mobile (in)security

In my last post, an ex GCHQ staffer is quoted as saying:

“If you’re stepping back a bit and saying what cars do park outside GCHQ or somewhere like Porton Down then you have the pool of information there if you ever need it.”

which got me wondering about how secure existing protective measures around the use of mobile ‘phones in and around some sites actually are.

For fairly obvious reasons, secure sites already require that visitors (or staff) leave all mobile communication devices, laptops or any electronic device capable of making audio or video recordings, in shielded lockers on entry. Mobiles must be switched off before being locked away.

Now what is the first thing anyone does when picking up their switched off mobile on leaving? What is the first thing you do when landing at a holiday resort when you have had your ‘phone switched off for the flight?

You turn it back on.

So, any hostile agency capable of locating something like an IMSI catcher aka Stingray anywhere near such a site would have the ability to capture the details of any mobile device when it was switched back on as the owner was leaving the secure location. That gives the attacker a veritable trove of information about who goes to such sites, how often, and how long they stay there.

Let’s just hope that all “secure” sites are completely secured and isolated from IMSI catchers and any other nefarious form of mobile surveillance technology. And of course, we must hope that anyone actually driving to, and parking at, such a site has such an old vehicle that it does not contain any “connected car” telemetry capability.

Permanent link to this article: https://baldric.net/2023/01/16/mobile-insecurity/

Leave a Reply

Your email address will not be published.