Mobile hotspot - Am I missing something?

[Green Giant]

Tethering is a really bad idea, as is rooting your phone when still in contract.

The Windows 7 phones are getting better, and soon to eat into the android market.

Why is rooting bad?  It is freaking sweet.  I rooted my phone.  Verizon doesn't check for that nor do they know how.  I even jacked my phone up and had to send it in to get a new one.  Pretty much the only negative thing is when they sent it back it already had the new OS which made it impossible to root; however I haven't checked in a few months so I should be able to root it now.

FYI, rooting on an Android is a very very simple process and nothing like jailbreaking or whatever they call it on an iphone.  It is far less invasive.  You are simply unlocking the root directory of the phone for access.  Apps still can't gain root access unless you give them permission similar to giving administrative rights to modify some windows folders.

As for eating into the Android market, probably true.  Of the big three phone OS's out there, Android is hands down the most complicated while also being the most versatile.  There is nothing that Windows or iOS can do that Android can't do with more setup steps.  I know my parents have Android phones, but they probably use them to 10% of their capability.  A windows phone is probably in their future.

Being a tech guy, Android will always be the superior option to me.
One last thing, why is tethering bad?  It is as secure as your home router.

[kahlid74]

Verizon doesn't check for that nor do they know how.  

The only thing I'll say is don't assume this.  Just because they currently do nothing about it doesn't mean they're unaware of you doing it.  I've been involved in a lot of crazy builds in data centers with technology that makes the civil rights guy in me get goosebumps.

[shmokes]

It is as secure as your home router.

It's far more secure than your home router. Your home router sits in one spot, broadcasting to a particular geographical location indefinitely. Your phone moves all about town, and at any given time when you enable the hotspot it'll probably remain enabled for 1/2 an hour, maybe an hour, before you shut it off and go somewhere else. For someone to hack into your network they have to happen to be wherever you are whenever you decide to enable your mobile hotspot. And it has to be someone with the desire and the skill/tools to do the hacking. And even then they have to have time to brute force their way in. And it ain't going to be 4 minutes. Your passphrase isn't going to be "mercedes" or anything else in Websters. Hell, I wouldn't be surprised to find the mobile hotspot in your phone requiring a complex password containing numbers or symbols or both. At any rate, breaking into your home router is an order of magnitude easier with its fixed broadcast range and always-on status. Ark, as usual, is just out of his depth.

[shmokes]

Give up so easily?  Keep looking.  

Every time I engage you I'm afflicted with slight pangs of guilt. I feel like I punched a petulant 12-year-old in the face or made fun of an extremely obnoxious kid in a wheelchair.



edit: grammar

[knave]

I've done quite a bit of reasearch on rooting android phones and it seems to be pretty straight forward. Plus its reversable. There is some risk of bricking your phone but reported cases seem rare.

I havn't really had a reason to root it yet but maybe someday.

I'm much more likely to root my 7" tablet. but again...it meets my needs.

[Trip]

I would not root or jailbreak to use wifi tethering on AT&T.  They are checking for wifi tetherers that do not have a wifi tether plan.

If you are grandfathered into an unlimited plan, they will remove you from that plan and put you on a limited plan with tethering for rooting and bypassing their security to use wifi tethering without your approval and then call you and tell you they did it.

http://www.informationweek.com/news/mobility/smart_phones/231300341

I am on Verizon though, so my iphone and galaxy nexus are both jailbroken/rooted and I tether like a mad man.

[Green Giant]

I would not root or jailbreak to use wifi tethering on AT&T.  They are checking for wifi tetherers that do not have a wifi tether plan.

If you are grandfathered into an unlimited plan, they will remove you from that plan and put you on a limited plan with tethering for rooting and bypassing their security to use wifi tethering without your approval and then call you and tell you they did it.

http://www.informationweek.com/news/mobility/smart_phones/231300341

I am on Verizon though, so my iphone and galaxy nexus are both jailbroken/rooted and I tether like a mad man.

They are checking for wifi tethers on jailbroken iphones.  Not Android.

Like I said before, they can't figure out if you are doing it on an Android unless you bring them your phone for them to check it.

I havn't really had a reason to root it yet but maybe someday.

Just off hand there are two amazing apps which are what inspired me to root mine in the first place.
One is the free wifi tethering.  The second is titanium backup.  It creates a perfect backup of everything on your phone onto your sd card.  Not a big picture backup but every individual app, phone setting, contact, etc.

The only thing I'll say is don't assume this.

I know for a fact that they can only check for a rooted phone if you physically bring them your rooted phone.  You can't even check for traces of a phone that has been unrooted.

It's far more secure than your home router.

Yeah I was going to say this actually.  When I use my tether I can immediately see who is attached to the network, but I never do this on my home network.

[RayB]

How exactly would the carrier detect that you're routing wifi through your phone anyways? Seems to me data you're phone is requesting is data your phone is requesting.  I've used iPhone's hotspot feature exactly 3 times. Just turn it on, it works. It's not something I pay for or get blocked. Maybe it's illegal in Canada for them to be so abitrary about the orgin of a data request.

[Trip]

They are checking for wifi tethers on jailbroken iphones.  Not Android.

Like I said before, they can't figure out if you are doing it on an Android unless you bring them your phone for them to check it.

They can figure it out, just requires them to spend a little more money.  iphone free wifi tether apps are easy and cheap for them to figure out becauce they use different APNs to tether.  The newer version of PDAnet has a hide option to keep the APN the same though.  Basically what Android wifi tether apps do, if AT&T gets bored of cracking down on just the lazy iphone users, they can easily go to scanning for packets and bust you guys too.  Requires a little more money though, so they may or may not g o this route.

[kahlid74]

The only thing I'll say is don't assume this.

I know for a fact that they can only check for a rooted phone if you physically bring them your rooted phone.  You can't even check for traces of a phone that has been unrooted.

I'm not going to go super deep into this because it's not my specialty but I've built out enough data centers to be familiar with the technology and capable of utilizing it to understand traffic flows and identify malicious/unwanted activity.  You don't check for a phone that's been rooted, you check for the presence of computer browsing or of browsing on a level that is higher than what you would expect from a phone.  It would be the idea of heuristics and behavioral engineering.  One of the ways this can be done is using DPI to examine who/what is reading the packets.  Browser/OS information is easy to extract from packets even if you're using SSL.

I've been inside of many data center including Verizon and AT&T.  They both have several iterations of DPI not including the NSA dark rooms.  If Verizon wants to crack down on tethering they can do so.  The idea that they can't because they currently don't is security theater.

[knave]

I was surprised to hear about the all the tethering emails and threats to auto switch by AT&T. Looking into it further it looks like they can tell pretty easily for android phones too. They count the hops data packets take from your end device to their routers. If your phone is 10 hops away usually and you are sending packets from 11 hops then they know you have another device in the mix.

I don't know if it's true or not but some folks were complaining that AT&T was even counting plugging in a stereo was being called tethering by AT&T.

Fortunatly for me I'm more than happy to stick to Wifi. I pay $15 for data on AT&T and am happy there.

[ark_ader]

Give up so easily?  Keep looking.  

Every time I engage you I'm afflicted with slight pangs of guilt. I feel like I punched a petulant 12-year-old in the face or made fun of an extremely obnoxious kid in a wheelchair.



edit: grammar

I'm not interested in your past behavior.

You are changing the subject, which can only mean...   

[ark_ader]

Tethering is a really bad idea, as is rooting your phone when still in contract.

The Windows 7 phones are getting better, and soon to eat into the android market.

Why is rooting bad?  It is freaking sweet.  I rooted my phone.  Verizon doesn't check for that nor do they know how.  I even jacked my phone up and had to send it in to get a new one.  Pretty much the only negative thing is when they sent it back it already had the new OS which made it impossible to root; however I haven't checked in a few months so I should be able to root it now.

FYI, rooting on an Android is a very very simple process and nothing like jailbreaking or whatever they call it on an iphone.  It is far less invasive.  You are simply unlocking the root directory of the phone for access.  Apps still can't gain root access unless you give them permission similar to giving administrative rights to modify some windows folders.

As for eating into the Android market, probably true.  Of the big three phone OS's out there, Android is hands down the most complicated while also being the most versatile.  There is nothing that Windows or iOS can do that Android can't do with more setup steps.  I know my parents have Android phones, but they probably use them to 10% of their capability.  A windows phone is probably in their future.

Being a tech guy, Android will always be the superior option to me.
One last thing, why is tethering bad?  It is as secure as your home router.

Rooting on Android devices and you will think I am being hypocritical here...that it is fine on devices that are not carrier subscription (3G for example) based, but on devices like tablets that have only wifi.

My Hannspad has a sucky stock rom, but I rooted the device and put a LG990 ROM that supports the Tegra2 hardware in the Tablet.  So I can play games and do useful stuff like Netflix, Lovefilm and BB iPlayer.  I use my device for study, so it is great that I have access to under clock, thus having a longer battery, etc.  I'm finding out that I will have to move to ICS once we have a stable build, and a rooted device is a requirement.

Rooting phones is not a good idea, as some apps out there can take advantage of a rooted device, and cause all kinds of problems.  This is well documented.  Also you would be breaking the T&Cs of your contract, which could get you into trouble.  Like I said about Shmokes wanting to use the tethering, again it is a bad idea.  But he is a clever fellow, and I am sure he will refrain from using a dumb WPA2 key.  The rest of the population...who knows.  I still get calls from people getting their phones hacked.  You would be surprised how much trust people invest in their personal devices...  

Is your home router secure?  Are you sure about that?  You just don't have anyone local hacking you....yet.     I keep a password list and change it every month just to be sure, and I also have an Heterogeneous NT4 server box that gives some added protection.   Not enough to keep a determined individual out though.

So if you still want to root your phone, well it is your responsibility at the end of the day.

[kahlid74]

I was surprised to hear about the all the tethering emails and threats to auto switch by AT&T. Looking into it further it looks like they can tell pretty easily for android phones too. They count the hops data packets take from your end device to their routers. If your phone is 10 hops away usually and you are sending packets from 11 hops then they know you have another device in the mix.

Without diving too deeply into this yes it's possible but not reliable.  Hop count was all the rage in the 90's.  Since then we've created and use protocols that are much faster/stronger/smarter and are hop agnostic.  Every carrier is different and if they use hop count it's their call.  As having been in the trenches in many of these situations I would look to hop count after using several other tools first.

Rooting phones is not a good idea, as some apps out there can take advantage of a rooted device, and cause all kinds of problems.  This is well documented.  Also you would be breaking the T&Cs of your contract, which could get you into trouble.  Like I said about Shmokes wanting to use the tethering, again it is a bad idea.  But he is a clever fellow, and I am sure he will refrain from using a dumb WPA2 key.  The rest of the population...who knows.  I still get calls from people getting their phones hacked.  You would be surprised how much trust people invest in their personal devices...  

Is your home router secure?  Are you sure about that?  You just don't have anyone local hacking you....yet.     I keep a password list and change it every month just to be sure, and I also have an Heterogeneous NT4 server box that gives some added protection.   Not enough to keep a determined individual out though.

So if you still want to root your phone, well it is your responsibility at the end of the day.

Yeap, it's the responsibility of the person who roots it.  My experience has been that with individuals who are smart enough to root it, they are smart enough to protect it.

I think you've read a little bit too much into CNN or Fox news reports about hacking Wifi.  Hacking wireless in general requires gathering over the air packets.  Hacking WPA and attempting to hack WPA2 requires gathering a lot over the air packets (days and weeks worth) and you're still brute forcing based on rainbow tables and dictionaries.  Maybe it's been a while since I delved into the air cracking world but WPA/WPA2 aren't WEP.  They don't have a clear "crack" known.  They focus around inefficiencies in the algorithms that allow said rainbow tables and dictionary attacks to be more accurate but they are still a brute force guessing game.  If you're using WEP well yeah, then you'll be hacked mighty quick.

Also, NT4?  What is this, the 90's?  Did you mean Server 2008 or 2003?  I don't live in the Windows world very often anymore but come on, really?  You're talking about wireless being insecure and you're using a server that hasn't been patched in years?

[Ed_McCarron]

I havn't really had a reason to root it yet but maybe someday.

Installing your antitheft stuff as root lets you do a few things...  Avast, for example, lets you not only install as root (so it can turn on the GPS, wipe the phone,etc), it lets you reflash the bootloader so that even if someone pulls the SIM or does a hard reset, it'll reload itself.

For example, someone finds my phone, turns it off, puts in a prepaid sim card (with a new number) and does a factory reset.

10 minutes later, Avast has reinstalled itself, locked the phone, and SMS'd me the new number and location.

Can't do tricks like that if it's not rooted.

[Grasshopper]

Tethering is a really bad idea, as is rooting your phone when still in contract.

The Windows 7 phones are getting better, and soon to eat into the android market.

Why is rooting bad?  It is freaking sweet.  I rooted my phone.

I couldn't agree more. In fact, I simply will not buy phones, and other similar devices, that can't easily be rooted. I don't think anybody in their right mind would buy a PC with Windows pre-installed, and administrator access rights disabled. So why should it be any different with a phone?

What really irritates me about manufacturers attempting to lock down their devices it that they pretend it's to protect customers, when in reality, it's done mostly for self-serving reasons.

[Grasshopper]

The only thing I'll say is don't assume this.

I know for a fact that they can only check for a rooted phone if you physically bring them your rooted phone.  You can't even check for traces of a phone that has been unrooted.

I'm not going to go super deep into this because it's not my specialty but I've built out enough data centers to be familiar with the technology and capable of utilizing it to understand traffic flows and identify malicious/unwanted activity.  You don't check for a phone that's been rooted, you check for the presence of computer browsing or of browsing on a level that is higher than what you would expect from a phone.  It would be the idea of heuristics and behavioral engineering.  One of the ways this can be done is using DPI to examine who/what is reading the packets.  Browser/OS information is easy to extract from packets even if you're using SSL.

I've been inside of many data center including Verizon and AT&T.  They both have several iterations of DPI not including the NSA dark rooms.  If Verizon wants to crack down on tethering they can do so.  The idea that they can't because they currently don't is security theater.

Hmm. Maybe, but I think the risk of getting caught is very low. For a start, what about plausible deniability? They may strongly suspect that you've rooted your phone or done something else not permitted in their T&Cs, but that's not the same as being able to prove it. Even if they can prove it they probably don't want to reveal to their customers the snooping technology they have at their disposal.

IANAL, but I'd imagine that a company can't just get away with unilaterally changing the terms of a contract they have with a customer, unless they have very clear cut evidence that the customer has breached the terms & conditions of the contract. That sort of behaviour sounds like a class action just waiting to happen.

[ark_ader]

Tethering is a really bad idea, as is rooting your phone when still in contract.

The Windows 7 phones are getting better, and soon to eat into the android market.

Why is rooting bad?  It is freaking sweet.  I rooted my phone.

I couldn't agree more. In fact, I simply will not buy phones, and other similar devices, that can't easily be rooted. I don't think anybody in their right mind would buy a PC with Windows pre-installed, and administrator access rights disabled. So why should it be any different with a phone?

What really irritates me about manufacturers attempting to lock down their devices it that they pretend it's to protect customers, when in reality, it's done mostly for self-serving reasons.

True, nobody would buy a PC that was pre-installed with something you cannot afford to get rid of.....MAC OSX 

Besides the PC you mentioned doesn't come with a live network.  A live network that can be misused with applications you install in the course of the life of the PC that takes interest in your unsecured network.  Yes it does sound like a Windows, doesn't it?   

I agree with your comment just the same.