Do you use burner phones during business travel? Here’s how you can be targeted

  • Spies can choose to set up an IMSI catcher to simulate a burner phone’s base station.
  • It is advisable to use a burner phone that has a hardware kill switch for shutting off the microphones.

The need for burner phones

With the advancement in technology, organizations have taken it to video conferencing for immediate meetings, sales pitch, and even critical tasks like partnership discussions to finish a job efficiently and on time. However, that’s not the case always.

Organizations also have confidential meetings, strategic planning, corporate or legal negotiations, and more that needs to be discussed in a face-to-face interaction, requiring businessmen to travel to foreign countries.

Since foreign countries cannot be trusted for privacy due to many reasons, business people and other travelers buy burner phones to ensure a minimal data footprint in the likely event of a compromise.

Eavesdropping toolkit and source of attacks

Intelligence agencies, or sophisticated corporate competitors, or anyone with a personal interest can deploy spyware on burner phones for the purposes of eavesdropping by exploiting the below techniques.

  • Malicious carrier updates: Adversaries or spies may attempt to install spyware on the phone via a malicious carrier-level update as soon as the targeted user attempts to connect to a cellular network.
  • Radiofrequency (RF) hack: Airports are normally designed with many chokepoints. A spy can use the proximity to a user’s phone to exploit Bluetooth and other RF vulnerabilities to install spyware.
  • Physical installation of spyware: If the target traveler is chosen for secondary screening, its phone is often confiscated and examined by customs agents, who can compromise the device on somebody’s behalf.
  • Fake cell towers: Spies can choose to set up an IMSI catcher to simulate a burner phone’s base station. Once the phone connects to this fake cell tower, spies can install spyware on the device via the spoofed tower.
  • Service staff attacks: Many times, hotel staff and government officials have the authority to obtain access to hotel rooms. This opportunity can be further used to install spyware directly onto the burner phone or bug it via other methods.

What can you do?

Face-to-face conversations in the presence of compromised phones can reveal valuable information to unknown threats. Here’s what you can do.

  • Use an anti-surveillance case for burner phones to mask the audio in the vicinity of the phone.
  • Prefer a burner phone that has a hardware kill switch for shutting off its microphones.
  • And the best option is to physically disconnect the microphones within the burner phone if not in use.