Posts Tagged :

mobile phones

Government staff losing too many devices, creating security headaches

960 640 Stuart O'Brien

Government staff in the UK lost 508 mobile and laptop devices between January and April 2018, highlighting that mobile device security remains as important as ever for public sector organisations in the UK.

The data comes via MobileIron, which made a Freedom of Information (FoI) request via nine ministerial departments from within the UK Government – all nine of the departments contacted responded with the relevant data.

The FoI request also found that only 10% of devices lost by public sector employees are ever recovered. MobileIron says with the average enterprise using up to almost 1,000 cloud-based applications, the security risks presented by the volume of data that might be exposed when a device is lost or stolen becomes clear.

In fact, a recent Bitglass breach report found that lost and stolen devices account for one in four breaches in the financial services sector. To reduce the risk of being breached, MobileIron says companies need to implement an ‘always verify, never trust’ approach that establishes complete control over their business data, wherever it lives.

David Critchley, MobileIron’s Regional Director, UK&I, said: “As the amount of business data that flows across devices, apps, networks, and cloud services continues to increase, it is essential that organisations have the right security protocols in place to minimise risk and prevent unauthorized access to sensitive data if a device is lost or stolen. Even one lost or stolen device provides a goldmine of readily accessible and highly critical data to potential fraudsters and hackers.

“All organisations should move beyond standard password-based security protocols and implement a mobile-centric zero trust model. This approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. The zero trust model allows organisations, including government departments, to significantly reduce risk by giving them complete control over their business data – even on lost or stolen devices.”

Image by William Iven from Pixabay

Mobile Phone

INDUSTRY SPOTLIGHT: Is someone hacking your mobile phone?

960 640 Stuart O'Brien

Mobile phone fraud and interception is becoming an ever-increasing headache for businesses.

Interception has been an issue since day one, with the technology to achieve it becoming more advanced in order to keep up with the frantic evolution and capability of cellular devices.

Many businesses are reliant on mobile phones, for not only conversations and text messaging, but also emails, remote network access, even banking. This information makes the ability to intercept and take control remotely of another mobile phone an extremely lucrative pastime.

This article will focus primarily on the interception of cellular traffic, how it is achieved and what can be done to protect yourself or your company from an attacker.

How is it done?

The UK has mobile phone towers distributed all over to allow coverage wherever you travel. As you move around your mobile phone will be communicating with these towers to ensure that it is always connected to the one with the strongest signal, or the available capacity to handle the requirements of the cellular device. Each mobile phone tower has a unique identifier so the phone knows which one it is talking to and will hand over to the next tower when the signal diminishes. Fake towers will mimic this identifier, effectively cloaking the genuine one thereby invisible on the network.

If a fake / spoofed mobile phone tower pops up and provides the strongest signal your phone may jump onto that tower and begin transmitting your calls, texts and data through this illicit tower. The fake tower will be able to listen into your calls and read your texts as they pass through, and perhaps worse has the capability to emulate your phone and send malicious messages or calls pretending to be you. This can be exploited in an endless number of ways, for example; the illicit tower could;

  • message your boss letting saying you’d like to resign
  • message employees explaining they must attend a meeting, thereby leaving the attacker free to take advantage of unattended areas/reports, etc
  • message people requesting information they are likely to give to someone (they think) they know

How to protect yourself and your company.

Fake mobile phone towers cause latency on the network. This may mean that you notice your phone is taking slightly longer to connect or, due to less expensive transmitters and receivers, the quality of your call may be affected. Some smart phones will allow you to identify which towers are supporting your network by showing you the unique identifiers. It is possible to notice a difference in tower number or even a change in your usual signal strength.

The best accurate and reliable method would be to utilize equipment such as an AIDA. This will monitor all cell towers in the area. Should a new tower be detected it will not only alert you that a possible threat is out there but it will also calculate it’s precise location and allow you to neutralize the threat.

Esoteric can assist in any questions or concerns you may have regarding this.