Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

U.S. Olympians Told to Use ‘Burner Phones’ in China

U.S. Olympians Told to Use 'Burner Phones' in China

U.S. Olympians Told to Use 'Burner Phones' in China

Olympic athletes heading to China for the upcoming Winter Games should use burner phones and rental computers, and understand clearly that there’s “no expectation of data security or privacy” while moving around in China.

That’s the blunt warning from the U.S. Olympic and Paralympic Committee ahead of next month’s games in Beijing where there’s an elevated risk of malware infections and data compromise.

The guidance is an important reminder to businesses that international travel, even though curtailed by the pandemic, presents a clear and present danger to sensitive company data and intellectual property.

“No guarantees of data privacy or security should be made regardless of the security technology utilized. Assume that every device and every communication, transaction, and online activity will be monitored. Devices may also be compromised with malicious software designed to compromise the device and its future use,” the committee said in a notice seen by SecurityWeek.

It recommended that a “sterile device” be used when entering China and, upon exit, “ the cleansing and destruction of the information on the device ensures the highest degree of security.”

[ Virtual Event: Ransomware Resilience & Recovery Summit – Jan. 26 ]

The committee specifically pushed the U.S. delegation to use burner phones and carefully wipe and destroy devices after use in China. 

Beijing Olympics 2022“The applications and data on the mobile devices brought into China should be cleansed and devices brought out of the country should be wiped and destroyed due to the risk of further network and data infection by malicious programs. The usage of rental cellphones is preferred.”

“Personal mobile devices (cellphones and tablets) are discouraged from being brought into China,” it added.

Advertisement. Scroll to continue reading.

The group also recommended the use of “rental computers” and warned that “the greatest threat to security is both the data that is brought into China as well as the potential malicious programs that are brought out.” 

Upon entry into China, business travelers and athletes should understand that Chinese authorities have the authority to inspect or seize any device for security reasons during customs processing. Although these incidents are rare, olympians should assume that every text, email, online visit, and application access can be monitored or compromised.

“There should be no expectation of data security or privacy while operating in China,” the group warned, noting that the use of firewalls, anti-malware and encryption technologies are encouraged but aren’t guaranteed to provide real protection. 

[ READ: Five Key Signals From Russia’s REvil Ransomware Bust ]

“Despite any and all safeguards that are put in place to protect the systems and data that are brought to China, it should be assumed that all data and communications in China can be monitored, compromised or blocked.”

At a minimum, it said Windows and macOS-powered machines landing in China should be cleansed of personal and business data and hardened via appropriate security software and protocols at the BIOS, authentication, and application level.

The Olympic Committee‘s guidance comes just days after the discovery of a “simple but devastating flaw” in the encryption of the MY2022 app used to monitor COVID infections. The app is mandatory for athletes, journalists and other attendees of the games in Beijing and security experts warn that the flaw exposes health information, voice messages and other data to leakage.

The International Olympic Committee responded to the report by saying users can disable the app’s access to parts of their phones and that assessments from two unnamed cyber security organizations “confirmed that there are no critical vulnerabilities.”

Citizen Lab said it notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.

Related: Mandatory Chinese Olympics App Has ‘Devastating’ Encryption Flaw 

Related: South Korea Probes Cyber Shutdown During Olympics Ceremony

Related: Sophisticated False Flags Planted in Olympic Destroyer Malware

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.