Many people are familiar with securing your phone with a code, phrase, pattern or facial recognition. I’ve even seen various flavors of biometrics used to make sure no one gets in your phone. Don’t forget the myriad of products that will locate or wipe your phone if it gets into the wrong hands, or just plain lost.
When I was working at a clients a few weeks ago, I saw someone syncing up their smartphone to their computer and was curious as to which program they used and how it was synchronizing since I did not see a physical cable.
When I inquired the tech explained that the software he was using was for personal use and he liked it because it was free and could sync his outlook info to his phone over Wifi, USB and Bluetooth.
When he said WiFi, the gears in my head started turning and I was wondering if the data was transmitted in clear text or not.
I downloaded and installed the software on my laptop, installed the client software on the phone and configured Wireshark with a capture filter with my phone’s ip address and reviewed the results.
Unfortunately the data was transmitted in clear text, so I advised them to make sure they don’t sync over public WiFi networks and stick to their usb cable, or if they have to, use Bluetooth.