August 19, 2014 at 8:08 pm
Comments posted to this topic are about the item Yet Another Attack Vector
August 20, 2014 at 2:12 am
Well it highlights that people should know their rights as clearly this could be used for industrial espionage as well as many other things. For people who travel around the world (Steve, for example), how are they supposed to know and keep knowing their rights in different countries?
I guess you guys and gals over the pond have it hard enough with the variation in state law and hope that most of this kind of issue is covered by federal law.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
August 20, 2014 at 7:28 am
Stealing a cell phone is petty theft, but impersonating a law enforcement officer is a felony. It could potentially be considered kidnapping, if they hold the person against their will and coerce them in some way. I hope the courts don't overlook this distinction when they prosecute these guys.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
August 20, 2014 at 7:34 am
When traveling outside the US, especially to a country with a State Department travel warning, you should consider leaving your smart phone and laptop at home and instead carry a disposable flip phone will call forwarding. When local airport security pulls someone off the side for enhanced screening, it could be a pretext for perusing the contents of your personal device data.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
August 20, 2014 at 7:41 am
Eric M Russell (8/20/2014)
When traveling outside the US, especially to a country with a State Department travel warning, you should consider leaving your smart phone and laptop at home and instead carry a disposable flip phone will call forwarding. When local airport security pulls someone off the side for enhanced screening, it could be a pretext for perusing the contents of your personal device data.
...and for us in the UK and elsewhere: When traveling to the US you should consider leaving your smart phone and laptop at home and instead carry a disposable flip phone will call forwarding. When local airport security pulls someone off the side for enhanced screening, it could be a pretext for perusing the contents of your personal device data. 😉
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
August 20, 2014 at 7:48 am
Gary Varga (8/20/2014)
Eric M Russell (8/20/2014)
When traveling outside the US, especially to a country with a State Department travel warning, you should consider leaving your smart phone and laptop at home and instead carry a disposable flip phone will call forwarding. When local airport security pulls someone off the side for enhanced screening, it could be a pretext for perusing the contents of your personal device data....and for us in the UK and elsewhere: When traveling to the US you should consider leaving your smart phone and laptop at home and instead carry a disposable flip phone will call forwarding. When local airport security pulls someone off the side for enhanced screening, it could be a pretext for perusing the contents of your personal device data. 😉
I agree totally. Even a 70 year old retired school teacher flying from Georgia to Florida to visit the grandkids could find themselves pulled into the homeland security twilight zone simply because they share the same name as someone of the US no-fly list.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
August 20, 2014 at 8:14 am
The problem is that far too many of us travel for work. Leaving a laptop/cell phone behind isn't an option.
August 20, 2014 at 8:31 am
Steve Jones - SSC Editor (8/20/2014)
The problem is that far too many of us travel for work. Leaving a laptop/cell phone behind isn't an option.
My work laptop contains nothing but a bare bones install of Windows 7. I VPN/Remote Desktop into a PC sitting underneath by desk back at the office; which is the normal way I work every day. Not even email is stored locally. Of course I don't store the VPN login credentials. If someone steals the laptop, all I've lost is $350 and an excuse to buy a new one.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
August 20, 2014 at 8:45 am
Eric M Russell (8/20/2014)
Gary Varga (8/20/2014)
Eric M Russell (8/20/2014)
When traveling outside the US, especially to a country with a State Department travel warning, you should consider leaving your smart phone and laptop at home and instead carry a disposable flip phone will call forwarding. When local airport security pulls someone off the side for enhanced screening, it could be a pretext for perusing the contents of your personal device data....and for us in the UK and elsewhere: When traveling to the US you should consider leaving your smart phone and laptop at home and instead carry a disposable flip phone will call forwarding. When local airport security pulls someone off the side for enhanced screening, it could be a pretext for perusing the contents of your personal device data. 😉
I agree totally. Even a 70 year old retired school teacher flying from Georgia to Florida to visit the grandkids could find themselves pulled into the homeland security twilight zone simply because they share the same name as someone of the US no-fly list.
Joking aside, we have all had a peek at the invasive spying on one another recently; US on Germany, Germany on Turkey and those are spying on close allies then we have China on US, US on Russia. Of course, here in the UK we have GCHQ to land ourselves in the same spying trouble too. Then there is [Country] on [Same country]'s citizens - replace with different countries for various incidents.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
August 20, 2014 at 8:47 am
Steve Jones - SSC Editor (8/20/2014)
The problem is that far too many of us travel for work. Leaving a laptop/cell phone behind isn't an option.
I have nothing that wouldn't bore most people in minutes. More value to advertisers than national security or industrial spies.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
August 20, 2014 at 8:51 am
Even through there is probably no confidential data stored locally on the laptop, I also use DiskCryptor, which encrypts the entire HD.
Both iPhone and Andriod phones have a encryption feature, but if you're a journalist covering political protests overseas, and get stuck in jam with security personnel at the airport, it's good to know that your burner phone contains nothing except incoming and outgoing phone numbers.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
August 20, 2014 at 9:47 am
The issues raised in the article does introduce a very interesting premise. If someone gets control of our devices (through loss, perceived authority, accident, etc) then they could have access to a variety of data. My company has policy that if you access email or anything else work-related on your phone than you need to have anti-virus software and have it protected with a screen lock. I have these things, but I still don't use my phone for work other than as a phone - voice and text. That alone is pretty-much harmless, but I know a lot of people use their phones for work email and other things. That would not be harmless. A break-in at home would net the thief a laptop, so what's on it? I keep work stuff on my work computer, but I know not everyone does the same.
I think the key is that we all have to be aware of how we access data and put mechanisms in place to safeguard the data we have access to and actually think about it. I think the article does a fine job of raising the issue and maybe awareness starts with us. If we tell people how we treat our devices, then they'll be aware of the issue and tell others, and so on. Of course, this is an optimistic outlook and probably bears little similarity to reality. As Lutz has in his signature, "A pessimist is an optimist with experience".
The article introduces a lot of different variations in the attack vector, so my compliments on the name. For being so short, it provoked a lot of serious thought. Thanks for a great article, Steve.
August 20, 2014 at 12:50 pm
Eric M Russell (8/20/2014)
Gary Varga (8/20/2014)
Eric M Russell (8/20/2014)
When traveling outside the US, especially to a country with a State Department travel warning, you should consider leaving your smart phone and laptop at home and instead carry a disposable flip phone will call forwarding. When local airport security pulls someone off the side for enhanced screening, it could be a pretext for perusing the contents of your personal device data....and for us in the UK and elsewhere: When traveling to the US you should consider leaving your smart phone and laptop at home and instead carry a disposable flip phone will call forwarding. When local airport security pulls someone off the side for enhanced screening, it could be a pretext for perusing the contents of your personal device data. 😉
I agree totally. Even a 70 year old retired school teacher flying from Georgia to Florida to visit the grandkids could find themselves pulled into the homeland security twilight zone simply because they share the same name as someone of the US no-fly list.
In case you didn't case this latest tidbit - the issue is a bit larger than that. The TSA seems to be phasing in a requirement that proves that ALL devices can be turned on. Meaning you will have to start proving that the device does in fact turn on and boots etc...
It's only a matter of time before the request spreads pretty much everywhere (i.e. both in the US and on the inbound flights as described).
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
August 20, 2014 at 1:38 pm
The other thing stored on these devices is passwords. With all the ridiculous requirements for cryptic impossible to memorize passwords and 'you can't use the last n passwords' and such - the passwords I don't store on yellow postits are stored on my cell phone.
And I want them easy to reach since I seem to need one every few minutes. So letting someone have access to the device gives them a LOT more. At least the yellow postits on a filing cabinet can be cryptic enough (just the password) that no one will figure out what the password is for.
August 20, 2014 at 2:07 pm
Isn't it crazy how a lot of folks these days walk around in public with a complete history of their bank statements, address book, work correspondecnces, personal correspondeces, and even nude photos of themselves in their back pocket? It just seems nuts.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 15 posts - 1 through 15 (of 20 total)
You must be logged in to reply to this topic. Login to reply