World Cup Fever or Holiday Wi-Fi Nightmare?

With the Football World Cup and summer holidays upon us, it’s a good time to reflect on security measures when travelling abroad whether for business or pleasure. After all, it’s not just diplomats, journalists and defence contractors that visit potentially unfriendly regimes!  El Reg reported recently on some research about shady hotspots and wi-fi in host cities of the world cup that could catch out the unwary. https://www.theregister.co.uk/2018/06/06/world_cup_russia/

The research, carried out by Kaspersky Lab, reported that one in five wi-fi hotspots in 11 Russian cities hosting world cup matches had little or no protection, leaving users wide open to having their data harvested by criminals.

If you are travelling to Russia to see some football, or anywhere else for that matter, and taking your work mobile with you, remember that if your phone is hacked, that could be all your business contacts’ details compromised and every text, message or attachment you’ve ever sent from your mobile stolen.  Certainly something to think about!

As the article suggests, there are some relatively easy steps to improve security, such as avoiding the use of unknown and untrusted wireless connections, and only using wi-fi when absolutely required. Even so, it is extremely difficult for the ordinary traveler to know if the cell their phone has locked onto is legitimate or a fake base station (known as an IMSI catcher) designed to catch your metadata.

An IMSI catcher or a rogue cell as it is sometimes referred to, hoovers up details of callers’ International Mobile Subscriber Identity, hence the name. It may also divert your phone’s traffic and/or try to decrypt its weakly protected voice or data. As an ordinary mobile user, you would never know if your calls had been intercepted by an IMSI catcher. There is technology to enable you to check which base station you are connected to, but generally speaking they require a technically knowledgeable user and so would only really be used by law enforcement agencies.

For those people who have sensitive or commercially valuable information on their mobiles, a secure communications platform can protect against leaking your calls or data (whether sent over unprotected Wi-Fi or intercepted by an IMSI catcher attack), by securing calls and texts between your mobile device and a desk phone, for example. It does this by using software installed on the phone that does the encryption and decryption. Whatever is sent from the mobile using the software, be it a call, text or attachment (such as a video or photo), is completely encrypted end-to-end including your meta data, and therefore protected.

Having said all this, there is so much more to security than encryption which is rarely the weakest link.  The dangers in using free apps for business, or on devices that also have business data on them, revolve far more around how your sensitive data is managed, where it goes and who has access to it.

Armour Mobile is as easy and convenient to use as any of the consumer grade apps, while giving superior security and ensuring your data isn’t being hoovered up by a hacker, or one of the global corporations.  Something worth thinking about before travelling abroad this summer.