Mobile Phone Scanning

This topic contains 8 replies, has 7 voices, and was last updated by  24772433 6 years, 7 months ago.

  • Author
    Posts
  • #7937
     yomchi 
    Participant

    As an IT Security specialist where I work, one of our policies is to ensure that NO personal mobile phones are allowed on the “shop floor” of our organisation given the type of data that we deal with. Apologies if this is the wrong place to ask but does anyone have any experience in mobile phone detection. We have a mobile phone scanner which can detect 2G/3G signals. This is all well and good but it can be very hit and miss. Obviously if a phone is turned off or in “airplane mode” we don’t get a signal detected. Are we fighting a losing battle or can someone suggest a better way to detect mobile phone signals in an enterprise environments?
    Thank you in advance!

  • #50197
     hayabusa 
    Participant

    Don’t know, offhand, but I’ll bet EH’s columnist, Georgia Weidman, might be a good person to ask…

    http://www.ethicalhacker.net/content/view/445/24/

  • #50198
     tturner 
    Participant

    The way I see it your 2 most realistic options:

    Physical security looking specifically for those things at the door if your security needs justify going to those length.

    Using RF mechanisms via Bluetooth, WiFi or NFC at key ingress and egress points and potentially throughout the facility. Obviously turning off a device would prevent that from being effective but sometimes the low tech option is the best.

    Have to reinforce with policy of course 🙂

    I suppose you could also implement a reward system for reporting policy violations if you want to build that type of culture. I’m not sure I like those programs though to be honest.

  • #50199
     Jamie.R 
    Participant

    There are products on the market that build secure sandboxes on a mobile. If used in corporate world you can use policy to lock the device down so you can disable wireless so on.

    One such product is DME by excitor.

  • #50200
     georgia 
    Participant

    I’ve been to a couple places where they don’t allow phones. This becomes a problem when they want me to give a talk :P. As for enforcement. Your best bet might be metal detectors honestly. Whereas it is possible to detect and even jam signals, much the same way many organizations do with rogue wireless access points, if you worry is data exfultration, then having a phone in airplane mode taking pictures to send out later won’t be stopped by this. Definitely a hard question.

  • #50201
     tturner 
    Participant

    Along these lines, think about why you want to ban cellular phones or whether the intent is consistent. What I mean by this, do phones represent the only avenue of exfiltration for the data you are trying to protect and are you considering other vectors as well? Camera phones are a great example. I worked in healthcare for about 6 years (not currently) and a common policy for the health depts I audited was not allowing cellular phones in common areas, or disabling camera function on enterprise smartphones. Yet there was no policy governing digital cameras. This is an example of where application of controls are not consistent with the intent of the control. Just something to think about.

  • #50202
     24772433 
    Participant

    I was at a UK millitary establishment in Wiltshire last year and given the nature of their work ALL mobile (cellular) phones are prohibited and have to be checked in at Security. To enforce the policy they used scanners which will detect phones, even when switched off as they will still emit RF (unless the battery is removed).

    I don’t know the make of the scanners but this link from the US might be the answer.

    http://www.ntia.doc.gov/files/ntia/comments/100504212-0212-01/attachments/REI-ORION-NLJD-Detects_Cell_Phones_In_Prisons.pdf

  • #50203
     amol_d 
    Participant

    Using a good RF scanner will work but like you said its not going to help much if the phones are off. Not to trivialize the issue, but a security guard that can frisk visitors will mitigate that risk to a large extent. Have lockers for visitors to put in their bags/purses etc before they enter the secure area.
    What is the purpose of not allowing mobiles by the way? Is it to prevent people from taking pics? If so then the above physcial security issues would help in mitigating the risk. If it is more for preventing visitors from making phone calls while in the secure area, you can also consider moving the very high risk processes (eg cryptographic key generation) into a Tempest room/ Faraday cage which blocks RF signals from going out/coming in. thats really expensive though!

  • #50204
     24772433 
    Participant

    Just to clarify, if the phone is switched off, it will still emit a RF signal and be detected by the scanner. SOP is to remove the phone’s battery to prevent detection.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?