Pegasus Spyware Highlight Urgent Need for Bastille Enterprise to Detect and Locate Compromised Cell Phones
New stories this week about Pegasus "Spyware" show that a remote attacker can activate the camera and microphone on any cell phone to exfiltrate conversations or video meetings.
NSO Group, the Israeli maker of Pegasus, claims that their system is designed never to attack a phone with a U.S. phone number. But press reports suggest that Pegasus has exploited phones on U.S. soil which had overseas numbers.
"NSO isn't the only hacker team in the world that has these capabilities," said Chris Risley, CEO of Bastille Networks. "Other spyware from other nations won't have the same hesitation to infect US phones. So, everyone should have heightened concern about allowing cell phones in areas with confidential or classified information."
Spyware such as Pegasus only requires one errant click on a message or email to turn the whole phone over to a remote bad guy. The phone stays under hostile control forever. In some cases, applications like Pegasus can be installed even if the user never clicks the "trap" message. Given the ability for phones to communicate their location, surveillance can be set to begin only when a phone enters certain target locations e.g. R&D labs, Fortune 500 HQ, Film Studio, secure government facilities, etc.
Policies to exclude cell phones from sensitive areas, or from meetings at "sensitive moments" only work if they are backed with accurate cell phone detection/location systems. Bastille is trusted by military, government and Fortune 500 customers to instantly detect, locate and alert on the presence of rogue cell phones and other RF based devices anywhere within a facility.
"Bastille has been doing RF and Cellular Intrusion (News - Alert) Detection and research for the Government for years and the Pegasus Projects reporting this week should put all enterprises on alert," said Chris Risley, CEO at Bastille Networks. "Millions of vulnerable smartphones enter workplaces daily. A hacked smartphone can be used as a portal into an enterprise's network, putting the organization's sensitive and critical data at risk of being breached. It is imperative to have security protocols in place to manage the secure use of smartphones in the workplace. If security teams didn't think smartphones in the facility were an important threat in July, they certainly should think they are an important threat now."
The U.S. government is highly concerned about RF espionage because nation state actors such as China, North Korea, Russia, and Israel are very savvy at employing RF techniques to breach network security. The government ha accepted the threat of RF espionage and because of this, government facilities with valuable secrets have policies to exclude RF devices such as cell phones to keep the threats at bay. While some government and commercial buildings have secure areas where no cell phones or other RF-emitting devices are allowed, detecting and locating radio-enabled devices is largely based on the honor system or one-time scans for devices. Unfortunately, nation states and other bad actors do not follow the honor system and one-time scans are just that: one time and cannot monitor 24x7.
Only Bastille Enterprise can deliver:
A LOT MORE THAN CELLULAR INTRUSION DETECTION
Though commonly thought of as Cellular Intrusion Detection, Bastille does a lot more than merely detecting the presence of cell phones. Customers can set up alerts based on wireless device behavior. Examples include:
Launched in 2014, Bastille is the leader in enterprise threat detection through software-defined radio. Bastille provides full visibility into the known and unknown mobile, wireless and Internet of Things devices inside an enterprise's corporate airspace-together known as the Internet of Radios. Through its patented software-defined radio and machine learning technology, Bastille senses, identifies and localizes threats, providing security teams the ability to accurately quantify risk and mitigate airborne threats that could pose a danger to network infrastructure. For more information, visit www.bastille.net and follow them on Twitter @bastillenet and LinkedIn.
NB-IoT - A 5G Technology for Smart Cities
Strategies in Warehouse Management
NB-IoT: Real-world Cases that Power a World of Possibilities