Helping people with computers... one answer at a time.

Mobile broadband is a popular way to connect to the Internet while traveling and occasionally, a viable alternative at home. But how secure is it?

I read your article on Just how easy is it to sniff network traffic?. Does the same apply to traffic between my wireless broadband USB and my ISP? I have Windows XP on my desktop and Windows 7 starter on my netbook and swap USB between the two computers. I found this a lot cheaper than having wired broadband at home, but now I am worried after reading your article.

I don't think that you need to worry much because the technologies are completely unrelated.

However...

That doesn't mean that mobile broadband is completely secure.

I'll explain why that is and what I do about it myself.

Encrypted, but ...

Mobile broadband is data that is carried on your mobile or cellular provider's network. It's a convenient approach to connectivity if you're in an area where traditional Internet conductivity is difficult to find or you're mobile, as its name implies.

Mobile data is in fact encrypted. The problem is that it's encrypted using something like 20-year-old technology.

The encryption standards for mobile data were devised in order to be able to be handled properly on the hardware technology available in cellular phones of roughly 20 years ago. The net result is that today's hardware has fairly weak encryption. In fact, it's a fairly weak encryption to software running on today's hardware.

Sniffable, but ...

Technically, data that you send over a mobile broadband connection could be sniffed by someone who has the appropriate equipment.

And that is where it gets interesting. Unlike WiFi, where any laptop with a WiFi adapter can be used to sniff your unencrypted data, you do need special hardware to eavesdrop on mobile broadband connections.

In my opinion, the average hacker is going to go for the low hanging fruit of open WiFi connections that he can eavesdrop in on with his trusty laptop before he'll go out and spend the extra money and effort to get the hardware required to eavesdrop on your mobile broadband.

I could take steps, but ...

If you believe that you are the target of someone with the ability to eavesdrop on mobile broadband, then absolutely, you should take all of the precautions that are appropriate, treating it as if it were an open WiFi hotspot.

On the other hand, if you're the average computer user and you're not necessarily someone's target for whatever reason, then it's relatively safe to treat a mobile broadband connection as "pretty secure" in my opinion.

In my case, I take no additional steps. Many of the services that I use are https anyway. In fact, I've made sure to select the "always use https" option in any service that offers it. Https connections are secure no matter what kind of Internet connection you use, at home or on the road.

Similarly, my server management interfaces are also handled over a secure SSL connections.

Yes, it's possible that if I were interesting enough to someone, they could listen in on my visits to non-secure websites like http://icanhascheezburger.com. Honestly, this doesn't worry me too much. I just don't think that I'm that interesting.

And as much as I hate to say it, I'll bet that you're not either.

But if you think that you are, then as I said, treat it as if it were an open WiFi hotspot and you'll probably be fine.

At least when it comes to people sniffing your mobile broadband data, that is.

Article C4907 - August 21, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
Claire
December 11, 2012 7:50 AM

I have read this article this is useful. I think I understand it. It seems that you are saying that if one uses https then the traffic is safe.

However I wondered if you could answer a related question. Could the "hacker" try and get the trafffic information if they have access to the mifi IMEI number on the device ~(either mifi or dongle) or is it more likely that the data was sniffed by de-cryption.

Additionally would a dongle be safer than mifi as both have IMEI numbers?rather like a mobile phone.

Mark J
December 11, 2012 1:06 PM

@Claire
Since https encrypts the data, knowing the IMEI number won't help them get access to it. In https the host computer and the user's computer each create 2 keys then they exchange encryption keys and keep their own decryption key. If you don't have the key you created on your computer, you won't be able to decrypt the message the other computer sent you. So since the hacker doesn't have that decryption key, they can't read the message, even if they intercept the transmission.

A MiFi also encrypts the data between itself and the computer, so it would be about as safe as a dongle, providing you use a strong (long) key to protect the transmission.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.