Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Other carriers, all of them outside the U.S., proved to have significant security vulnerabilities in their networks. The most insecure network allowed “IP spoofing,” in which an attacker disguises his own device’s network address as the address of another device. This allows the attacker to both send illicit data to a user’s mobile device and to download data under that IP address.

A second, less severe vulnerability on some networks allows malicious websites to entrap users. Normally, a user can simply close a browser that appears to have landed on a piece of malware, but in some networks a time lag between when a TCP connection is closed on a device (instantly) and on the network (a delay of 20 to 30 seconds) could allow an attacker to keep that connection open indefinitely. This could enable battery-draining attacks in which, for example, a hacker continually streams data to a device.

Eleven of the carriers tested had implemented policies that could drain the batteries of a user’s phone up to 10 percent faster than usual. Many devices must keep TCP (network) connections open for long periods of time to make e-mail and other “push notifications” work. Mobile ISPs that time out these connections too quickly—say, every 10 minutes versus every half-hour—force devices to power up their radios more often, to reestablish a connection.

Ratul Mahajan, a Microsoft Research researcher who was not involved with the paper, contends that this network behavior might be deliberate. Long time-outs, although good for phone batteries, can exhaust the network address translation table that a network middlebox uses to keep all those connections active, he says.

Hossein Falaki, a doctoral student at UCLA, says some of the findings in the paper are probably going to be new even to cellular carriers. This could result in carriers changing their network policies, and the implications of such changes aren’t always clear until they have been tested in the wild.

5 comments. Share your thoughts »

Tagged: Communications

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me