Security myths under the microscope : Can a switched-off cell phone be tracked?
Dusseldorf There are many myths surrounding data security: A cell phone that is switched off can still be tracked, Google always knows where you are, and you are being watched via your webcam. What of it is true, what belongs to the realm of fantasy?
The laptop is open on the desk. While you are changing in your room, you might be watched by a hacker via your webcam. A horror scenario – and a reason for many users to tape off the webcam on their laptops as a precautionary measure. But is that even necessary?
Checking the biggest security myths:
Cell phones that are switched off can be tracked
As soon as the smartphone is connected to a transmitter in any form, it can be located. This works via mobile radio, WLAN or Bluetooth. "Then there is a contact, and the phone reports", says Fabian Scherschel from "c’t"-Trade magazine. This tracking usually works even in standby mode. However, if the phone is in flight mode or switched off, it cannot establish any connections and thus cannot actually be tracked.
"But there are supposed to be techniques for gaining access anyway via an independent chip in the phone", explains Scherschel. "To be completely safe, you would have to remove the phone’s battery", says Tim Griese of the German Federal Office for Information Security (BSI). But that’s not possible with many devices.
There are no Mac viruses
But there is malware for Apple computers as well. "Windows and Android operating systems, however, are more likely to be the focus of attackers due to their higher penetration rate", says Griese. Around 90 percent of computers run Windows. So Mac computers are much less attractive for mass attacks.
The use of Apple or Linux systems is therefore theoretically safer. But that doesn’t apply to targeted attacks: "The effort required by hackers is the same for all operating systems, says Norbert Pohlmann, head of the Institute for Internet Security.
My provider reads my e-mails
With unencrypted messages, this is theoretically always possible. In practice, however, this is not about targeted reading, but about large-scale scanning of e-mails for viruses or for advertising purposes.
"Google does this and searches for keywords in the mails in order to serve advertising to customers," says Norbert Pohlmann, says Scherschel. This happens automatically and anonymously – and not in order to monitor users. But Google has announced that it will stop scanning.
"In practice, what is more decisive is whether other third parties can access e-mails, for example, when using the WLAN in a cafe", says Griese. The BSI therefore recommends encrypting one’s mails. This is especially true for sensitive content. For short messages, Scherschel recommends using messenger services with integrated end-to-end encryption for reasons of convenience.
Cookies are bad
In fact, however, these cookies are often nothing more than a kind of bookmark and can be important for user comfort. "In an online store, the system thus remembers, for example, the products in the shopping cart", says Pohlmann.
In many cases the cookies are even absolutely necessary. If you don’t want your data to be stored, you can delete it in your browser settings.
Google always knows where you are
If location access is activated on the smartphone, the service providers of all apps with the corresponding authorization learn where one is located. This, of course, includes Google with Android smartphones – just as Apple does with iPhones.
The BSI recommends that users check how transparently providers handle their data and use setting options. "On Google, usage can be viewed and restricted through the dashboard", Tim Griese gives an example.
Location access can also have clear benefits, such as with weather apps, or even be essential, such as with navigation apps.
You are being watched via your webcam
Via malware, attackers can actually take over devices’ cameras. "The malware is also capable of disabling the LED to detect usage", says Tim Griese. Since most users rarely use their webcam anyway, taping it off is a good strategy.
The danger of spying also exists with smartphones, tablets or smart TVs. "However, taping up is usually impractical here", adds Scherschel. Users are correspondingly more inconsistent here, although theoretically the same danger exists.
Scherschel’s basic advice in all security matters: "The user should not be indifferent to everything. But he should also not become paranoid."