THE WONDER OF WANDERING SIGNALS
Alien Harry Solomon (played by French Stewart) experienced minor convulsions whenever the chip implanted in his brain started to transmit an “Incoming message from the Great Big Head” in the TV show 3rd Rock from the Sun. How 20th century! The March 2012 South by Southwest (SxSW)
Interactive Conference in Austin, TX, introduced homeless human beings as wireless access points. Encountering challenges with your wireless signal? Just “log onto” a human wearing a T-shirt that says, “I’m a 4 G hotspot.” No alien force needed. How 21st century!

Outrageous? Yes. These human wireless access points anticipated receiving $2 per 15-minute signal negotiation (the recommended donation). How many of us would choose to become wireless access points for $8 an hour? How many of us would mindlessly opt to become transmitters for convenience? How many of us already have?

Any device that transmits and receives data wirelessly is, by definition, a wireless access point or transceiver. Consider the number of transmitters we use. There are, of course, the usual suspects: mobile phones, laptops, US passport cards (since 2008), digital navigation systems, printers. On top of that, applications for Bluetooth and Radio Frequency Identification (RFID) technologies continue to multiply: athletic shoes, heart rate monitors, fitness sensors, cameras, printers, headsets, and so on. Gartner, Inc. forecast a 30% increase in the number of connected things from 2014 and 2015, to 4.9 billion, with another 20 billion coming online by 2020. 1 Even more exuberantly, Juniper Research published a report forecasting that 2020 would actually see more than 38 billion attached units. 2 Cisco has suggested 50 billion attachments, generating some $8 trillion worldwide in value at stake through “innovation and revenue ($2.1 trillion), asset utilization ($2.1 trillion), supply chain and logistics ($1.9 trillion), employee productivity improvements ($1.2 trillion), and enhanced customer and citizen service ($700 billion).” 3 The Internet of Things (IoT), possibly even the Internet of Everything (IoE), belongs among the top 10 critical IT trends into the next decade.

Industrial, governmental, and individual applications are proliferating—as are concerns about how to protect applications and users—especially given links of connections and ad hoc data connections created unintentionally. It is one thing to transmit information about one’s own identity or behavior. It is more concerning when we transmit information about or from others, especially if that transmission is unconscious. By essentially leaving our personal or our organization’s Internet access open—for example, by not implementing sufficiently strong security on wireless routers, by leaving Bluetooth devices in a discoverable mode, or by allowing bridging traffic between networks—we can enable irresponsible behavior by others who use our legitimate, but open, wireless subscription services. We not only expose ourselves and our organizations, but we become the “legitimate” wireless access point for another who may be pursuing illicit Internet activities, activities rendered more anonymous by piggybacking on our valid signals.

Mobile devices are widely characterized as another attack surface. This understates the reality: Mobile devices are frequently attach surfaces; information attaches to them informally in ad hoc network configurations; devices can then tunnel in and attach to more formal information networks. The conceptualization of an attack surface does not fully capture the complications inherent in mobile devices. The term “surface” resonates with more two-dimensional perimeter models, in which the internal or trusted environment is clearly differentiated from the external or untrusted environment. Mobile devices behave more like skin, however: porous, capable of two-way transmissions, and composed of multiple layers. They operate in free space, and so are more elusive and more pervasive than just another attack surface.