Easy mobile security the Faraday way

Credit to Author: Mike Elgan| Date: Sat, 19 May 2018 03:00:00 -0700

Have you heard about those special bags, cases and wallets that protect your electronics from hack attacks?

It’s a signal-blocking container, basically a tinfoil hat for your gadget.

Tinfoil hats are associated with conspiracy theorists concerned about secret government mind-control programs. But when it comes to your wireless gadgets, they really are out to get you.

For example: It’s not a conspiracy theory to believe that companies you’ve never heard of are tracking your location.

In the past two weeks, we’ve learned that a company called Securus Technologies sold the real-time location data of millions of people. It got this data from another company called LocationSmart, which itself was buying the data from AT&T, Sprint, T-Mobile and Verizon.

Yes: Wireless carriers sell access to your location to many companies.

It gets worse. A hacker compromised Securus servers and nabbed 2,800 usernames, email addresses and phone numbers, mostly belonging to police officers.

We also learned that a free and publicly available demo on the LocationSmart site enabled anyone with access to the internet to look up the location of just about anyone without having to log in or identify themselves in any way.

It’s also not a conspiracy theory to believe that crooks can steal the car in your driveway using the wireless “smart key” fob in your bedroom.

The internet was stunned last fall when police in the U.K. released security video showing a so-called relay crime, whereby the wireless signal from the keys of a Mercedes was relayed to a special box to unlock and start the car in the driveway. Two shady characters in hoodies rolled up in a car and, after a few minutes of transmitting wireless signals, rolled away in two cars.

It’s not a conspiracy theory to believe that, if you’re traveling abroad and paying for data by the megabyte, your devices might incur unwanted charges by connecting to the cellular data network and downloading updates or backing up photos and videos. (This happens to me almost every time I travel.)

It’s not a conspiracy theory to believe that some long-term health problem might arise from keeping your smartphone in your front pocket every day, all day.

And, of course, it’s not a conspiracy theory to believe that hackers want to steal your data or use your devices for DDoS attacks, crypto-mining and other malicious purposes.

As computing goes increasingly mobile and wireless, it’s important to remember that our devices are packed with radios. An average smartphone has 2G, 3G, 4G and/or 5G radios, as well as Wi-Fi, Bluetooth, GPS and probably NFC radios.

How creative hackers might exploit these radios in the future is anybody’s guess. That’s why it’s time to revisit an old idea: the Faraday cage.

The concept of a Faraday cage was developed in 1836 by English scientist Michael Faraday. It’s a specially designed enclosure made using a mesh of electrically conductive metal that prevents usable wireless signals from going in or coming out.

Fortunately, the concept doesn’t actually require a “cage.”

Companies can and do use a range of flexible materials to create Faraday sleeves, Faraday phone cases, Faraday bags, Faraday wallets, Faraday dry bags and other Faraday accessories.

In fact, all kinds of Faraday accessories are available, from companies such as Silent Pocket, MOS Equipment (make of the Mission Darkness bag pictured above), RF Safe, Vest, Wavewall, SafeSleeve, Incipio, Faraday Defense, Mobile Safety and others.

These are not mainstream products. Most users don’t buy them.

Certain kinds of Faraday containers are routinely dismissed by some security experts. For example, RFID-blocking wallets and passport holders are considered unnecessary because of the effort required to extract data from credit cards and passports. The hackers need conspicuous, specialized equipment and also to get very close to your stuff. There are simply much faster, easier and more scalable ways to steal this data. And so the experts say RFID wallets are probably unnecessary.

It’s also unlikely that a laptop will be hacked as you’re carrying it around with the lid closed. More likely is that it would be compromised while it’s on and open and you’re connected and using it. However, it’s impossible to predict what sort of malware might be planted on it or which radios or sensors it might put into service. It’s possible that the code might instruct the laptop to connect later while you’re carrying it around, or even to ping networks and record location.

Despite these objections, there are three powerful reasons to embrace the Faraday way to protect your data.

It turns out that, for professionals who are truly serious about mobile data security, Faraday bags are standard.

Christopher Steele, the former spy responsible for the Steele dossier, carries his phones in a Faraday bag, according to a feature in The New Yorker.

The handbook for police forensic examiners, called Digital Forensics for Handheld Devices, says forensics experts need to use Faraday bags and cages for transporting and examining phones, laptops and other devices to prevent electronic tampering with the evidence.

And police in the U.K., where the majority of those wireless relay crime car thefts take place, strongly recommend that everyone keep their car keys in a Faraday bag.

Of course, the Faraday solution isn’t without problems of its own.

For starters, you can’t receive phone calls while your phone is in such a bag or case.

If you leave all the radios on, your phone can burn through battery hunting for networks and devices.

The Faraday way isn’t perfect. But it’s almost certainly better than what you’re doing now.

Even experts can’t predict tomorrow’s new hack attacks. But you don’t have to be an expert to buy low-cost Faraday accessories for all your gear, or for the devices carried by your staff or company.

Faraday containers are the cheapest, fastest and easiest way to know that your keys, credit cards, passport, phone, tablet and laptop aren’t sending or receiving signals while you’re sleeping, traveling, driving, walking or in meetings.

Use the links above to buy yourself some Faraday bags. It’s an old idea whose time has come.

http://www.computerworld.com/category/security/index.rss