While traveling for business, a professional carries a
set of goals to expand to new markets, close out promising sales, or open up
new opportunity with foreign partners. To obtain the data needed to support
such efforts, a business professional typically travels with a device that
includes contacts, presentations, and data sheets. While such information is
valuable to the business professional and his or her organization, it is much
more valuable to a competing organization, or authoritarian government, that
would like to close the gap on research and development.
Case Studies- Consider the customer of a security products company on a trip Abroad. The traveler brought with him his Android smartphone and, as a precaution, noted the version of the operating system that the device was running before leaving. When he woke up in his accommodations on site, he noticed that the version of the operating system had been changed due to an unauthorized update that had been pushed over the air. Such an unauthorized update could allow the device to be used as a microphone, listening in on conversations in any room the device was located. Such a compromised device could also siphon off data including emails, texts, and stored files.
- An executive at a security technology company cleared the data on his phone before heading overseas, and used the clean phone for voice calls only. Upon returning home, the device would not boot properly and needed the firmware loaded from scratch. Forensics were performed on the device to determine the root cause- which could only come from an unlikely, invisible update from the device manufacturer- or an attack against the device aimed at compromising it.
Many different types of devices can be the target of such
attacks. Think of all the different devices you might take with you when you
travel, whether for business or vacation:
·
Laptop
·
Smartphone
·
Tablet
·
Digital camera
·
Camcorder
·
Audio player
·
Flash drives
·
Memory cards
Each of the above devices contains some form of data or
code that runs on the device. If the device has WiFi, mobile access, or active
Bluetooth, there is a possibility of it being compromised through one of those
wireless interfaces. If a device is left behind in a hotel room or other
unsecured location, it could be tampered with, duplicated, or stolen.
There are several methods to secure, minimize, or even
hide data. These methods include using encryption, making
backups, traveling with reduced information- or “clean
device” that has no data.
Other solutions include data that is only sent or
made available remotely once the traveler has arrived and then revoked when
returning. While these methods are geared toward border crossings that may
subject the travel to additional scrutiny, they work equally well against
espionage performed by competitors or authoritarian governments.
See You at the Top