SAN FRANCISCO – (BUSINESS LIFE) –New stories this week about Pegasus’ spyware “show that a remote attacker can activate the camera and microphone of any cell phone to filter out calls or video meetings.
NSO Group, the Israeli manufacturer of Pegasus, claims that their system has never attacked a phone with an American phone number. But press reports indicate that Pegasus used telephones on American soil that had overseas numbers.
“The NSO is not the only hacking team in the world to have these capabilities,” said Chris Risley, CEO of Bastille Networks. “Other spyware from other countries will not have the same hesitation to infect American phones. So everyone should be concerned about allowing mobile phones in areas with confidential or classified information. ”
Spyware like Pegasus requires just one wrong click on a message or email to pass the entire phone to a remote bad guy. The phone remains under enemy control forever. In some cases, applications such as Pegasus can be installed even if the user never clicks the “trap” message. Given the ability of telephones to communicate their location, surveillance can only be set to start when the telephone enters certain target locations, such as R&D labs, Fortune 500 headquarters, film studio, secure government facilities, etc.
Policies to exclude mobile phones from sensitive areas or from meetings at “sensitive times” only work if they are supported by accurate mobile phone detection / location systems. The Bastille is trusted by the military, government, and Fortune 500 customers to immediately detect, locate, and warn of fraudulent cell phones and other RF-based devices throughout a facility.
“Bastille has been researching and detecting radio frequency and cellular intrusions for years and doing research for the government, and the Pegasus Projects, which report this week, need to get all businesses ready,” said Chris Risley, CEO of Bastille Networks. “Millions of vulnerable smartphones enter the workplace every day. A hacked smartphone can be used as a portal in the corporate network, putting at risk the sensitive and critical data of the organization to be violated. It is imperative to have security protocols to manage the safe use of smartphones in the workplace. If security teams don’t think smartphones in the facility are an important threat in July, they should certainly think they’re an important threat now. “
The US government is deeply concerned about radio frequency spying, as actors in nation states such as China, North Korea, Russia and Israel are very cunning in using radio frequency techniques to disrupt network security. The government has accepted the threat of RF espionage, and therefore government facilities with valuable secrets have policies to turn off RF devices such as mobile phones to keep the threats at bay. While some government and commercial buildings have protected areas where mobile phones or other RF transmitting devices are not allowed, the detection and locating of radio devices is largely based on the honor or one-time device scanning system. Unfortunately, nation states and other bad actors do not follow the system of honor, and one-time scans are just that: one-time and cannot monitor 24×7.
Only Bastille Enterprise can deliver:
- FULL VISIBILITY: Find all wireless / cellular devices and connections in your facilities, whether or not they are connected to your network.
- THREAT DETECTION: Discover that a device such as a Bluetooth device or cellular connection is transmitting data (and not just an employee listening to music).
- EXACT PLACE FOR THREAT: Find violators of your plan.
MUCH MORE THAN THE DETECTION OF A CELL CORE
Although generally considered to detect cell intrusions, the Bastille does much more than simply detect the presence of cell phones. Customers can set alerts based on the behavior of the wireless device. Examples include:
- COMPRESSED DEVICES: Basil basic equipment, all wireless devices (including cellular, Wi-Fi, Bluetooth and BLE) and their typical behavior and can warn when a device is compromised and behaves abnormally
- VIOLATIONS OF SECURE DATA: Signal when a enabled Bluetooth hearing aid performs unauthorized BLE pairing with a device outside the protected area; or find when a company desk phone joins a personal phone on the same desk.
- MDM improvement: Beep when a phone that is not controlled by mobile devices is turned on;
- INTERNAL THREATS: Alert when a device is seen in an unauthorized area, or forensic investigation to understand devices and their behavior from weeks or months ago
About the Bastille
Launched in 2014, Bastille is a leader in detecting corporate threats through software-defined radio. The Bastille provides full visibility of known and unknown mobile, wireless and Internet of Things devices in the corporate airspace of the enterprise – together known as the Internet of Radio Stations. Through its patented software-defined radio and machine learning technology, the Bastille recognizes, identifies and locates threats, giving security teams the ability to accurately quantify risk and mitigate air threats that could pose a threat to network infrastructure. For more information visit www.bastille.net and follow them on Twitter @bastillenet and LinkedIn.