By Chris Risley, CEO at Bastille Networks
Why are enterprises at risk from radio-based attacks?
Mobile, wireless, and IoT devices all operate within the radio frequency (RF) spectrum and allow hackers to easily compromise these devices. Due to the lack of visibility of wireless communications, devices roam freely and are undetected in corporate airspaces, enabling cyber-criminals to access intellectual property and sensitive company data.
These wireless blind spots—vulnerability to RF attacks on corporate networks—pose significant threats to enterprises.
Enterprises are in danger of RF attacks
Standard security solutions don’t detect what devices operate and exist within the radio frequency. Enterprises can’t safeguard what they can’t detect, particularly when more than 70% of devices connect to networks via RF and cellular and that percentage will exponentially grow. According to Ericsson, there are more than 22 billion connected devices and 15 billions of these gadgets contain radios: making them potential targets for RF attacks.
Equally important are radio-enabled and cellular devices in corporate settings that are not connected to their network: those that enter the facilities each day in employees’ pockets and purses, and those installed by contractors into facilities’ buildings. These devices are stealthy and can be used to exfiltrate voice, video and computer data right past firewalls and into the unsecure world outside.
Rogue cellular and vulnerable wireless devices are inside enterprises today. Examples of suspicious gadgets include cell phones, security cameras, smart TVs, printers and peripherals, and medical devices. For example, a laptop connected to a corporate network could also be tethered to a cell phone via Bluetooth; that cellphone can be connected via a 40 Mbps 4G cellular-data connection to a server in China that is secretly probing company secrets in real-time.
Assessing RF risks
Radio-frequency transmissions are propagating enterprise networks. This establishes major security concerns for corporations. Eliminating these transmissions and understanding the alert communications is essential if a vulnerability is created.
Recent examples of radio-based device vulnerabilities include SweynTooth, the Phillips Hue Zigbee Worm, BleedingBit, BlueBorne, MouseJack and KeySniffer. These threats affect billions of devices from Bluetooth Low Energy (BLE) to pacemakers to wireless keyboards. These vulnerabilities are just the start—vulnerable. They underscore just how immature security is for radio-frequency protocols.
RF attacks are getting much more common because systems using radio controls are at risk to invisible radio attacks. This is a warning notice for CISOs…you best understand your RF-attack surface if you plan to maintain a secure perimeter.
Safeguarding enterprises from RF attacks
Enterprises can protect themselves from RF attacks by assessing what communication is taking place between devices to determine and eliminate potential intrusions and hacks from RF transmissions. CISOs need to evaluate and adopt RF products that equip security teams with real-time visibility and situational awareness into the Big 4 protocols operating inside facilities: cellular, Bluetooth, BLE and wi-fi.
Deploying RF-security technology to detect, identify and locate known and unknown devices will protect corporations from risky RF attacks.