The threat of mobile espionage is escalating, prompting security experts to advise caution in everyday communications. Christine Gadsby, the chief security adviser at BlackBerry, emphasized the risks associated with even the simplest messages, such as asking her children to “stop and get bread.” With data considered the world’s most valuable digital commodity, both governments and corporations are vying for access, often without users’ awareness of what they reveal through their devices.
Gadsby, speaking from her home in Texas, identified nation states as the primary actors in this arena, with particular concern for state-sponsored groups from China. “Nation states really are the primary threat actors,” she noted, highlighting the sophistication and collaboration among these entities. Gadsby specifically named Salt Typhoon and APT 41 as the most significant threats, stating that authorities in the West, including Australia, are actively working to counter them. The United States Federal Bureau of Investigation (FBI) is pursuing five Chinese nationals linked to APT 41 for allegedly conducting supply chain attacks against numerous companies.
According to Gadsby, Salt Typhoon leads the charge among these groups, having compromised networks in over 80 countries and affecting more than 600 organizations. “That’s a lot, that’s a big surface,” she remarked. The scale of Salt Typhoon’s operations is matched only by its ability to maintain a persistent presence within telecom networks, making it a formidable adversary. “They don’t just breach the telecom, they stay there,” Gadsby explained, noting that large security research groups and even telecommunications companies acknowledge the challenge of addressing such extensive breaches.
BlackBerry, once renowned for revolutionizing mobile communication, has shifted focus since discontinuing its mobile device line in 2022. The company is now dedicated to safeguarding privacy through a suite of security software and services. Gadsby articulated the firm’s mission: “That’s what we started for and that’s what we’re doing – protecting private, confidential information that flows from a handset to another handset.”
For Gadsby, this mission is both professional and personal. As a mother of four, she is particularly invested in keeping her daughters safe from potential threats. She stressed the importance of being proactive in mobile communications, especially regarding the use of free messaging applications. These platforms, while convenient, can expose users to significant risks.
While groups like Salt Typhoon primarily target governmental agencies, they are also skilled at harvesting user metadata – information that provides insights into users’ habits and preferences. Gadsby pointed out that metadata can reveal GPS coordinates, the timing of communications, and device details. “When you create a user account, you assign your phone number and you give it a name – those messaging applications are tracking everything that you’re doing,” she explained.
The implications of this surveillance are concerning. “All that data is for sale,” Gadsby warned, indicating that attackers exploit this infrastructure to compile extensive profiles based on available metadata.
While Gadsby acknowledged that completely safeguarding data is challenging in today’s fast-paced environment, she recommended practical steps to mitigate risks. “Get rid of unused apps and run a basic check on permissions,” she advised. For instance, users should reconsider apps that constantly track their location. “It doesn’t need to have your location all the time,” Gadsby stated.
She also emphasized the importance of educating family members about data sharing, particularly with younger users. “My girls know that they are not allowed to share their location through an app,” Gadsby said, advocating for direct communication methods instead, such as making phone calls to arrange meetings.
The rising threat of mobile espionage highlights the necessity for heightened awareness and proactive measures among users. As technology continues to evolve, so too must the strategies employed to safeguard personal information in an increasingly interconnected world.
