How many of us who travel overseas on business don’t even think twice about the calls we make and the emails we send using our smartphones?
The first thing we usually look for when we arrive at the airport, hotel or trade show is the Wi-Fi.
You might assume that those communications are secure but I see more and more cases, especially at the CEO level and the very top level of companies, where executives are the subject of very targeted attacks on their mobile communications when they are travelling.
For example if a CEO of a company is in a foreign country trying to close a large deal there is a chance that a local agency or authority will try to snoop on calls and email traffic to gather information that could help a local competitor also bidding for the contract.
I know customers in the steel industry in Germany, for example, where people have been hacked when they are overseas on business. A friend of mine runs a company of 1,500 people producing high-level engines for cars and premium marques. In many cases he no longer trusts traditional communications when he is overseas on business.
Is he just being paranoid? The evidence would suggest not. Take another example of the discovery last year that executives visiting luxury hotels in Asia and using the public Wi-Fi were infected with malware. The hackers identified specific targets – CEOs, sales and marketing directors and R&D staff – for the attacks that tricked victims into downloading malware disguised as software updates.
Here in Germany the security agency talks about it sees many rogue hotspots or mobile networks on Embassies that are acting as a local German telecom provider.
But it’s not just the threat of high-level industrial espionage or terrorism. Anyone using mobile devices for business should not trust public Wi-Fi whether that be in a cafe or hotel or at a trade show where attackers can use the man in the middle style attacks to intercept communications by setting up a rogue hotspot. And as the recent McAfee Labs quarterly threat report shows we are seeing a huge increase in mobile malware and related attacks, such as ransomware that can be placed on phones to encrypt or steal data.
These threats highlight the importance of encryption both for data and voice calls, particularly for very sensitive information.
I use secure transparent encryption software called Silent Circle, for example. This allows you to communicate very securely even if you are doing an outgoing communication. If you are in Mexico and you are trying to call Germany you can do an encrypted call from Mexico to a computer in Germany and from that computer there will be an unencrypted call. You can be sure your foreign communications are secure.
We are also seeing the emergence of some specific high-level devices such as the Blackphone, which claim to be able to secure the user’s communications. I have been lucky enough to try out the first version of the Blackphone and you certainly won’t find Facebook or WhatsApp on there.
All the secure apps are built into the Blackphone and it is very easy to use for a non-technical person. It acts like a phone in the 1990s – you can only detect the SIM number and things like that when you are logged into a cell and it doesn’t send out telemetry data to providers or other websites. You can hide your IP address when you are logged into a public network you don’t trust and this is very easy to do – you just have to click on a tab and you don’t need to enter any password credentials. Of course it’s not a mainstream device, it’s for people who want very high level of security for mobile.
Businesses, governments and individuals have every reason to be paranoid about the security of their digital communications and it’s time for everyone to take these privacy risks more seriously.