I Spy With My Little… Phone? Yes, It Can Happen to You.

Smartphones today are with us everywhere… including the workplace and classified meetings. And therein lies the problem explains Chris Risley, CEO at Bastille Networks. Cell phones infected with spyware show no signs of compromise, giving attackers complete access to email, even encrypted email and messages, plain text messages, photographs, videos, recordings, locations, and notes stored on the phone.
Smartphones today are with us everywhere… including the workplace and classified meetings. And therein lies the problem explains Chris Risley, CEO at Bastille Networks. Cell phones infected with spyware show no signs of compromise, giving attackers complete access to email, even encrypted email and messages, plain text messages, photographs, videos, recordings, locations, and notes stored on the phone.

Guest OpEd by Chris Risley, CEO at Bastille Networks

The recent revelations surrounding the Pegasus Spyware and its ability to compromise mobile phones should have all government agencies and commercial enterprises on alert.

Pegasus is even reported to have compromised the phone of President Macron of France.

This means that an attacker could have listened in on every high-level military meeting, every security briefing and every confidential diplomatic meeting that the President attended.

(What is Pegasus spyware and what can it do? Pegasus spyware is capable of bypassing your phone’s security and gaining complete access to your device – including emails, messages, GPS location, photos, video, and your phone’s microphone. A Guardian investigation can now reveal widespread abuse of the Pegasus technology by government clients around the world who purchased the spyware from its Israeli manufacturer — the NSO Group. People who were selected as possible targets include journalists, lawyers and human rights defenders. Courtesy of The Guardian and YouTube. Posted on Jul 19, 2021.)

While the news about Pegasus Spyware focused on the individuals whose phones were hacked, the real story is the organizational secrets that were revealed because innocent people carried spy devices (their phones) into classified conversations.

While the Pegasus Spyware was intended to target criminals and terrorists, it is reported to have been used against dozens of business executives, government ministers, human rights workers, and even the King of Morocco.

This spyware infects iPhone and Android devices (until these disclosures many people had believed that iPhones were resistant to spyware, but 90% of the victims had iPhones).

The spyware gives attackers complete access to email, even encrypted email and messages, plain text messages, photographs, videos, recordings, locations, and notes stored on the phone. That’s news!

The even bigger news: the spyware allows the attacker to turn on the microphone and camera on the phone without any indication to the users that those functions are activated.

That means the attacker can listen in on every conversation in a room or every comment in a meeting.

That information can stream in real-time to anywhere in the world or it can be stored and sent later.

Pegasus’ creator, NSO Group, is located in Israel and because of the relationship with the USA and Israel, NSO has restricted Pegasus from hacking US phone numbers.

But don’t feel too comfortable about that! Pegasus isn’t the only spyware company.

Spyware made in Russia, China, or North Korea may not have the same restrictions about hacking US phone numbers.

"While prosecutors do not hesitate to obtain warrants when feasible, cell site information plays a pivotal role in the early stages of an investigation, winnowing out the unorganized mass of information that surrounds a crime and helping distinguish the guilty from the innocent." John M. Castellano
This is why enterprises and government agencies must not simply brush this off as a “it couldn’t happen here” scenario. It can happen anywhere!

Perhaps the most shocking aspect of the Pegasus disclosures is that the spyware can be planted remotely without any intervention from the user at all!

Earlier versions of spyware required the user to open a “trap message” or click on a link to launch the Spyware on their phone that allowed organizations to say “My employees are too smart to fall for a ‘click the link’ trap, we’re safe.”

However, the latest spyware versions send a message to the phone that the user never sees.

It arrives with no notification and gives itself their own permission to install the spyware without the user’s knowledge, meaning any employee no matter how loyal or security conscious can be, becomes a vehicle for carrying spyware into your most secret facilities and meeting rooms.

This is why enterprises and government agencies must not simply brush this off as a “it couldn’t happen here” scenario. It can happen anywhere!

What’s the fix? Sadly, the only answer is to keep cell phones out of your most classified meetings.

“Turning off your phone” won’t work. Modern cell phones are never really off. They are in different states of hibernation and spyware can wake them up when it wants.

Smartphones have more or less become an appendage for most people these days. When we leave the house, we check to make sure we have our wallet, keys and phone.

They are with us everywhere… including the workplace.

And therein lies the problem. Cell phones infected with spyware show no signs of compromise.

The one in your pocket right now may be infected with spyware. When you have hundreds or even thousands of employees walking into an office building each day, the potential for an attack grows exponentially.

So, short of banning all smartphones from a facility (not a likely scenario), can government facilities and commercial enterprises actually protect themselves against this ever-increasing threat?

That means the attacker can listen in on every conversation in a room or every comment in a meeting. That information can stream in real-time to anywhere in the world or it can be stored and sent later.
That means the attacker can listen in on every conversation in a room or every comment in a meeting.
That information can stream in real-time to anywhere in the world or it can be stored and sent later.

Yes, they can. It is imperative to have security protocols in place to manage the secure use of smartphones in the workplace.

Combining a thorough security posture with cutting-edge technology to identify potentially rogue devices, security teams can go on the offensive to prevent such an attack.

Best practices include:

Trust is not an option.

  • Simply trusting your employees is no longer enough.

  • Completely trustworthy employees may be carrying a phone that has been invisibly infected with spyware.

Establish classified/no phone areas.

  • Letting a phone ride in the pocket of an employee risks having “uninvited guests” join your organization’s internal conversations.

  • Enterprises must establish and enforce a clear no-phone policy for sensitive areas for employees to follow.

Implement a cell phone detection/location system.

  • Policies to exclude cell phones from sensitive areas, or from meetings at “sensitive moments” only work if they are backed with accurate cell phone detection/location systems.

While these cellular-related threats are just now appearing on the radar for some organizations, Bastille has been ahead of the curve, developing its radio frequency (RF) and cellular intrusion detection system for the enterprise to ensure there are no non-authorized cell phones and therefore no infected phones in sensitive areas.

(See how Bastille can detect, identify and locate cell phones using only their cellular signal. Courtesy of Bastille and YouTube.)

Bastille is trusted by Fortune 500 customers, military and government to instantly detect, locate and alert on the presence of rogue cell phones and other RF-based devices anywhere within a facility.

It detects and locates unauthorized cellphones to produce an accurate dots-on-the-floor-plan of a facility, offering security teams situational awareness with features such as geofencing, hotspot detection, SIEMS integration, and DVR forensics.

Bastille customers can detect and locate all the cellphones in their facilities whether or not those phones have Wi-Fi or Bluetooth turned on.

Bastille Enterprise can deliver:

  • COMPLETE VISIBILITY: Detect all the wireless/cellular devices and connections in your facilities whether or not they have connected to your network.

  • THREAT DETECTION: Detect that a device such as one with a Bluetooth or cellular connection is transmitting data (and is not just an employee listening to music).

  • ACCURATE THREAT LOCATION: Locate offending devices on your floor plan.

If you haven’t been thinking about securing smartphones in the workplace, the spotlight on the Pegasus Spyware should serve as a wake-up call.

The advancements in spyware are real and will only continue to improve and become more available to bad actors. Fortunately, advancements in cybersecurity technology are also real, with solutions such as Bastille Enterprise providing powerful and effective protection to keep organizations safe.

It only takes one infected smartphone to infiltrate an enterprise. Are you willing to take the chance it won’t happen to your organization?

For more information on Bastille Enterprise, go to https://www.bastille.net/solutions/introduction.

About the Author

Chris Risley, Chief Executive Officer at Bastille
Chris Risley, Chief Executive Officer at Bastille

Chris Risley has over 25 years of software business experience during which he has led nine venture-backed startups resulting in one IPO and four sales to public companies.

Most recently Risley was CEO of Defense.Net which sold to F5 Networks. Prior to this Chris was Chairman of StreamBase which sold to TIBCO.

Risley was also CEO of Digital Reef until it was acquired by TransPerfect in late 2012.

Before that Risley was CEO of Nominum, Inc. acquired by Akamai, Risley’s background also includes service as CEO of NewChannel, an eBusiness service provider sold to LivePerson, and as Chairman and CEO of ON Technology Corp., a network security software provider acquired by Symantec.

Related Technologies…

Cellbusters Takes Platinum forBest Cell Phone Detection Solution in 2020 ‘ASTORS’ Awards 

American Security Today’s ‘ASTORS’ Homeland Security Awards program is today in its Sixth Year and continues to recognize the Outstanding Innovations of top firms and agencies in the Homeland Security and Public Safety fields.

The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.

Transportation Security Administration (TSA) Administer, David Pekoske
David Pekoske, Transportation Security Administration (TSA) Administer

American Security Today is pleased to announce TSA Administrator  David Pekoske, will join the organization as a featured speaker at the 2021 ‘ASTORS’ Homeland Security Awards Presentation Luncheon, on November 18, 2021 at ISC East in New York City.

“On the heels of an unprecedented global pandemic, continued unrest in our cities and potentially catastrophic cyberattacks on our nations critical infrastructure, the focus of the 2021 ‘ASTORS’ Awards Luncheon will be on the latest, state-of-the-art innovations that are driving investments in new public security and safety technologies and systems,” said AST Editorial and Managing Director Tammy Waitt.

“As a recognized expert in crisis management, strategic planning, innovation and aviation, surface transportation and maritime security, David Pekoske’s message highlighting his top priorities and challenges for the TSA based on his years of wide-ranging experience will be critical to our attendees internalizing the critical nature of these escalating challenges, and realizing innovative new approaches to meet them.”

Cellbusters

Best Cell Phone Detection Solution

  • Zone Protector

  • The Zone Protector™ from Cellbusters provides maximum protection for your environment by continuously scanning for cell phone and user selectable RF transmissions, and is far more sophisticated than a cell phone detector.

  • Comparable to a spectrum analyzer, the Zone Protector™ has the ability to scan user-definable frequency ranges along with the ability to alert, notify, control a third party device, or simply log as soon as it detects relevant transmission activity.

The Zone Protector™ is the ultimate detection device. It is capable of detecting all cell phones (any carrier and any protocol in all countries) when the phone is in standby mode, texting, making a call or transmitting data.
The Zone Protector™ is the ultimate detection device. It is capable of detecting all cell phones (any carrier and any protocol in all countries) when the phone is in standby mode, texting, making a call or transmitting data.
  • Precise frequency filtering technology, managed and controlled by a 32-bit microprocessor, enables the Zone Protector™ to deliver accurate detection with virtually zero false positives.

  • Once cellular or appropriate RF activity is detected, the Zone Protector™ can be set to activate a choice of alerting options or to silently log all detected activity.

  • Additionally, Cellbusters Zone Protector has now been updated to detect 5G phones, proving a leading edge in the market, and protects investment in this technology for years to come.

(See a quick overview of the Zone Protector and the Zone Manger, both cell phone detection technology from Cellbusters. Courtesy of Cellbusters and YouTube.)

  • *Cellbusters was also recognized in the 2019, 2018 and 2017 ‘ASTORS’ Awards Programs.

The 2021 ‘ASTORS’ Awards Program is Proudly Sponsored by AMAROK, Fortior Solutions  and SIMS Software, along with Returning Premier Sponsors ATI SystemsAttivo Networks,  Automatic Systems, and Reed Exhibitions.

The 2021 ‘ASTORS’ Awards Program is Proudly Sponsored by AMAROK and SIMS Software, along with Returning Premier Sponsors
ATI SystemsAttivo NetworksAutomatic Systems, and Reed Exhibitions.

Nominations are currently being accepted for the 2021 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.

Comprehensive List of Categories Include:

Access Control/ Identification Personal/Protective Equipment Law Enforcement Counter Terrorism
Perimeter Barrier/ Deterrent System Interagency Interdiction Operation Cloud Computing/Storage Solution
Facial/IRIS Recognition Body Worn Video Product Cyber Security
Video Surveillance/VMS Mobile Technology Anti-Malware
Audio Analytics Disaster Preparedness ID Management
Thermal/Infrared Camera Mass Notification System Fire & Safety
Metal/Weapon Detection Rescue Operations Critical Infrastructure
License Plate Recognition Detection Products And Many Others!
COVID Innovations And Many Others!

 

Don’t see a Direct Hit for your Product, Agency or Organization?

The World Health Organization (WHO) declared the 2019–20 coronavirus outbreak a Public Health Emergency of International Concern (PHEIC) on 30 January 2020 and a pandemic on 11 March 2020. Local transmission of the disease has occurred across all fifty states in the America.

With the unprecedented occurrence of the COVID-19 pandemic, the focus of the safety and security industries has realized the need to increase innovations to address the daily growing challenges.

As such AST aims to make sure these firms and professionals are reflected in the 2021 ‘ASTORS’ Awards Program, so we’d like to encourage you to submit appropriate categories recommendations and include COVID-19 Frontline Professionals in your Nominations to see that these Professionals, Facilities, and Vendors receive the Recognition they Deserve!

Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: mmadsen@americansecuritytoday.com.

2019 'ASTORS' Awards Program Banquet Luncheon
2019 ‘ASTORS’ Awards Program Banquet Luncheon

Register for the 2021 ‘ASTORS’ Luncheon Today

At ISC East 2021 you with the opportunity to interact with a broad array of security industry professionals.

ISC East works closely with other businesses in the security and public safety space to help bring together the Northeast’s largest security trade show each year.

The 'ASTORS' Awards Luncheon featured an impassioned and compelling keynote address by William (Bill) Bratton, former police commissioner of the NYPD twice, the BPD, and former chief of the LAPD, on the history of policing in America and the evolution of critical communication capabilities in our post 9/11 landscape.
The 2019 ‘ASTORS’ Awards Luncheon featured an impassioned and compelling keynote address by William (Bill) Bratton, former police commissioner of the NYPD twice, the BPD, and former chief of the LAPD, on the history of policing in America and the evolution of critical communication capabilities in our post 9/11 landscape.

In collaboration with premier sponsor SIA (Security Industry Association) and in partnership with ASIS NYC, ISC East is proud to work with and be supported by various associations, trade publications, charities, and more.

Therefore, the ISC audience of security dealers, installers, integrators, consultants, corporate, government and law enforcement/first responder practitioners will be joined by the ASIS NYC audience of major corporate managerial-through-director-level national and global security executives.

The combination of one-on-one conversations with the industry’s top innovators,  integrators and security executives, special events, high-quality education and training, and strong support from industry associations, will allow attendees to learn and evaluate solutions from leading security exhibitors and brands. 

The 2019 ‘ASTORS’ Awards Program surpassed expectations with a record number of nominations received from industry leaders and government agencies, and drew over 200 attendees to the ‘ASTORS’ Awards Presentation Banquet – an exclusive gourmet luncheon and networking opportunity which filled to capacity, before having to turn away late registrants.

Your ‘ASTORS’ Awards Luncheon registration includes complimentary attendee access to ISC East – Thank take advantage of this exclusive luncheon opportunity to take a break from the show – Invite your team, guests, clients and show visitors to a lovely and affordable plated meal event in the heart of New York City, for  a fabulous networking opportunity!

Go to https://americansecuritytoday.com/product/awards-luncheon/ to secure your seat or reserve a table.

***Limited space available so Register Today. There will be no on-site registrations.

Why American Security Today?

The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.

The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.

American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State and local levels of government as well as firms allied to government.

American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers eyes throughout the story with cutting edge editorial that provides solutions to their challenges.

Harness the Power of the Web – with our 100% Mobile Friendly Publications

AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.
AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.

The AST Digital Publications is distributed to over 75,000 qualified government and homeland security professionals in federal, state and local levels.

‘PROTECTING OUR NATION, ONE CITY AT A TIME’

AST Reaches both Private & Public Experts, essential to meeting these new challenges.

Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.

American Security Today

These experts are from Government at the federal, state and local level as well as from private firms allied to government.

AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.

AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.

Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.

To learn more about the 2020 ‘ASTORS’ Homeland Security Award Winners solutions, Check Out the New 2020 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2020 ‘A Year in Review’.

The Annual CHAMPIONS edition includes a review of the ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firms products and services, includes video interviews and more.

It is your Go-To source throughout the year for ‘The Best of 2020 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and organization’s most pressing Homeland Security and Public Safety needs.

From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2020 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.

It also includes featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2020 ‘ASTORS’ Awards Program.

  • For a complete list of 2020 ‘ASTORS’ Award Winners, click here.

For more information on All Things American Security Today, and the 2021 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.

AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:

  • Provides named sources
  • Reported by more than one notable outlet
  • Includes supporting video, direct statements, or photos

Subscribe to the AST Daily News Alert Here.