askST: Are Web conferencing tools, hotel Wi-Fi and landlines protected against eavesdropping?

WiFi connections, such as those in hotels, are not secure. PHOTO ILLUSTRATION: UNSPLASH
Aqil Hamzah
Updated
Mar 10, 2024, 07:12 AM
Published
Mar 10, 2024, 05:00 AM

SINGAPORE - A conference call held by senior German military officials was intercepted by Russia and leaked to the public, raising questions about the security of Web conferencing tools, hotel phone lines and public Wi-Fi connections.

Revealing the initial results of an ongoing investigation, German Defence Minister Boris Pistorius said on March 5 that a German military officer participating in the Singapore Airshow in February had used an unsecured line at a Singapore hotel to join the Webex call.

The leaked audio features four high-ranking German air force officers discussing hypothetically how long-range cruise missiles could be used by Kyiv against invading Russian forces.

The Straits Times spoke to cyber-security experts to find out how the leak could have happened and the precautions one must take to secure Web conferencing calls, which experienced a spike in popularity during the Covid-19 pandemic.

Q: Are Web conferencing calls secure?

A: Major Web conferencing platforms like Zoom and Webex offer end-to-end encryption, which means that anyone not authorised to listen in cannot make sense of the audio, visual and text transmission.

Encryption makes it difficult to eavesdrop, said Mr Kevin Reed, chief information security officer at cyber-security firm Acronis.

In Germany’s case, its military did not use an off-the-shelf version of Webex, but a specially certified one installed on servers owned by the military and located in its armed forces’ computing centres in Germany, Mr Pistorius said. This set-up offers the highest level of security.

But these tools allow participants to dial in through regular telephone landlines, which have no encryption and may be tapped, said Mr Vitaly Kamluk, cyber-security firm Kaspersky’s Asia-Pacific director of global research and analysis.

Web conferencing platforms provide this option to participants without Internet access, but it also allows people to eavesdrop.

“When you dial in using a landline, a copy of the decrypted call is created, compromising the security,” said Mr Reed. To better secure such calls, users should disable the landline option, he added.

Some speculated that Germany’s Brigadier-General Frank Grafe, who was here for the Singapore Airshow, had dialled in from a regular telephone line from the hotel.

There was also speculation that Germany’s Webex server had been hacked. But Mr Reed does not think so.

The strategic advantage of keeping this a secret would outweigh the benefits of leaking the contents of the call, he said. “Why would they alert Germany to patch any vulnerabilities? I think it was a random, one-time success.”

Q: How else can Web conferencing calls be compromised?

A: Web conferencing call invites contain a phone number and a call passcode. To enter the call, participants need to key in the call passcode. Sometimes, a personal identification number is also needed.

Technically, anyone who receives the invite can join the call.

More On This Topic
How damaging are the revelations in German military intelligence leak?
Kremlin says German military recording shows intent to strike Russia

Kaspersky’s Mr Kamluk said that Germany’s Brig-Gen Grafe is a person of interest, and likely under surveillance.

The Webex call details could have been compromised if Brig-Gen Grafe had forwarded the invite to his personal e-mail account.

This theory follows media reports citing Mr Roderich Kiesewetter, a member of Germany’s Lower House of Parliament, who said there were indications that a Russian participant had dialled into the Webex call.

However, Mr Pistorius dismissed the claim as speculation.

Q: Will I compromise my data by using a hotel’s Wi-Fi network?

A: Wi-Fi connections, such as those in hotels, are not secure.

“Most public Wi-Fi networks require no authentication to establish a connection, which allows malicious actors to join the same network and position themselves between the user and the server,” said Mr Kamluk.

Using such a network could allow malicious hackers to steal personal data and passwords, including those for accessing secret Web conference calls and online banking.

To protect sensitive data, always use a virtual private network or VPN, which creates a secure tunnel over a public network, said Mr Dmitry Volkov, chief executive of cyber-security firm Group-IB.

He also cautioned against downloading any software if a public Wi-Fi connection prompts individuals to do so. It could be malware, he said.

More On This Topic
Britain says allies’ unity unshaken by German army leak
German officer’s error in joining call from S’pore hotel caused military leak

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top