Some of our recent blog articles have focused on how we can protect our personal data, or that of our children. In this post we will look at the question of cyber security when travelling abroad and using mobile devices. After all, both business and leisure travellers are unlikely to visit other countries without taking their phones and laptops with them.
WiFi versus MiFi
The term 'WiFi' is a trademark. It is not short for "wireless fidelity," as commonly believed, but is the name of a technology that provides connectivity to multiple devices - laptops, mobile phones, IoT equipment etc - through the use of wireless local area networking (WLAN) based on the IEEE 802.11 standards.
Public WiFi is of course widely available everywhere – in hotels, airports, shopping centres – and is often free. Tempting though it may be to take advantage of this wherever possible, especially when travelling abroad, our advice would be to refrain from doing so where possible.
Public WiFi networks may be secured (requiring account registration, password and perhaps a fee) or unsecured (allowing automatic, free access to the internet, sometimes with email account registration). Whatever the case, care should always be taken before logging on. Serious problems with WiFi networks were highlighted in 2017 when weaknesses were found in the WPA2 security technology commonly deployed on them: a researcher published details illustrating how attackers could use the flaws to intercept data – even that assumed to be encrypted – from vulnerable devices within range. In some cases it can even be possible to infect a device with ransomware or other malware.
Cyber-criminals can also set up fake WiFi connections that appear to be genuine. These ‘evil twin’ attacks involve configuring a rogue access point which may be given the same name as the one you are logging on to in Starbucks. Victims may have their actions monitored, leaving them open to phishing attacks or data theft.
When using public WiFi networks then, whether secured or unsecured, it is highly advisable to avoid accessing personal or corporate bank accounts or other important data; similarly it is best to steer clear of making online payments when accessing the internet via a public network.
Where possible, use a Virtual Private Network (VPN): this will ensure that your data is encrypted and cannot be intercepted by other users on the same WiFi connection.
Whereas WiFi is a technology, MiFi is a device consisting of two parts, a modem and a router: it acts as a mobile WiFi hotspot. Using a 3G or 4G cellular network, up to ten devices can be connected to it. It offers a useful safeguard for travellers, enabling much more secure internet use than public WiFi can provide.
MiFi is actually a brand name, with a registered trademark owned by Novatel Wireless. However, many companies have produced similar mobile devices. China’s Huawei is among them, a firm that has been banned from operating in the US and several other countries in recent years, due to allegations that it has, probably at the behest of the Chinese government, deliberately planted backdoors on a range of devices for cyber espionage purposes. Having said that, there is no guarantee that vulnerabilities in products manufactured by any company in any country will not be found, and it is sensible to be aware of this.
Protecting your corporate and personal data
There are particular concerns for all travellers about the ability of cyber-criminals to hack into personal or business accounts and steal highly valuable personal data. However, another aspect to consider involves the actions of various state authorities.
Most governments globally implement security procedures and programmes comprising the collection of intelligence and information from companies and people in other countries.
Russia, China, Iran and North Korea are all examples of countries where state-sponsored cyber groups have been seen carrying out carefully planned, extremely successful campaigns aiming to infiltrate company systems.
But it would be a mistake to assume that countries seen as ‘rogue states’ or in competition with the West in other ways are the only ones which might target foreign organisations or individuals: one only has to refer to the Snowden Papers to appreciate the extent of cyber espionage – targeting both governments and corporations – instigated by the US. Israel, another example, is also heavily involved in this sort of activity, as has been clearly and frequently documented.
In short, state agencies in most countries may try to intercept the data contained on your device, but some are more likely than others to use this information.
Companies operating anywhere in the world should therefore ensure their personnel are fully aware of the dangers of having their personal or corporate data hacked, and that they adhere to stringent cyber security practices.