Summer travel season is upon us and mobile device security should be top of mind for everyone. Traveling with mobile devices introduces several unique security risks, especially when you're outside of your usual network or in unfamiliar environments. These risks include unknown WiFi networks, stolen devices, malware from third-party apps, and more. 

To help travelers understand their risk in different countries, recent research uncovered how People’s Republic of China (PRC) state-owned telecom providers are quietly positioned at the center of global mobile network traffic, enabling massive surveillance risks that affect millions of devices worldwide. We’ve observed sensitive data from at least 60 mobile operators in 35 countries flow through these networks, showing just how far this reaches. These networks offer man-in-the-middle (MITM) access to SMS, location updates, authentication data, and more, putting mobile devices and people at risk, especially in places where most people would expect to feel safe. 

The findings highlighted above show just how easy it is for Chinese state-controlled telecom providers to exploit mobile vulnerabilities, potentially intercepting calls, messages, and location data without users realizing it. These risks affect businesses, government agencies, and everyday users, raising serious concerns about mobile security. This is especially true when users are away from their home networks and safe environments while traveling. 

We’ve started to see real-world attacks exploiting the vulnerabilities in legacy mobile architecture, and we don’t expect it to slow down anytime soon. 

Enterprises need to ensure their employees and their devices remain secure during summer travel. The only things that should be coming home with you are souvenirs and memories, not malware. Here are some critical tips for ensuring mobile phones are updated and secure before you leave home:

• Update Operating System and Applications: Keep operating systems and applications up to date, to prevent exploitation of known vulnerabilities.

• Back Up Data: Maintain regularly scheduled backups of important data, to include documents, contacts, etc.

• Encrypt  Devices: In the event that your mobile device is lost or stolen, having full disk encryption prevents unauthorized parties from accessing your data.

• Use a Strong Passcode: Implement strong passwords that are at least eight alphanumeric characters, and use a special character if possible. Passcodes and biometric access is also recommended.

• Disable Automatic WiFi/Bluetooth Connections: Remove automatic authentication to Wi-Fi networks and Bluetooth devices, as this could potentially allow a threat actor to gain information for social engineering or potentially create malicious hotspot to intercept data.

• Enable FindMy and/or Device Management: The FindMy application or similar functionality, allows for the user to locate, lock and wipe their mobile device(s), which is helpful if the device(s) are lost or stolen.

To help mitigate these threats, there are travel security recommendations and tools that allow users to assess destination risk levels, harden their devices, and run pre- and post-trip security scans– ensuring their phones and data stay protected no matter where they are. The tips above will help users stay safe this summer and beyond - be sure you’re prepared before heading out. Your employer and family will thank you.