Having just returned from the sunny dunes of a distant shore, I would like to share with you now a little insight about those insecurities that seem to follow us wherever we travel. OK, at the outset, I would like to state that to completely “unplug” when I go on vacation is very difficult. Therefore, if I see something interesting, I try to fill up my now freed-up time by commencing little investigations. On this occasion, one of the first observations I made was that of the public’s appetite to remain connected always, whether in their hotels, on the beach, or dining out.
The problem with this constant connectivity is of course that all of their connections’ access points were insecure; they could easily allow someone like me to trace down their device and prove, for example, that in a number of cases they were exposed to known exploits like FireSheep. In summary, my first observation is as follows: notwithstanding a paper I wrote some years back on WiFi security, things seem to be just as bad now as they were three years ago.
Image 1: Cell phone charging points
My second observation has to do with recharging your mobile devices. It may be that when you are travelling, your cell phone runs out of juice after uploading all those photographs of your beach getaway to Facebook. But never fear! With the advent of cell phone charging points, [See Image 1] you can simply connected your device via USB and re-energize its little power source. But how do you really know what this charger’s capabilities are? We’ve likely never interacted with that particular charger before. Can we as public users be sure that somewhere down the road, if not already, some nasty, imaginative individual hasn’t worked out some crafty means to circumvent our personal-cell security using these chargers?
The cell phone is no longer just some little hand held device which we use to send texts or make calls. It is a hand-held communications server that can do everything from facilitating our banking transactions to controlling our home heating systems. On that basis, I thinks this little tool deserves a tad more respect and certainly a lot more security.
[su_box title=”About Professor John Walker – FMFSoc FBCS FRSA CITP CISM CRISC ITPC
” style=”noise” box_color=”#336588″]
Visiting Professor at the School of Science and Technology at Nottingham Trent University (NTU), Visiting Professor/Lecturer at the University of Slavonia [to 2015], Independent Consultant, Practicing Expert Witness, ENISA CEI Listed Expert, Editorial Member of the Cyber Security Research Institute (CRSI), Fellow of the British Computer Society (BCS), Fellow of the Royal Society of the Arts (RSA), Board Advisor to the Digital Trust, Writer for SC Magazine UK, Originator of DarkWeb Threat Intelligence, CSIRT, Attack Remediation and Cyber Training Service/Platform, Accreditation Assessor and Academic Practitioner and Accredited Advisor to the Chartered Society of Forensic Sciences in the area of Digital/Cyber Forensics.
Twitter: @SBLTD
John Walker is also our Panel member. To find out more about our panel members visit the biographies page.[/su_box]
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.