Olympian mobile threats lurking in your local Starbucks

An NBC report about mobile security threats at the Olympics has come under withering criticism from security experts around the world.

In the report, NBC foreign correspondent Richard Engel "demonstrated" that as soon as he logged onto a W-Fi network at a Russian restaurant using a smartphone and laptop, he was "hacked."

Brian Williams in introducing the story said that as soon as visitors to Sochi "fire up their phone at baggage claim, it's probably too late to save the integrity of their electronics and everything inside them. Visitors to Russia can expect to be hacked…It is not a matter of if, but when."

Paul Proctor, Chief of Security and Risk Management at Gartner, terms Williams' comments "overstatement and misleading." Proctor goes onto observe: "Most everything they describe in the story is as equally true at your local Starbucks as it is in Sochi."

Engel, who set up a fake online persona for the experiment, visited the restaurant with Kyle Wilhoit from security firm Trend Micro. Engel relates: "We used a new smartphone to browse for information about the Sochi Olympics. Almost immediately, we were hacked…Malicious software hijacked our phone before we even finished our coffee, stealing my information and giving hackers the option to tap and record my phone calls."

Robert Graham with Errata Security puts it bluntly in the title of his blog: "That NBC story 100% fraudulent." Engel was in Moscow when he did the demonstration and he downloaded Android malware onto his phone.

"Absolutely 0% of the story was about turning on a computer and connecting to a Sochi network. 100% of the story was about visiting websites remotely. Thus, the claim of the story that you'll get hacked immediately upon turning on your computers is fraudulent. The only thing that can be confirmed by the story is 'don't let Richard Engel borrow your phone,'" writes Graham.

Phil Nickinson with Android Central joins in the dissing party. "In the piece, NBC's Richard Engel sits down with "top American security expert" Kyle Wilhoit--he works for Trend Micro, actually--and we see an Android smartphone downloading and installing malware. Oops. Hacked. Only, not really."

"While it certainly is possible to hit a link and see a malicious app start downloading, it won't actually install without some other interaction," Nickinson adds.

Even Wilhoit, who was the security expert assisting Engel, laments about the inaccuracy of the report. "Unfortunately, the editing got the best of the story. Cut a lot of the technical/context details out," says Wilhoit in a tweet.

For more:
- view the NBC report
- read Proctor's blog

Related Articles:
Gartner: Nearly one-third of firms will use biometrics for mobile devices by 2016
Enterprises fail to implement strong mobile security policies
Infographic: Two-thirds of IT managers concerned about mobile security threats