By Mike Foster, The Foster Institute
When it comes to IT security, our computers arent the only thing vulnerable. Almost everyone these days has a cell phone, and a cell phone can be hacked too.
One way to infect someones cell phone is with a malicious program called FlexiSPY. Heres how it works. Lets say that Dave, our company president, wants to follow up a little bit on one of his senior managers, Greg, and find out what hes up to. Dave would simple go to Greg sometime and say, Greg, do you mind if I borrow your mobile phone? Mines not working and I want to check in with my family. And Greg says, Sure, no problem.
So Dave takes his phone. Now Dave has already been to FlexiSPY, and theyve already given him the instructions of how to infect Gregs phone with a little virus by simply visiting a web site URL. So Dave does that. He acts like hes dialing the number, and then just to make it look good, he says into the phone, Yeah, hi. I was just checking in. Is everything okay? Oh yeah, Greg loaned me his phone. Hes a great guy. Okay. Ill talk to you later. Bye. Then Dave hands Greg his phone back.
Meanwhile, Greg thinks everything is just dandy. He loaned his boss his phone and hes a good guy. But now, any phone calls that Greg places or receives, Dave is going to get a report of who the other party is, what their phone number is, and how long they were on the phone. All that information is available to Dave for just $49.95.
Now, if Dave decided to splurge and spend $149.95, he can remotely activate the microphone on Gregs phone and actually listen in on Gregs activities any time Gregs phone is turned on. So if Greg is at home tonight with his family, Dave could listen to their conversation at the dinner table. If Greg is in a closed meeting, Dave could listen to the closed meeting. Essentially, Dave could hear anything going on in Gregs life, as long as his phone is turned on.
The CIA knows what a serious danger this technology is. In fact, the CIA is very concerned that this spying technology might get on the cell phones of some of the Chief Justices of the Supreme Court or other high-ranking government officials. If that were to happen, it would really undermine the security of the United States of America.
Therefore, never hand your phone to anyone. If someone asks me to borrow my cell phone, I say, Sure. But Im going to dial your number, and Im going to stand two inches from your face the entire time you have the conversation.
At that, the person who asked to borrow my cell phone usually replies, Never mind.
If you have recently handed someone your cell phone to use and are wondering if some sort of spying device is on your phone, you could have your IT professional examine the phone. Or, if your phone is getting out of date anyway, now might be a good time to trade in your phone for a new one. You can keep the same phone number, since the virus affects the phone itself and not the phone number.
If you ever look at your phone and see the screen says that the phone is connected or in use when you didnt place a call or answer a call, then this may indicate that you have some sort of phone spyware on it. Unfortunately, most people dont look at their phone when theyre not using it. They just leave it in their belt clip, purse, pocket, in a desk drawer, or on a table.
You would also see tell-tale signs of someone spying on your calls on your phone bill. But not everyone examines their bill, and some people never even see their bills if they use a bookkeeper to mind their finances.
If you have the right tools, you can figure out if something was loaded onto your phone. One company called Trust Digital makes a very nice central management tool to audit, manage, and protect all of your phones and PDAs in the enterprise.
A common theme you will notice in this book for protecting your network is the concept of Central Management. Whats that? Well, ask any IT professional, and theyll tell you that one of the worst things in our career is when we have to change something on all the companys computers. It doesnt matter if you have five computers, fifty computers, five hundred computers, or more, thats way too much work to visit each computer, phone, or PDA, individually. We want to be able to manage things centrally.
Todays organizations have PDAs, cell phones, Blackberries, etc. All of these devices also hold sensitive data. So what happens when one of your employees is traveling for business and accidentally leaves his mobile phone or PDA in a taxi? If you had a central management system in place, that employee would simply call the IT department and tell them what happened. Then someone in IT can make a few keystrokes on the keyboard and erase everything in that particular phone or PDA.
Now, everything on that phone gets securely erased. And when I say securely erased, that means inside that phone its writing ones and zeros on the data card to actually erase information. Even data forensics cant get that data back anymore. Its just gone.
In the event that whoever rides in the taxi next finds the phone and somehow returns it to you, your IT department can make a few more keystrokes on the keyboard and restore all the data. That sure beats having to go through a four-hour process of reloading everything.
So dont overlook your cell phone and PDA when it comes to data security. There are tools out there that will help youuse them.
Action Item: Treat your cell phone like you treat your toothbrush. Never let anyone use it.
About the Author: Most executives would rather have a root canal than learn technology. Mike Foster has 25 years experience explaining technology in plain English to owners and executives. Executives learn tips to increase profits and avoid losses. IT professionals are empowered to be even more valuable to organizations. Learn more at
Keep My Network Safe
.
Source:
isnare.com
Permanent Link:
isnare.com/?aid=321631&ca=Internet