When in China, don't leave your laptop alone

If you travel to China or Russia, assume government or industry spooks will steal your data and install spyware. Here's how to thwart them

1 2 3 4 Page 3
Page 3 of 4

3. Be cautious with smartphones and other mobile devices. Smartphones can also be targets for espionage. For example, a customer of security products company KoolSpan brought his Android smartphone on a recent trip to China, and as a precaution noted the operating system version and radio stack version of his phone after arriving and before going to sleep.

When he woke up, the OS and radio stack version had been changed, says Glenn Schoonover, senior director of security solutions at KoolSpan and former chief of network security at the Pentagon. "The operating systems was updated over the air without the consent of the phone owner," he says.

The customer suspects it was done by the Chinese government, which controls the telecommunications service in China, Schoonover says. "With the right software they could turn on the microphone without alerting him, thus enabling them to listen to any of his conversations, not just phone calls," Schoonover says -- or even remotely control his device to monitor emails, read stored files, and so on.

Even devices with a reputation for having strong security, such as Research in Motion's BlackBerry, need to be carefully guarded. For example, the last time security technology company Cylance had an executive travel overseas, he wiped his BlackBerry and used the cleaned smartphone for phone calls only, says Stuart McClure, Cylance's CEO.

When the executive returned home, the BlackBerry did not properly boot up, so the company had to do a full firmware refresh, McClure says. "We are still working on the forensics image to determine root cause, but it is clear that something happened to the firmware image, which can only be done with an invisible update from RIM -- which is not likely -- or an attack," he says.

4. Apply encryption generously. If your laptop or mobile device has personally identifiable information or external access to personal and corporate systems, it's imperative that the devices be totally encrypted, says Prescient Solutions' Irvine.

Vendors such as Microsoft, Check Point, and Symantec have products to totally encrypt data on hard drives and portable storage devices, Irvine says. Apple includes such full-disk encryption in its OS X, though you may want to use a defense-grade product instead.

On mobile devices, Apple's iOS is encrypted by default, and that encryption can't be turned off. But it's not defense-grade encryption, so state-sponsored cyber thieves can get around it. That's also true of Android's encryption, which must be enabled by the user. The new Windows Phone 8 also includes device encryption, which is on by default as in iOS. All three mobile OSes use SSL encryption for data sent over the Internet; Apple provides S/MIME encryption for email as well.

To get better encryption of data on mobile devices, look to mobile management tools providers, several of which offer app containers that have a higher level of encryption around the data and apps running within them; examples include AirWatch, Good Technology, and MobileIron. And every mobile device management (MDM) tool can ensure that native device encryption is enabled.

Keep in mind that encryption isn't foolproof when it comes to thwarting highly skilled spies. "Operate with the awareness that even encrypted communication may not be completely private, and therefore limit any nonpublic activities while overseas," says Vigilant's James.

1 2 3 4 Page 3
Page 3 of 4