LTE-A Now Officially a 4G Technology

Right after 'open' and 'unlimited' the most mis-used word or acronym in the wireless industry is 4G. HSPA+ is not 4G, LTE is not 4G and Wi-MAX most definitely is not 4G either as they are all part of the IMT-2000 family, which is 3G. Call them 3.5G, 3.9G, 3G+, 3.999G, whatever, but 4G is not correct.

But now finally the International Telecommunication Union (ITU) has named the first network technology that will be part of IMT-Advanced, or, in other words, the first 4G technology. And this is 3GPP Release 10 LTE, also known as LTE-Advanced or LTE-A for short. Current deployments and activities revolve around 3GPP Release 8 LTE, which, once again, is not 4G 🙂 LTE-A is quite a number of years out and how realistic 1.2 GBit/s device classes will be in a couple of years is anyones best guess at the moment. But it's 4G 🙂

Twitter Feed For Everyone to See At Conferences

It's probably not the first conference it was done but the Forum Oxford Future Tech conference was the first that I attended that made use of it: In addition to the presentations, the Twitter feed for the conference was also displayed at the front for everyone to see and contribute. And it was heavily used by me and others to comment on the presentations and to bring further ideas into the ring. I really enjoyed that. Last year, when people twittered during the conference and it was not shown it felt more of a second layer running independently from the the event itself. By bringing it out in the open the virtual dimension and physical dimension was nicely combined. In other words, a good idea 🙂

Power Consumption on Mobile – People Do Notice And Act

When recently talking to someone about the apps he's using on his mobile device and which social networks he is active in he noted that he likes Facebook a lot but the app for it on his mobile device is so power hungry, he doesn't dare to let it run in the background because his battery will go flat in a matter of hours. That tells me that he probably gets a lot of updates that are then immediately pushed down to the mobile, which in turn requies the radio to be switched on quite often. There we go, a natural barrier hit.

So what is needed in this case is that the apps becomes more situational aware. When the display backlight is switched off and the phone is locked there's no need for updates to be pushed continuously and the app could inform the backend server so status info is collected and stored until the user actually checks for updates again. I don't think that would be difficult to do. And surely, network operators would be happy about it as well as it reduces the signaling load on the network.

MWC 2011 – Flights and Hotels Still Cheap

A little note to those today playing with the thought of attending the Mobile World Congress in Barcelona in February 2011. If you think about going, make sure you book your flight and hotel soon. So far, flights are still available for reasonable prices and hotel and hostal rooms can still be hade for double digit prices. If previous years are any indication it won't hold for long and prices are likely to go up significantly soon. Of course as every year I will be at the Wiley booth (my publisher) on one of the days to talk to readers and friends. Would be great to meet you there!

Opera Mini Browser Now Native on Symbian

I've been an Opera Mini web browser fan ever since it has first appeared as a Java application on the first Symbian phones as even on mid-range phones it makes browsing lightning fast. Another reason for me using it is that it keeps my costs for mobile data down when I travel abroad as it uses a network side compression server. But even on high end phones, the mini's compression techniques have its advantages as no matter how powerful the device is, compressed data is still downloaded and rendered much more quickly. Try browsing with a normal browser in a train with a patchy network outside or just GPRS or EDGE coverage and the advantages are even more profound. Over the years, Opera has added native mini's for Android and the iPhone but so far, it always remained a Java application on Symbian. Not that I particularly minded, as the speed was just stunning, despite a Java interpreter between the browser and the phone. But now Opera seems to have changed its mind and now also offers a first native beta for Symbian.

I gave it a try on a current Symbian^3 phone and it looks almost exactly identical to the Java version. Once loaded I'd say it's hard to spot the difference. As Opera mentions in the press release, the native version starts much faster than the Java version, I'd say it's up and running in a second. Spectacular! Scrolling through a page via the touch interface is a tick smoother than with the Java version. And another good feature: With the online bookmark synch option, getting the bookmarks and the six start page pans for quick access to the Symbian app is done in a few seconds. Very nicely done, Opera, thanks a lot! 

BTW: No need to go to an appstore to get it, just open any browser on the mobile device, head over to www.operamini.com and download it right from there.

Via IntoMobile

Text4Baby

Here's a quick post about a very simple but potentially powerful mobile service I recently heard about at the Forum Oxford Technology conference: Text4Baby, a service in the US for pregant mothers, sends SMS messages each week during and after their pregnancy with tips and advice on what should be happening at around this time of the pregnancy and tips concerning the mother's and baby's health. A great service for something that doesn't come with a manual as someone noted during the conference. While this is an innitiative in the US, I wonder if there are similar ideas in other countries!? If you know, please leave a comment.

Buy Tickets Online – Abroad And Without A Printer

Every now and then I'd like to buy a ticket online when I am traveling, for a theater play, for a bus ride, for the next train trip, a museum ticket, etc. The difficult thing that is a showstopper sometimes is that you never know how to convert the virtual ticket to a real ticket afterwards. The good old way is to print out something and to present it somewhere, something that is not really feasible when you travel and don't have a printer you can use nearby. Some offer to send you a text (SMS) but they don't tell you in advance if that works with a foreign SIM card, too. Some offer a code to present, some work with your name and presenting the credit card, some send you a 2D bar code that you have to present on paper, others are progressive and allow it to be shown on the mobile phone, etc. etc. Quite a chaos, really. Some more thought around how foreigners can buy a product visiting the country and clear information before the sales process of how the real product can be collected afterwords would be really good.

Redundancy And A Universal Charger

As a frequent traveler there are some things that are always in my suitcase and that are never taken out when I am at home so I won't forget them on the next trip. One of those things is a spare charger for my mobile phones. When I recently arrived in Oxford I noticed that I forgot to put the usual charger in my backpack. Already thinking that I'd have to go out and by a charger for the week I suddenly remembered that I have a spare one in the suitcase. So much for redundancy! Sure, you wouldn't have this problem with recent phones, most of them now chargable over USB. And with universal chargers now coming to the market, things are getting even simpler and, as a side note, also a bit more environment friendly.