On November 21, 2011, Bit9 released its ‘Dirty Dozen’ of unsecured smartphones for 2011. The following is an excerpt of that news release:
11.21.11 – Waltham, Mass. – Bit9, the market leader in advanced threat protection and server security software, today published a new report highlighting the most vulnerable popular smartphones in use today. The devices on the list pose the most serious security and privacy risk to consumers and corporations. In the Bit9 research report, Android phones own the list, accounting for every single spot, 1-12, in the “Dirty Dozen” list of most vulnerable mobile devices; with the Samsung Galaxy Mini taking the top spot, and the HTC Desire and the Sony Ericsson Xperia X10 rounding out the top three.
“Smartphones are the new laptop and represent the fastest emerging threat vector,” said Harry Sverdlove, CTO of Bit9. “In our bring-your-own-device work culture, people are using their smartphones for both personal and business use, and attacks on these devices are on the rise. This dynamic is changing the way corporations think about protecting their confidential data and intellectual property. This is the new security frontier.”
RMA TSCM operators have long felt that the appearance and greater use of wireless and cyber communications have created new and critical vulnerabilities for the integrity of processes and the security of intellectual property. There seems to be a cavalier attitude about cellular communications – probably based on the difficulty of singling out a specific call or text from the entire communications band. Just like computers, the smartphones themselves can be clandestinely accessed and compromised. Compromising the smartphone itself eliminates the difficult task of grabbing a random radio frequency pair out of thin air. Smartphones retain a lot of data and communications information that can be hacked, and they can even be used as surreptitious GPS trackers.
As RMA has said for years, the old TSCM comfort zone can no longer be supported or assured by relying solely on electronic sweeps of sensitive areas. Electronic sweeps for devices of external origin must be accompanied by a serious operational security (OPSEC) program that addresses the ubiquitous presence of smartphones in sensitive areas. An OPSEC program must also address miniature digital recorders that can be placed and recovered for transient eavesdropping. Finally, programs must consider the integrity of the IT system (and staff) over which everything from telephone calls to critical research data is carried and stored.
Practically everything electronic that we use can be turned against us if we aren’t careful.
Plan. Protect. Prosper.
Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.