Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

How secure is 4G?

Oct 17, 2015 8:26PM PDT

I understand if I connect to public wifi and log in to accounts that can be intercepted. But what if I am in public, do not connect to any network and check my email. I created an email account when I first got my phone with a password. The phone has never required a password since so I assume it is stored somewhere on the phone and resent any time I start up the phone. When I read email on my smart phone in public is it broadcasting my password? Can it only be intercepted if I connect to a public wifi source? Can it be intercepted if I am using my 4G data plan data?

If I surf the internet via using my data plan can that be easily hijacked? For example recently I was checking scores on m.mlb.com when some ad site seemed to take over the phone. I turned it off and scanned it when I got home but had to clear cache and data in addition to clearing history to keep it from starting back up on the ad site.

So if I am using just my 4G data plan how careful/paranoid do I have to be?

Discussion is locked

- Collapse -
Answer
Totally insecure.
Oct 18, 2015 7:44AM PDT

In today's world revealed by Edward Snowden and what happened to Lavabit, there is no assurance that what you do is secure.

All secure email sites have been attacked like Lavabit by our governments. Here's one article on the subject. https://en.wikipedia.org/wiki/Lavabit


-> OK but what about that site hijack? My bet is the site is not well crafted and their advertising was done incorrectly and wasn't made to be easily dismissed. It's not a sign of infection from what you wrote.

Then this: https://threatpost.com/researchers-find-85-percent-of-android-devices-insecure/115030/

For me this means I can't use my phone for anything that involves money, etc.

- Collapse -
Not sure the email server site hack is relevant
Oct 27, 2015 5:00PM PDT

Not sure I see the relevancy of the email server getting hacked. For purposes of say the yahoo or gmail server getting hacked it is not going to matter if I am using a phone to access it, my desktop, or the most secure workstation in the world. But just because there is nothing that is absolutely 100% safe does not mean I do not want to take all reasonable precautions.

- Collapse -
Answer
4G Security
Oct 27, 2015 7:00AM PDT

Good question, to put it simply, as Wi-Fi becomes more widespread – so do hackers. I would use commonsense when connecting to a public Wi-Fi network, such as only browsing websites that don’t require login or personal information, making sure the Wi-Fi is legitimate, and using a VPN, which will create a path between the server and your device. I found this great article from Network World that I think you’ll find useful - http://www.networkworld.com/article/2904439/wi-fi/is-it-safe-to-use-public-wi-fi-networks.html . Hope this helps!

Note: Moderator added a space after the URL to fix it so we can just click it.

Post was last edited on October 28, 2015 10:14 AM PDT

- Collapse -
4G connection, not public wi-fi
Oct 27, 2015 4:58PM PDT

Thanks for the reply. But I am not talking about using public wi-fi. The only place I use wi-fi is at the house where I know everything is encrypted.

I am asking if I do not use wi-fi and check my email is that 4G connection safe? My concern is since I never am entering my password even when at home at what point does that password get sent to the email server after I restart my phone? I assume it has to be stored somewhere in the phone and sent at some time either via my home wi-fi at home or via 4G cellular network if not at home. So is that traffic over the 4G cellular encrypted or is it not encrypted? If it matters I am using MetroPCS.

- Collapse -
Let's just write no.
Oct 27, 2015 5:06PM PDT

You can find all about LAVABIT and how that went down for many reasons. When it comes to secure comms, our governments are working hard to keep it so they can see it all.

- Collapse -
Nothing is 100% secure- that is the underlying point
Oct 28, 2015 7:16AM PDT

However, is it *reasonably* safe to assume that (most of the time) nobody will set up a Stingray device (google it) near your immediate location which can intercept/decode your 4G/cellular communications?

IMNSHO, yes. Nothing to see here, folks....

- Collapse -
Info on stingray helpful
Oct 28, 2015 1:27PM PDT

Thanks for the info about stingray. I did google it and found that a little disturbing. The lavabit was not extremely bothersome since nothing I can do about government access to anything and my assumption is a court order required to access and it was not relevant to whether I logged in via phone or home desktop.

The stingray however since it monitors everything without court order and from what little I have read available to non-government would be a big concern. That is definitely the type info I was looking for when posting this question.

- Collapse -
Lavabit didn't need a court order.
Oct 28, 2015 1:35PM PDT

Here in the USA, it's all in the news about rampant collection of internet, cellular and more data. That said I have used the TAILS OS from time to time. Mostly on travel.

Governments and others don't like it. http://www.wired.com/2014/07/nsa-targets-users-of-privacy-services/ for example.

The NSA collects all the data without a court order.

- Collapse -
PS. STINGRAY gets better or worse. Your call.
Oct 28, 2015 1:40PM PDT
- Collapse -
Bad link?
Oct 27, 2015 5:01PM PDT

Link gave a page not found error.

- Collapse -
Come on dude
Oct 28, 2015 7:17AM PDT

It works. Just remove the period at the end. Use your eyes, amigo Wink

- Collapse -
Answer
Not Safe
Nov 3, 2015 1:08AM PST

The main security problem with 4G networks is that user information can become easily available to hackers via, for instance, ‘man-in-the-middle’ attacks, and hackers can compromise new services like mobile health or mobile commerce

This gives the attackers full access to the data being sent over the network, and some hackers could even be able to control it.

I think the main problem is there's no protection between the phone and the network it’s connected to, and the core network controlled by the operator