Question

How secure is 4G?

I understand if I connect to public wifi and log in to accounts that can be intercepted. But what if I am in public, do not connect to any network and check my email. I created an email account when I first got my phone with a password. The phone has never required a password since so I assume it is stored somewhere on the phone and resent any time I start up the phone. When I read email on my smart phone in public is it broadcasting my password? Can it only be intercepted if I connect to a public wifi source? Can it be intercepted if I am using my 4G data plan data?

If I surf the internet via using my data plan can that be easily hijacked? For example recently I was checking scores on m.mlb.com when some ad site seemed to take over the phone. I turned it off and scanned it when I got home but had to clear cache and data in addition to clearing history to keep it from starting back up on the ad site.

So if I am using just my 4G data plan how careful/paranoid do I have to be?

Discussion is locked
Follow
Reply to: How secure is 4G?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: How secure is 4G?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
Totally insecure.

In today's world revealed by Edward Snowden and what happened to Lavabit, there is no assurance that what you do is secure.

All secure email sites have been attacked like Lavabit by our governments. Here's one article on the subject. https://en.wikipedia.org/wiki/Lavabit


-> OK but what about that site hijack? My bet is the site is not well crafted and their advertising was done incorrectly and wasn't made to be easily dismissed. It's not a sign of infection from what you wrote.

Then this: https://threatpost.com/researchers-find-85-percent-of-android-devices-insecure/115030/

For me this means I can't use my phone for anything that involves money, etc.

- Collapse -
Not sure the email server site hack is relevant

Not sure I see the relevancy of the email server getting hacked. For purposes of say the yahoo or gmail server getting hacked it is not going to matter if I am using a phone to access it, my desktop, or the most secure workstation in the world. But just because there is nothing that is absolutely 100% safe does not mean I do not want to take all reasonable precautions.

- Collapse -
Answer
4G Security

Good question, to put it simply, as Wi-Fi becomes more widespread – so do hackers. I would use commonsense when connecting to a public Wi-Fi network, such as only browsing websites that don’t require login or personal information, making sure the Wi-Fi is legitimate, and using a VPN, which will create a path between the server and your device. I found this great article from Network World that I think you’ll find useful - http://www.networkworld.com/article/2904439/wi-fi/is-it-safe-to-use-public-wi-fi-networks.html . Hope this helps!

Note: Moderator added a space after the URL to fix it so we can just click it.

Post was last edited on October 28, 2015 10:14 AM PDT

- Collapse -
4G connection, not public wi-fi

Thanks for the reply. But I am not talking about using public wi-fi. The only place I use wi-fi is at the house where I know everything is encrypted.

I am asking if I do not use wi-fi and check my email is that 4G connection safe? My concern is since I never am entering my password even when at home at what point does that password get sent to the email server after I restart my phone? I assume it has to be stored somewhere in the phone and sent at some time either via my home wi-fi at home or via 4G cellular network if not at home. So is that traffic over the 4G cellular encrypted or is it not encrypted? If it matters I am using MetroPCS.

- Collapse -
Let's just write no.

You can find all about LAVABIT and how that went down for many reasons. When it comes to secure comms, our governments are working hard to keep it so they can see it all.

- Collapse -
Nothing is 100% secure- that is the underlying point

However, is it *reasonably* safe to assume that (most of the time) nobody will set up a Stingray device (google it) near your immediate location which can intercept/decode your 4G/cellular communications?

IMNSHO, yes. Nothing to see here, folks....

- Collapse -
Info on stingray helpful

Thanks for the info about stingray. I did google it and found that a little disturbing. The lavabit was not extremely bothersome since nothing I can do about government access to anything and my assumption is a court order required to access and it was not relevant to whether I logged in via phone or home desktop.

The stingray however since it monitors everything without court order and from what little I have read available to non-government would be a big concern. That is definitely the type info I was looking for when posting this question.

- Collapse -
Lavabit didn't need a court order.

Here in the USA, it's all in the news about rampant collection of internet, cellular and more data. That said I have used the TAILS OS from time to time. Mostly on travel.

Governments and others don't like it. http://www.wired.com/2014/07/nsa-targets-users-of-privacy-services/ for example.

The NSA collects all the data without a court order.

- Collapse -
PS. STINGRAY gets better or worse. Your call.
- Collapse -
Bad link?

Link gave a page not found error.

- Collapse -
Come on dude

It works. Just remove the period at the end. Use your eyes, amigo Wink

- Collapse -
Answer
Not Safe

The main security problem with 4G networks is that user information can become easily available to hackers via, for instance, ‘man-in-the-middle’ attacks, and hackers can compromise new services like mobile health or mobile commerce

This gives the attackers full access to the data being sent over the network, and some hackers could even be able to control it.

I think the main problem is there's no protection between the phone and the network it’s connected to, and the core network controlled by the operator

CNET Forums