This topic contains 8 replies, has 7 voices, and was last updated by 
-
Posts
-
As an IT Security specialist where I work, one of our policies is to ensure that NO personal mobile phones are allowed on the “shop floor” of our organisation given the type of data that we deal with. Apologies if this is the wrong place to ask but does anyone have any experience in mobile phone detection. We have a mobile phone scanner which can detect 2G/3G signals. This is all well and good but it can be very hit and miss. Obviously if a phone is turned off or in “airplane mode” we don’t get a signal detected. Are we fighting a losing battle or can someone suggest a better way to detect mobile phone signals in an enterprise environments?
Thank you in advance! -
Don’t know, offhand, but I’ll bet EH’s columnist, Georgia Weidman, might be a good person to ask…
-
The way I see it your 2 most realistic options:
Physical security looking specifically for those things at the door if your security needs justify going to those length.
Using RF mechanisms via Bluetooth, WiFi or NFC at key ingress and egress points and potentially throughout the facility. Obviously turning off a device would prevent that from being effective but sometimes the low tech option is the best.
Have to reinforce with policy of course 🙂
I suppose you could also implement a reward system for reporting policy violations if you want to build that type of culture. I’m not sure I like those programs though to be honest.
-
There are products on the market that build secure sandboxes on a mobile. If used in corporate world you can use policy to lock the device down so you can disable wireless so on.
One such product is DME by excitor.
-
I’ve been to a couple places where they don’t allow phones. This becomes a problem when they want me to give a talk :P. As for enforcement. Your best bet might be metal detectors honestly. Whereas it is possible to detect and even jam signals, much the same way many organizations do with rogue wireless access points, if you worry is data exfultration, then having a phone in airplane mode taking pictures to send out later won’t be stopped by this. Definitely a hard question.
-
Along these lines, think about why you want to ban cellular phones or whether the intent is consistent. What I mean by this, do phones represent the only avenue of exfiltration for the data you are trying to protect and are you considering other vectors as well? Camera phones are a great example. I worked in healthcare for about 6 years (not currently) and a common policy for the health depts I audited was not allowing cellular phones in common areas, or disabling camera function on enterprise smartphones. Yet there was no policy governing digital cameras. This is an example of where application of controls are not consistent with the intent of the control. Just something to think about.
-
I was at a UK millitary establishment in Wiltshire last year and given the nature of their work ALL mobile (cellular) phones are prohibited and have to be checked in at Security. To enforce the policy they used scanners which will detect phones, even when switched off as they will still emit RF (unless the battery is removed).
I don’t know the make of the scanners but this link from the US might be the answer.
-
Using a good RF scanner will work but like you said its not going to help much if the phones are off. Not to trivialize the issue, but a security guard that can frisk visitors will mitigate that risk to a large extent. Have lockers for visitors to put in their bags/purses etc before they enter the secure area.
What is the purpose of not allowing mobiles by the way? Is it to prevent people from taking pics? If so then the above physcial security issues would help in mitigating the risk. If it is more for preventing visitors from making phone calls while in the secure area, you can also consider moving the very high risk processes (eg cryptographic key generation) into a Tempest room/ Faraday cage which blocks RF signals from going out/coming in. thats really expensive though! -
Just to clarify, if the phone is switched off, it will still emit a RF signal and be detected by the scanner. SOP is to remove the phone’s battery to prevent detection.
You must be logged in to reply to this topic.
