Cell phones have are now, more than ever, part of IT Security personnel's problem.
NETWORK WORLD NEWSLETTER
06/09/05
By M. E. Kabay
Anyone can use even an ordinary mobile phone as a microphone by
covertly dialing out; for example, one can call a recording
device at a listening station and then simply place the phone in
a pocket or briefcase before entering a conference room.
However, my friend and colleague Chey Cobb recently pointed out
a device from Nokia that is unabashedly being advertised as a
"Spy Phone" because of additional features that threaten
corporate security.
This $1,800 device works like a normal mobile phone but also
allows the owner to program a special phone number that turns
the device into a transmission device under remote control:
http://wirelessimports.com/ProductDetail.asp?ProductID=347
In addition, the phone can be programmed for silent operation:
"By a simple press of a button, a seemingly standard cell phone
device switches into a mode in which it seems to be turned off.
However, in this deceitful mode the phone will automatically
answer incoming calls, without any visual or audio indications
whatsoever... A well placed bug phone can be activated on demand
from any remote location (even out of another country). Such
phones can also prove valuable in business negotiations. The spy
phone owner leaves the meeting room, (claiming a restroom break,
for instance), calls the spy phone and listens to the ongoing
conversation. On return the owners' negotiating positions may
change dramatically."
It makes more sense than ever to ban mobile phones from any
meeting that requires high security.
David Bennahum wrote an interesting article in December 2003
about these questions and pointed out that businesses outside
the U.S. are turning to cell phone jamming devices (illegal in
the U.S.) to block mobile phone communications in a secured
area. Bennahum writes, "According to the FCC, cell phone jammers
should remain illegal. Since commercial enterprises have
purchased the rights to the spectrum, the argument goes, jamming
their signals is a kind of property theft." Seems to me there
would be obvious benefits in allowing movie houses, theaters,
concert halls, museums, places of worship and secured meeting
locations to suppress such traffic as long as the interference
were clearly posted. No one would be forced to enter the
location if they did not agree with the ban, and I'm sure there
would be some institutions catering to those who actually _like_
sitting next to someone talking on a cell phone in the middle of
a quiet passage at a concert.
Bennahum mentioned another option - this one quite legal even in
the U.S.: cell phone detectors such as the Cellular Activity
Analyzer from NetLine:
http://www.netline.co.il/Netline/CAAdetector.htm
This handheld computer lets you spot unauthorized mobile phones
in your meeting place so that you act accordingly.
Finally, one can create a Faraday cage that blocks radio waves
by lining the secured facility with appropriate materials such
as copper mesh or, more recently, metal-impregnated wood:
http://en.wikipedia.org/wiki/Faraday_cage
A high-security version of such a room is called a SCIF
(Sensitive Compartmented Information Facility) in U.S. military
security jargon.
Articles
Metasploit Framework Windows Tutorial The Archives General GSO | Full Version: Nokia "spy Phone"
Yes, I would pay 1800$ for something a 10$ recorder or my 90$MP3 splayer can do.
Stupido. QUOTE(FiNaLBeTa @ Jun 12 2005, 10:47 AM) Yes, I would pay 1800$ for something a 10$ recorder or my 90$MP3 splayer can do. Stupido.  I think you missed the point of what this can do. Cell phones are generally allowed in business meetings. Voice recorder/MP3 players are not. And the way that this devices works, it appears to be off even though it is streaming audio to another phone anywhere in the world. Do you think that you could walk into high priority negotiations with a audio recorder? Not likely.
just call a number with your cell phone, and set there a recorder, then everything will be OK, but you have to choose a phone with a long-lasting battery.
Seems like an interesting too, but I agree that I wouldn't pay $1800 for the phone when I could just use a regular old tape recorder. If you were going to spend that much why not just buy Wifi bugs, like the CIA uses. I can't remember the exact site, but you can purchase clear strips that transmit wireless signals to the base station. I'll go through my comp, and when I find it, I will edit this post with the URL.
 I found this to be rather old news. These cell phone spy devices have been commonly sold for atleast two years. They even released a metalloid paint designed to stop wireless and cell phone signals from escaping rooms about a year ago if I remember correctly to prevent this sort of thing. Many other brands of cell phones have been modified to do this as well for much cheaper. Maybe this is the first time this has been actually made in the factory?
Its quite old news. Any spy phone working on GSM which Nokia or any other company makes can be easily detected. the the cost will be under one dollar.
Just think I will let you know. everybody of you knows it but never thought of it .Its damn easy. I have practically done it. The things which I told you is for the person who is a carrier of phone who does not know if the phone which he is carrying .. a spy phone.
all of these comments are missing the point. Your basically saying why use a knife to kill a chef when a tank will work better.
the phone is an accepted device. QUOTE(as0l0 @ Jun 20 2005, 07:21 PM) the phone is an accepted device. It is indeed. All the more reason for the Execs to be aware of this. At least on the military side of the house, all wireless devices are prohibited for certain meetings, briefs, and/or presentations--I've already turned in two dumbasses after I caught them. Their excuse: "...I forgot...." Bullsh*t! Security signs are posted all over the place, they had to pass through two "collection points", and before the meetings start the facilitator warns the audience about wireless devices. However, the fact still remains--the cell phone is an accepted device, and even if certain meetings do not require security (project kick-off meetings, project progress meetings, etc), damage can still be done to an organization--especially if an org's competition is listening in.
you are correct sir, but I think this topic is beyond the interests of this audience.
I still prefer the glass to the door method during those business meetings
  Discretion is the best way, if your going to speak of anything important dont do it where anybody that wasn't intended as the sole reciepient will hear it, perform the inspections use the devices to detect.
Cell phones are interesting but not something that setting a phone to auto answer will resolve. Especially if set on silent mode. So in a sense your doing the same thing.
OK so it can seem like it's shut off, but if your at a facility where your searched and all cell phones that are shut off have their batteries removed, so basically the spy phone is useless at that point. One feature that is scary is the CCTV pens, or those pens which can be used as a listening device. How often do security staff check pens. If your visiting another company and policy allows them to check your person and objects as well as confiscate your phone untill end of the meeting. Don't know how much of a use the "spy phone" will be then. JMO
Sorry to get abit off topic, but we use to make these with the old nokia's and headsets...
Place the phone on silent, headset on, tell it to answer after one ring, then place the microphone anywhere.... Was a cool trick... This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc. |
||
