Mobile VPN: staying secure on the go
by Christiane Rütten
Unencrypted public Wi-Fi networks are convenient for smartphone users because they usually offer much faster internet access than typical 3G connections. However, using email or social networking services like Facebook or Twitter will typically send private data, such as access credentials, in plain text, which can be stolen using tools like Firesheep. A VPN connection allows this data to be transmitted securely. The H has taken a look at some VPN providers and the solutions they offer.
The most widely used Virtual Private Network (VPN) protocol is PPTP (Point-to-Point Tunneling Protocol), which offers optional encryption. IPsec (Internet Protocol Security) is a modern VPN system that defines various protocols for key exchanges, authentication, encryption and data transport. Some smartphones also support L2TP (Layer 2 Tunneling Protocol), but this protocol itself doesn't offer any encryption and requires a hybrid technology that combines it with IPSec. Depending on the technology used, authentication involves user names and passwords (shared secret) or certificates.
The open source, SSL-based OpenVPN solution is particularly flexible and allows certificates as well as shared secrets to be configured. However, it is only supported by a few mobile devices and providers.
Those who don't want to run their own VPN server at home can find an overview of various VPN services in a table at the end of this article. The table provides some alternatives should a protocol or service not work in a certain network environment. Unfortunately, trial-and-error is the only solution for users who are unsure.
For private customers seeking a VPN provider, there are a number of options available. Most providers offer a PPTP connection that can be used both with Android and iPhone devices. Some of the commercial providers offer one-month contracts, which can be practical if a smartphone will only temporarily be used in unsecured networks, for instance, while a user is on holiday. German provider Sofanet, for example, offers a one-off trial option that is valid for three days and only costs €1.
Unfortunately, not every VPN connection works at every access point. Some access points are configured not to forward VPN traffic. Our test router had problems with the IPsec connection provided by Hotspot Shield. VPN packets can occasionally also get stuck at the user's internet provider. For example, in Germany, PPTP can't be used on the Kabel Deutschland network.