FBI tells Olympic athletes not to take their phones to China
angelsmarketplace_dghob2
US security agency the FBI has warned athletes headed to China for the Beijing Winter Olympics to leave their regular phones at home and take burners instead.
An announcement from the FBI reads: “The FBI urges all athletes to keep their personal cell phones at home and use a temporary phone while at the Games. The National Olympic Committees in some Western countries are also advising their athletes to leave personal devices at home or use temporary phones due to cybersecurity concerns at the Games.”
It lists every possible cyber security threat as a reason for doing this, including DDoS attacks, ransomware, malware, social engineering, data theft, leaks, phishing campaigns, disinformation campaigns, and ‘insider threats.’
It goes on to say that if any of these were successful it could: “…block or disrupt the live broadcast of the event, steal or leak sensitive data, or impact public or private digital infrastructure supporting the Olympics. Additionally, the FBI warns Olympic participants and travellers of potential threats associated with mobile applications developed by untrusted vendors. The download and use of applications, including those required to participate or stay in country, could increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware.”
Presumably the FBI isn’t actually concerned with possibility of the cross-country skiing broadcast getting disrupted, and really this is all wrapped up in the ongoing tensions between the US and China over technology hardware potential espionage.
“Lookout’s researchers took a look at the official app for the Olympics, and found that it requires the user to enter some PII such as demographic information, passport information, travel and medical history,” Hank Schless, senior manager of security solutions at Lookout said in an emailed statement.
“There also appears to be a list of forbidden words for censorship purposes. The app also has a chat feature as well as file transfer capabilities between users. Considering the likelihood that the Chinese government could be monitoring all of this data, users should not use the app for anything more than the bare minimum. By the same token, they should enter as little information as they’re required to.”
Greg Day, Vice President at security firm Cyberreason also emailed us and said: “If a nation state is serious about compromising a mobile phone, it’s likely they would be using zero day attacks – threats that aren’t detected by common security tools. Today, most people don’t see their mobile phone or tablet as a risk, so many have very weak security, easy to guess passwords, no anti-threat controls and are likely to click on anything that pops up.
“If hackers attempt to compromise the mobile phones or tablets used by athletes or the traveling delegation from any nation in Beijing, there is a high likelihood they will be trying to install spyware and Remote Access Trojans; software that allows the device to be controlled by third parties.”
There will always be security threats, and high profile events can offer more avenues for opportunists. But it’s interesting to note just how widely accepted it now is that some of those threats to visitors may come from the Chinese state itself, to the point where the FBI is asking athletes to essentially stay off the grid as much as possible while in Beijing.
