Sat on the train going on my way back from London and I noticed my Samsung Galaxy phone was displaying a message telling me that it had detected a Samsung Gear device near me and wanted to connect. The connection it was trying to establish was via Bluetooth which was enabled to allow my phone to connect to my cars audio system. I hadn’t even thought to disable it.
As I look around the train I can see various people making use of mobile devices including laptops as we speed through the countryside. The train is equipped with Wi-Fi thereby allowing everyone to remain connected even as they travel.
Two things worry me about the above. The first worry is that of stray connections such as the one my phone tried to make with another passengers Samsung Gear. As the various people on the train sit watching their video on their device, listening to music or working away their mobile devices are constantly seeking to make connections. To connect to Wi-Fi for internet access, to connect via Bluetooth to external speakers, wireless headphones or in car audio devices. As we use more and more technology our devices become more and more interconnected. In doing so though we expose ourselves to an increasing risk of inappropriate connections being made either due to device error or due to human error, such as if I had accepted the connection which my phone was trying to make without reading the actual message. These inappropriate connections may then give rise to unauthorised access and download of our data or to malicious acts being committed via our devices.
The other thing that worries me is the free Wi-Fi. Now I suspect most people assume that the trains Wi-Fi is sufficiently secure although I cannot be sure of this. The issue is the ease with which a passenger on the train could bring their own Access Point and set up a dummy Wi-Fi network, pretending to be the train providers network, for other passengers to connect to. By doing so the owner of the dummy AP could gather data from those on the train who connect to the dummy AP. This just seems all too easy.
The third thing that worries me is general awareness and consideration of security. I doubt many people other than myself was giving cyber security of the many devices in use in the train carriage I sat in much in the way of consideration. I would love to be able to survey people on a train or in another public space where free Wi-Fi is available in order to prove or disprove this assertion. My belief, until I have any evidence to the contrary, is that we are a little too accepting.
Events such as the recent National Health Service ransomware attack highlights the issue of cyber security however the impact is not limited to big incidents occurring to big organisations like the NHS. It affects each and every one of us, every day, even when sat on a train. Also we cannot afford to be outraged and concerned only when a large breach like the WannaCry virus occurs, before almost instantly returning back to normal and forgetting all about security and the potential risks and implications.
We need a societal shift in terms of our perception of cyber security.