OpEd by Dr. Bill Anderson, President of CIS Mobile
In theory, smartphones are a great source of productivity, combining mobile telephone and computing functions into a single unit that provides users with instant communications, internet access, multimedia functionality, and more.
While all of that is certainly true, smartphones are also one of the biggest internal attack vectors on the market today – highly promiscuous networking devices with multiple cameras, microphones, and radio features that generate a constant stream of detailed data about the user even when those features are turned off.
A 2018 study by Vanderbilt University demonstrated that a stationary smartphone running Google’s Android operating system and Chrome sent data to the company’s servers 14 times an hour on average, 24 hours a day.
The reason for this regular flow of data is pretty obvious: making smartphones secure is fundamentally at odds with the business models of the companies making them.
These companies need a path to monetization, and selling targeted advertising by providing detailed information about users’ smartphone activity is it.
While collecting such data may be, at most, an annoyance for the average consumer, it represents a major dilemma for defense and intelligence workers, as well as others engaged in high-security initiatives.
These individuals still need their smartphones for the productivity benefits they provide.
Unfortunately, the data their smartphones produce can be used to uncover their identity and whereabouts or gain intelligence to subvert them, potentially putting them at high risk.
All of this has left governments and other organizations in which security is of paramount importance with two choices:
-
Either accept the fact that security risks are likely to be present in employees’ smartphones,
-
Or eliminate all consumer-grade devices entirely and equip workers with custom-built, highly secure devices instead.
Clearly, neither of these options is viable. Simply resigning yourself to security risks could put vital information (and potentially employee lives) at stake.
Using custom-built smartphones, on the other hand, is typically prohibitive due to their high cost and the lengthy design and implementation cycles which sometimes render such devices obsolete before they are even released.
Beyond that, custom-built devices often lack access to popular apps, so users continue to carry their own phones, completely defeating the purpose of having a customized smartphone.
Most secure organizations pair their commercial smartphones with mobile device management (MDM) systems. MDM does a decent job in reducing risks from malware and dealing with lost or stolen devices.
Unfortunately, the organizations in control are still the original equipment manufacturer (OEM), the MDM, and the carrier, not the government agency or private business.
While the MDM can attempt to shut off apps and other features, the device will still send sensitive data to the OEM and ad tracking platforms.
It will also secretly turn on Wi-Fi and Bluetooth to determine location.
Given this, the best strategy may be to modify the smartphone as needed, while maintaining the functionality and attributes that make it great in the first place.
In order to provide verifiable control over access to device interfaces and location, and ensure that leaky apps such as Maps and social media channels don’t communicate when you don’t want them to, government agencies and high-security organizations must possess the capability to:
-
Override smartphones’ built-in data collection capabilities;
-
Control device tracking of user location and activities;
-
Limit advertising tracking codes; and
-
Disable Cellular Wi-Fi and Bluetooth at certain times.
To that end, modified smartphones ideally should include the following:
A Verified Boot Procedure:
-
The Boot procedure verifies the authenticity and integrity of each successive step in starting the phone, ensuring that the operating system running on the phone has not been modified unexpectedly.
Operating System Controls:
-
The operating system directly controls access to device services (radios, cameras, microphones, and other sensors).
-
As such, it can also be used to gate access to these features.
-
Trustworthy implementations must demonstrate that they can ensure complete control over the designated functionality, preventing user applications and third-party services from using them without authorization.
Policy Management on System Controls:
-
There are a variety of use cases for secure smartphones, so a platform that can be easily redefined to suit the organization’s needs is essential.
-
Because hard-coding specialty solutions for each deployment is both expensive and time-consuming, operational efficiency demands policies that are manageable through a user-controlled policy management system capable of applying changes to devices already in the field.
Security Update System:
-
A security-mobile platform must be able to push regular security updates to the user’s smartphone to keep them safe from emerging vulnerabilities.
-
Ideally for operational efficiency, these should be distributed from the user’s management system using an over-the-air secure update mechanism.
Control/Disable Third-Party Tracking:
-
Smartphones based on iOS and Android have extensive, built-in user data collection systems which collect information about user activities, contacts, applications, location, calls, texts, and other data.
-
A secure solution must prevent this tracking to avoid risk to users and their sensitive data.
A close look at most consumer-based smartphones will confirm they are not up to the task of protecting government users. While the basic platforms are well secured, they are built around data collection engines that neither the OEMs or the MDMs can turn off.
What is needed is a solution designed to be independent of the commercial entanglements that put advertising revenue ahead of user privacy.
Smartphones are already an essential tool for consumers and enterprises and are becoming more accepted in the government domain.
But for those working for certain government agencies and private companies in which high security is a necessity, making certain those devices are modified in a way that protects both vital information and the users themselves from being compromised is just as important.
Smartphone security demands absolute certainty of control over all of those signals that your device may be sending, with or without your knowledge.
About the Author
Dr. Bill Anderson serves as the President of CIS Mobile, a subsidiary of CIS Secure Computing, CIS Mobile has a mission to address Government needs for a modern, convenient, and secure mobility platform.
Its altOS platform is designed to ensure optimal protection for mission-critical operations with the latest off-the-shelf smartphones.
For more information, visit https://cismobile.com/.
(OEM smartphones put government data at risk because they are built around collecting data to monetize the user. Even approved government-certified devices leak user location, application use, and metadata back to 3rd party collectors. altOS is different. It was built exclusively for secure government use, using Android as a base but adding policy controls, secure containers, and management features into the platform. Courtesy of CIS Mobile and YouTube.)
Related Technology…
Cellbusters ‘Best Cell Phone Detection Solution’ Returns to Compete in
2021 ‘ASTORS’ Awards Program
American Security Today’s ‘ASTORS’ Homeland Security Awards program is today in its Sixth Year and continues to recognize the Outstanding Innovations of top firms and agencies in the Homeland Security and Public Safety fields.
The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.
American Security Today is pleased to announce TSA Administrator David Pekoske, will join the organization as a featured speaker at the 2021 ‘ASTORS’ Homeland Security Awards Presentation Luncheon, on November 18, 2021 at ISC East in New York City.
“On the heels of an unprecedented global pandemic, continued unrest in our cities and potentially catastrophic cyberattacks on our nations critical infrastructure, the focus of the 2021 ‘ASTORS’ Awards Luncheon will be on the latest, state-of-the-art innovations that are driving investments in new public security and safety technologies and systems,” said AST Editorial and Managing Director Tammy Waitt.
“As a recognized expert in crisis management, strategic planning, innovation and aviation, surface transportation and maritime security, David Pekoske’s message highlighting his top priorities and challenges for the TSA based on his years of wide-ranging experience will be critical to our attendees internalizing the critical nature of these escalating challenges, and realizing innovative new approaches to meet them.”
The 2021 ‘ASTORS’ Awards Program is Proudly Sponsored by AMAROK, Fortior Solutions and SIMS Software, along with Returning Premier Sponsors ATI Systems, Attivo Networks, Automatic Systems, and Reed Exhibitions.
Nominations are currently being accepted for the 2021 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.
Comprehensive List of Categories Include:
| Access Control/ Identification | Personal/Protective Equipment | Law Enforcement Counter Terrorism |
| Perimeter Barrier/ Deterrent System | Interagency Interdiction Operation | Cloud Computing/Storage Solution |
| Facial/IRIS Recognition | Body Worn Video Product | Cyber Security |
| Video Surveillance/VMS | Mobile Technology | Anti-Malware |
| Audio Analytics | Disaster Preparedness | ID Management |
| Thermal/Infrared Camera | Mass Notification System | Fire & Safety |
| Metal/Weapon Detection | Rescue Operations | Critical Infrastructure |
| License Plate Recognition | Detection Products | COVID Innovations |
| Workforce Management | Government Security Programs | And Many Others to Choose From! |
Don’t see a Direct Hit for your Product, Agency or Organization?
Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: mmadsen@americansecuritytoday.com.
Register for the 2021 ‘ASTORS’ Luncheon Today
At ISC East 2021 you with the opportunity to interact with a broad array of security industry professionals.
Legendary Police Commissioner Bill Bratton of the NYPD, the BPD and former Chief of the LAPD, will join the 2021 ‘ASTORS’ Homeland Security Awards Luncheon on November 17th, to sign copies of his new book ‘The Profession: A Memoir of Community, Race, and the Arc of Policing in America’.
ISC East works closely with other businesses in the security and public safety space to help bring together the Northeast’s largest security trade show each year.
In collaboration with premier sponsor SIA (Security Industry Association) and in partnership with ASIS NYC, ISC East is proud to work with and be supported by various associations, trade publications, charities, and more.
Therefore, the ISC audience of security dealers, installers, integrators, consultants, corporate, government and law enforcement/first responder practitioners will be joined by the ASIS NYC audience of major corporate managerial-through-director-level national and global security executives.
The combination of one-on-one conversations with the industry’s top innovators, integrators and security executives, special events, high-quality education and training, and strong support from industry associations, will allow attendees to learn and evaluate solutions from leading security exhibitors and brands.
With the integration of the Natural Disaster and Emergency Management (NDEM) Expo, the show is moving even further into our reader’s wheelhouse!
Your ‘ASTORS’ Awards Luncheon registration includes complimentary attendee access to both ISC East – and NDEM!
Thank take advantage of this exclusive luncheon opportunity to take a break from the show – Invite your team, guests, clients and show visitors to a lovely and affordable plated meal event in the heart of New York City, for a fabulous networking opportunity!
Go to https://americansecuritytoday.com/product/awards-luncheon/ to secure your seat or reserve a table.
***Early Registration Discount Ends November 1. Limited space available so Register Today. There will be no on-site registrations.
Why American Security Today?
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State and local levels of government as well as firms allied to government.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers eyes throughout the story with cutting edge editorial that provides solutions to their challenges.
Harness the Power of the Web – with our 100% Mobile Friendly Publications
The AST Digital Publications is distributed to over 75,000 qualified government and homeland security professionals in federal, state and local levels.
‘PROTECTING OUR NATION, ONE CITY AT A TIME’
AST Reaches both Private & Public Experts, essential to meeting these new challenges.
Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
These experts are from Government at the federal, state and local level as well as from private firms allied to government.
AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.
AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.
To learn more about the 2020 ‘ASTORS’ Homeland Security Award Winners solutions, Check Out the New 2020 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2020 ‘A Year in Review’.
The Annual CHAMPIONS edition includes a review of the ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firms products and services, includes video interviews and more.
It is your Go-To source throughout the year for ‘The Best of 2020 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and organization’s most pressing Homeland Security and Public Safety needs.
From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2020 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.
It also includes featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2020 ‘ASTORS’ Awards Program.
-
For a complete list of 2020 ‘ASTORS’ Award Winners, click here.
For more information on All Things American Security Today, and the 2021 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos
Subscribe to the AST Daily News Alert Here.
Learn More…
Cellbusters Returns to Compete in 2021 ‘ASTORS’ Awards Program
