Blog: Android

Data tethering on mobile devices – what are the risks?

Ken Munro 09 Dec 2014


Mobile phone data tethering is ace, a complete saviour for when there’s no Wi-Fi or cabled network connectivity

You’ve got people out and about, maybe sat on a train, waiting in a car park for a meeting, or maybe even your network has gone down; this is when data tethering really comes into its own.

We’re being asked more about the potential for data being hijacked, and whether it would be easy to compromise a device or breach a network through data tethering, so here’s what we think.

Data tethering security – Wi-Fi

Wi-Fi tethering isn’t a major problem, though the pre-shared key strength should be enforced and users should be reminded to turn it off after use.

At the same time, users should be reminded about the issues around wireless client probe requests and potential tracking.

The connection shouldn’t be made automatically (results in no probing) and the PSK should be changed from time to time.

Data tethering security – Bluetooth

Bluetooth tethering is less of a risk, though BT PINs should be reviewed to ensure they’re not default.

There is a small risk of interception of traffic over data networks, though this is much smaller than the risk of the alternative; man in the middle over Wi-Fi at a hotspot in a café for example.

Hence, a VPN must be established for all tethered connections. Consider carefully whether split tunnelling is required for web browsing, as whilst it may improve performance for the user, it does increase potential for interception of some types of data. It also may bypass corporate content filters.

Mobile data is obviously more expensive than Wi-Fi, though the risks of data interception are lower.