Pages

Saturday, June 21, 2014

Do you know who your phone is talking to when you're not looking?

Anyone who knows me knows that I love my gadgets.  It's not enough to have a gadget.  I must know how it works from the inside out, every hidden easter egg from the developers, every possible menu item.  I have had phones that I have rooted, installed custom ROMs, I have left some completely stock.  The same goes for applications for my phone.  I tend to gravitate to android based phones, sorry Apple, no offense, I love your products too.  Over the years I have beta tested many an android app.  some good, some.. well..

All of that to prep for this.

I recently jumped on the #Sophos bandwagon due to work and my general curiosity of learning something new.  What does this mean?  Well for me, its downloading everything I can get my hands on, and Sophos offers loads of free stuff for folks to test their wares.

I installed Sophos UTM 9.2 (the free for home use virtual appliance) on my wifes mac mini since it was the closest to the router and had an extra thunderbolt connection... <She is/was not amused with this but that is a different story>

After the initial setup, turning every setting on, having fun with the kids (captured wifi portals are cool), I finally have the setup in what I would call a stable run condition.

Now we come to the title of  this post.

It became quite clear very quickly that there are WAY too many applications, networks, protocols trying to talk to devices within my network.  Come on Apple, do you *have* to have that many UDP ports to make things happen?  I remember when it was easy enough to put a rule in that said, if my laptop started the conversation, NAT the return requests and allow them through.  Well that works.  What doesn't work is when you have an app that registers you on a service, then who knows what network or port will attempt to send you a push update, or poll your device to see if you are still there.

When it comes to my android phone, I have many apps that I have grown to depend on, these apps pretty much go dormant when I am connected to my Wifi now, then wake up when I turn wifi off or go outside.  I have been going through the logs and making rules to allow the applications and protocols through that I deem worthy but then I came across a few networks that were blacklisted, based out of country, and not so savory.  Taking inventory of my phone I do not see any obvious contenders.  In fact, I recently received a new tablet from my employer and have taken great care to only install corporate-ish type apps that I would use for work purposes only.  But yet, there it is in my firewall log file, unsolicited inbound connection attempts to this device as well.

I will follow up with another post when I find out the culprit, but to all my friends, make sure you are using some kind firewall at home.  Use antivirus/antispyware on EVERY device, yes even your phone.