Fear of bugging prompts iPad ban in UK Cabinet meetings

iPads were plucked from users’ hands at a UK Cabinet meeting last week, because of fears that they might be bugged by foreign intelligence agencies.

The Daily Mail reported that the Ministers were using the devices for a presentation by Cabinet Office Minister Francis Maude and Mike Bracken, who’s in charge of the Government Digital Service.

The talk was on the topic of saving the economy close to £2 billion ($3.19 billion) a year within the next four years.

Typically, the Cabinet isn’t particularly generous about applause for presentations, the Daily Mail said, but this time, when the talk wrapped up, Ministers clapped.

That’s when the government’s security team pounced, the Mail reports, whisking all iPads out of the room to avoid careless talk reaching the wrong ears.

It doesn’t stop there, The Telegraph subsequently reported.

Given the security force’s fear that foreign intelligence agencies have developed the ability to turn mobile devices into eavesdropping bugs without their owners’ knowledge, all tablet computers – which, one assumes, covers all manufacturers’ gadgets, and not just Apple’s – are now banned from Cabinet meetings.

The Telegraph’s Matthew Holehouse writes that Ministers in sensitive government departments have also been given soundproof, lead-lined boxes that they’re required to store their mobile phones in while having sensitive conversations.

The concern, he writes, is that

China, Russia, Iran and Pakistan have developed the ability to turn mobiles into microphones and turn them into transmitters even when they are turned off.

The news comes fast on the heels of reports last week from Italian newspapers (including La Stampa) that delegates to the G20 summit near St. Petersburg, Russia, received USB sticks and mobile phone chargers boobytrapped with Trojan horse malware.

The devices reportedly were able to secretly tap emails, text messages and telephone calls.

According to Corriere della Sera, when he got back to Brussels, the G2 European Council President, Herman Van Rompuy, sent the devices over to his security managers.

They in turn asked for help from the German secret service.

Their analysis resulted in a memo going out to member states indicating that the USB stick and power cables were “suitable for the illegal collection of data from computers and cell phones” and that member states should “take every possible precaution in case these items have been used and if not to entrust the security structures for further inspection.”

Russia has denied the allegations.

What are the lessons here for businesses? Typically, most don’t struggle with the fear of a nation turning their employees’ devices into surveillance bugs.

But with or without the threat of foreign intelligence spying on your organization, iPads, or any other tablet for that matter, are in many ways just smartphones in a bigger form.

That means they carry the same risks to a company’s network security.

Such devices also usher in the bring-your-own-device migraine.

Practical tips in these surveillance-happy times

The traditional, centralised approach of configuration management, software, patching and security is often impossible, if not irrelevant, on such platforms, as Sophos’s Ross McKerchar has described in his article about handling smartphones in the workplace.

That article has tons of good advice on handling device security, including segregating a user’s personal iPad or other device so that they don’t have direct, unrestricted connectivity to crucial servers unless absolutely necessary; having clear policies on passwords and jailbreaking; evaluating the risk profiles of platforms (Android vs. Apple); educating users; and more.

But wait, there’s more!

Ross followed up with this article, which delves into what an attacker might do with the juicy tidbits on a stolen or lost device. This includes the social engineering stunts that can be pulled, given that the device would likely contain the owner’s address, date of birth and information that could then help to answer account security questions.

Still worried about your mobile phone being a bug? Advice for the truly surveillance nervous: Before you read either article, lock your cellphone in your car trunk.

Don’t read the articles out loud, and try to avoid moving your lips while you read.

Via: nakedsecurity


Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *