Your Smartphone May Not Be So Smart At the Olympics (And Other Global Events)
As the world watched the PyeongChang 2018 Olympic and Paralympic Winter Games athletes, volunteers, sponsors, media, and spectators descended on PyeongChang in the Republic of Korea. These visitors brought with them their personal, business, or dual use electronics to document the events, work remotely, and communicate with their friends and family through social media and voice calls. Connecting mobile devices to a foreign telephone network introduces a variety of risk for communications security.
Corporate espionage via targeting traveling business people, a large and growing problem, is not well enough understood by the businesspeople. Many people this day and age are always working, even while ostensibly on a vacation watching the Olympics. A business person sitting in a venue watching their favorite Olympic sport should know that when they speak or text with their colleagues back home, everything they say and text can be monitored.
Mobile devices combine a complex radio with a computer, two technologies that have been well integrated in modern smartphones, and the underlying technology for communication whether cellular or Wi-Fi is wireless. These are delivered through network services that are subject to local laws, and in the case of Wi-Fi, whether public or private, can be readily intercepted with basic tools. As participant and visitors to PyeongChang begin to connect their devices, they should take care to exercise proper communications security to ensure their sensitive and private conversations and transactions are protected.
South Korea has previously been associated with an espionage operation targeting hotel guests dubbed ‘Dark Hotel’. In these intrusions high profile guests had their computer connections intercepted and malicious software installed so their communications could be monitored. South Korean cyber operations have reportedly been operating since at least 2007 and have demonstrated advanced capabilities, including factoring 512-bit RSA keys. The interception of network communications, refactoring of sophisticated cryptographic material, and the ability to monitor targeted individuals is indicative of the type of threat travelers face.
Voice communication over cellular is easy to intercept and monitor. With relatively inexpensive hardware an attacker proximate to targets can intercept voice communications by spoofing a cellular base station so devices connect to the attacker’s infrastructure. Once the victim’s device connects, the attacker simply acts as the cellular network passing mobile device calls over a Voice over IP (VOIP) or Publicly Switched Telephone Network (PSTN) connection, all the while monitoring the communication. Short Message Service (SMS) messages can similarly be intercepted by attackers spoofing a base station. Equipment for these attacks can easily be concealed in a backpack or vehicle and move with a target.
Even more problematic is surveillance via Signaling System 7 (SS7), a protocol used by telecommunications companies globally to facilitate interoperability such as roaming and other functions. SS7 is used by governments and non-state actors, including hackers and criminals to intercept and monitor mobile phone calls, text messages and other data.
Best practices to protect communication security when traveling abroad are:
- Be cognizant of people who seem to be continuously in the same place as you are, or are acting in a suspicious manner.
- Ensure all electronic devices and applications are fully patched.
- Use an over-the-top, end-to-end encrypted communications solution. Look for a solution that provides good audio quality encrypted calls as well as other features for business users, such as management, integration and support.
- Be on the lookout for degraded service, an example of this is the network quality appearing to be lower than expected – attackers may try to force a device to join a network that is 2G in order to make interception easier.
- Keep mobile devices on you at all times, leaving sensitive electronics in hotels or other locations may expose them to theft, but also unwanted attention of someone who may use it as an opportunity to steal data or install tracking software.
This blog post was written jointly with Adam Meyers, VP of Intelligence at CrowdStrike Inc.
Adam Meyers is a recognized expert in the security and intelligence communities. With more than 15 years of experience in the security space, Adam has extensive experience building and leading intelligence practices in both the public and private sector. Adam is a founding employee and VP of Intelligence at CrowdStrike Inc., a global provider of security technology and services focused on identifying advanced threats and targeted attacks. A sought-after thought-leader, Adam conducts speaking engagements and training classes around the world on the topics of threat intelligence, reverse engineering, and data breach investigations.