Hiding in Plain Sight: The Security Risks of Pervasive IoT Devices
Gary Schluckbier
08/05/20
When Kevin Ashton coined the term “Internet of Things” in 1999, not many of us could envision exactly how connected the world would become. According to Statista, by 2025 there will be nearly six billion IoT connections in North America alone. The vast majority of these connections use BluetoothⓇ, Wi-FiⓇ, or cellular connectivity, so if part of your mission requirements is to understand and interact with your wireless environments, these are the protocols you need insight into.
Keeping unauthorized wireless devices out of prohibited areas becomes exponentially harder when virtually everyone is at the very least carrying a cell phone, and probably has other connected devices like watches or fitness trackers that have become such passive tools we hardly think of them at all – let alone as a potential security threat. Accidentally walking into a sensitive compartmented information facility (SCIF) and intentionally using connectivity for nefarious purposes start the same way – by generating a signal in an area where that’s not allowed. And because of the ubiquitous nature of these connected devices, they’re hiding in plain sight.
Keeping sensitive areas safe is difficult when so many of our devices offer connectivity.
A cell phone is obviously designed to generate and receive signals, while a watch might go unnoticed. But all kinds of consumer devices that ten years ago were single-function tools are now outfitted with microphones and speakers for voice control features or cameras for gesture recognition. Virtual assistants like Alexa and Google Nest have displaced household stereos and the wireless connectivity they bring is so integrated into our daily lives that they kind of disappear into the background like so many other devices. For example, we’ve identified unsecured access points in sensitive areas coming from the monitors or ceiling projectors in conference rooms.
During a recent Flying Fox Enterprise project in a secure area, several unexpected cellular IoT transmitters were detected in shipping containers, which were using GPS to monitor and track shipments. These are examples of devices that are so ubiquitous that we often overlook their existence. Having full spectrum visibility helps identify potential threats even where you might not be looking. For every accidental unauthorized wireless device, there’s always the potential for bad actors to exploit that for their gain. As connected devices increase in their usefulness, they are going to be pervasive in the areas where we work, and government-focused organizations need to remain diligent in this area.
SCIF security requirements are outlined in the Intelligence Community Directive (ICD) 705/ IC Technical Specification, but no standard exists for exactly how to identify and take action against potential threats. There are many threat vectors that come with personal electronic devices (PEDs) and before you can determine if there’s a problem, you first have to be able to have awareness of the wireless environment. Knowing where those unauthorized devices are, what they are doing, and having visibility across wireless protocols and cellular is the only way to get the full picture.
Keeping situationally aware of an evolving device landscape is a challenge on numerous fronts. Wireless device standards are always changing, making solutions that are unable to adapt to these changes quickly obsolete. Cellular presents a unique challenge because there currently are no off-the-shelf detection systems to monitor the large range of frequencies,channels, and protocols cellular devices are making use of. To help security professionals address these challenges, Epiq Solutions created a software-defined radio (SDR)-based device detection and location technology called Flying Fox Enterprise. Developed in partnership with the Naval Research Laboratory (NRL), SDR-based sensors can be upgraded quickly as standards evolve as well as be configured to monitor large frequency ranges to scan the full spectrum of cellular transmissions with zero false positives. Flying Fox Enterprise makes further use of its SDR technology to enable a fully passive monitoring solution for Bluetooth that makes it possible to detect transmissions even after the device is paired.
Full-spectrum, SDR PED detection of Flying Fox Enterprise offers:
- Comprehensive detection and location of wireless threats including Bluetooth, cellular, and Wi-Fi
- Specialized hardware to overcome the unique challenges of cellular and Bluetooth detection
- Fully passive 24x7 monitoring
- Zero false positives through full decoding of transmissions
- Our experience designing tools that provide situational awareness in the RF domain for federal users
Learn more about Flying Fox Enterprise here, or if you’re interested in speaking with an RF expert contact us here.
share
DON'T MISS A HERTZ
Stay ahead of the curve with the latest Epiq news, product releases, and more.
most popular
Keesler Air Force Base Awards Epiq Solutions Contract for Wireless Device Detection System
READ BLOGReliably Detecting and Locating Cellular Threats
READ BLOGCommand and Control is Big Business: Understanding 5G's Impact on Command and Control Military Applications
READ BLOGMore Epiq Stories
Introducing Sidekiq™ NVM2: Small Form Factor MIMO SDR
Epiq Solutions is excited to announce the Sidekiq™ NVM2 - the latest addition to Epiq's small form...
READ BLOGHow to Troubleshoot an SDR in 6 Steps
If troubleshooting is an art, troubleshooting a complex embedded device like a Software Defined...
READ BLOGWelcoming CyberRadio Solutions to Team Epiq
Epiq has spent the last 14 years focused on bringing low-SWaP software-defined radio platforms to...
READ BLOGEpiq Solutions Paves the Way for AI/ML Integration in RF Spectrum Analysis
The world of AI and ML is evolving at a rapid pace. While much of the fanfare is focused on...
READ BLOGStill Epiq, Always Epiq
Over the past 14 years, Epiq’s team has been unwavering in its pursuit to become leaders in...
READ BLOGAI & RF Sensing: Next-Gen Direction Finding Solutions
In an increasingly sophisticated wireless landscape, the need for situational awareness calls for...
READ BLOGUnmasking AirTags: the Power of Flying Fox Enterprise
Apple's AirTags have revolutionized personal item tracking, emerging as discreet guardians of your...
READ BLOGAmy Devine
07/26/23
Make your RF Field Work Easier: PRiSM the Compact, Agile Powerhouse
The realm of RF engineering is witnessing a radical transformation, with the advent of agile,...
READ BLOG