Hidden Risks: Mobile Device Security in High Threat Environments
We all rely on mobile devices to stay connected and productive while on the move. However, in high-threat environments, these devices become prime targets for cybercriminals and other serious threat actors. The risk of unauthorised access, data breaches, and malware attacks increases significantly, putting sensitive business information and personal data at risk. Understanding and mitigating these threats is crucial for ensuring security and maintaining operational integrity.
If you are required to travel to a high-threat environments, here are six risks you may encounter.
1: Identifiers logged on arrival
When you first arrive in a high-threat location, there may be processes in place that look to capture key personal and device identifiers. These identifiers can then be used to track or interfere with you as you move around. Common methods of collection include:
Malicious payloads dropped onto devices while moving through airport security. To prevent this, keep mobile devices switched off to limit the effectiveness of reconnaissance tools.
Unique identifiers collected while transiting through airports or through SIM cards purchased at airports. Voice calls can be inherently insecure, especially in high threat locations.
Sensitive communications compromised through eavesdropping, including through walls, even when using secure voice services. Proactive measures such as bug sweeping are not adequate.
2: Insecure networks
Publicly available wireless networks are often used by attackers to intercept and read data in transit. The exploitation of insecure networks is a method used by attackers of all sophistication levels, however in high-threat environments, larger more official networks may also be used for intelligence gathering by more sophisticated threat actors including state level attackers.
Connecting to public or untrusted networks increases the attack surface for devices. When connected to an untrusted network, device protocols are exposed that otherwise would be unavailable making them vulnerable to exploitation.
Threat actors can also exploit the use of known networks as alternative means of access. For example, if you regularly connect to a public wi-fi in your high street coffee shop, your phone will remember this. Threat actors will look to imitate these wi-fi connections to gain access to your devices.
3: Physical access to devices
Local attackers will have many opportunities to take advantage of physical access to you and your devices in-country. This could be at the airport as you arrive or during your stay at a hotel. Attackers can use positions of authority to take ownership of technology and tamper with devices for their own gains. This includes stripping out data or pushing malware or spyware onto devices.
For a truly high threat deployment, the best way to effectively protect yourself is to use ephemeral devices. A risk assessment or threat model to ascertain the level of threat you may face should be considered. The STIX framework is good at defining sophistication levels. Where the threat is equal to anything above and including ‘Expert’ it should be considered that anything with an on/off switch is likely to be compromised.
4: Physical connectors
While much of what a device is now able to do can be performed wirelessly, there are still some functions that require a physical connection. For example, charging or playing media from the device may still require a cable to be plugged in. Users must stay alert to the fact that plugs, transformers, or speaker docks can contain devices that transmit malware to the device through available data ports.
To minimize this risk, only use physical connectors you own and have confidence in. If connections cannot be avoided, use data blockers to ensure no data can be passed to your devices.
5: Compromised communications
It is likely there will be an element of monitoring of your communications when in a high-threat location. This is often performed to censor the information able to pass in and out of the country. The interception of data in transit can be performed effectively by sophisticated adversaries through several methods and not necessarily via insecure networks.
It should be assumed that all communications within a high threat environment can be compromised. Using high grade crypt, secure voice services can mitigate some of this risk. It is also recommended that sending any sensitive or personal information while in a high-threat environment is minimised.
6: Hotel safes
When leaving a hotel room, it is common practice to leave any items of worth or importance in the provided safe. Unfortunately, it is rare that these safes are secure in any meaningful way and instead act as a signpost to find your valuable belongings.
In the event you store devices holding sensitive data in a hotel safe and leave them unattended, an attacker may enter your room, physically access the device, and compromise it before placing it back in the safe for your return. An example of this is SIM swapping or SIM cloning. If sophisticated it would be extremely difficult to identify and attribute an attack such as this retrospectively.
About the author
Morten Peachey is coc00n’s Chief Information Security Officer. He spent nearly 10 years working for the UK's National Cyber Security Centre working on Zero Trust Architecture principles and facilitating secure working in high threat locations. His specialised experience in information security and cyber intelligence allows him to develop cutting-edge security architectures that can withstand the most sophisticated threats our clients face.
Need to keep your device secure in a high-threat environment? Coc00n's unique mobile device protection secures phones, tablets and laptops against cyber attacks, with a secure configuration that can be customised to suit the deployment. Get in touch to find out more.