Recent events have brought to the vanguard the susceptibility and threat vector smartphones present. We saw some very senior service officers getting caught in honey traps through social media and the watchdogs are caught unaware. The incidents came into light only after these culprits were already able to compromise our secrets. The quantum of leaked information has resulted in a major security headache for the Armed Forces.
A smart phone is just as common as a wristwatch. Ubiquitously one goes, someone has one, and is engaged in calm or stormy conversation. But what about the people one cannot see? A smart phone can empower criminals, foreign agents, and enemies of the state with the most powerful commodity: information. They can steal information, send information to others, as well as receive information. What kind of information?
A few years ago, it was just audio voice communications. Today our photographic secrets, video footage and confidential data are at risk of falling into the wrong hands. Put a mobile phone in the hands of a rogue or spy on a base, and you now have a formula for disaster. No longer will commanders be in control. Secrets from secure facilities and military bases are now at risk. The very things that make smart devices such a productivity tool are the exact same things that makes them a big target for espionage and for malicious activity.
We archetypally have beheld smartphones as a peripheral device, but they are really the access points into both our personal and professional lives. The data that travels through those devices is precarious. During ongoing Syria conflict, Russia targeted the smartphones of NATO soldiers, with the goal of gaining operational information, gauging troop strength and intimidating soldiers.
We are witnessing that lots and lots of smaller and smarter devices are laced with artificial intelligence. In such effervescent and unceasingly changing scenario, espionage challenges are arising out of smart devices. But, our security and intelligence agencies have been found wanting. They must immediately revolutionise preemptive ways to fight cyber warfare. The awareness about latest technology and probable security threats arising out of its usage must be well versed by our cyber sleuths.
Mobile phone usage at the country’s defence establishments is in need of immediate review to look at the vulnerabilities created by smart phones, watches and other wearable devices like FitBit. A smart phone laced with smart applications having artificial intelligence, itself is a spy and that makes all its users unwilling spies. Even if smart devices are not hacked, they can transmit location and other personal data if a user has not selected appropriate security settings.
Whenever someone downloads a smartphone app, the processes it requires access to are listed and the user has to OK the list. But, most users are not qualified to understand such technical aspects of it. We must develop some sort of safety application that could immediately raise an alarm when some suspicious activity is observed from the smart phone of a military officer.
Data from smart phones, watches and other smart devices has been aggregated in such a way that revealed location via geo tags and personnel data on bases worldwide. Researchers have found that apps can seize control of their mobile phone cameras to spy on them. 30% of mobile apps capture and transmit personal info from phone, putting its users at risk.
Mobile devices that are compromised, can be exploited by adversaries to enable the microphone, allowing them to listen into sensitive conversations, access data that’s going through the smartphones or be able to take pictures of a surrounding area.
Hacked smartphones could endanger deployed columns by sending geolocation data to the enemy using app based mechanisms. Malicious software that commandeers phone functions could transmit wartime adversaries valuable information about troop locations and movements. A smart GPS enabled device monitors the wearer’s / holder’s movements through its sensitive GPS tracker, it can be used to map a classified area. A device with tracker can also possibly help a missile in its target acquisition. Even normal apps send a lot of information back to their servers and individual users are generally ill equipped to determine whether these apps represent security risks.
In order to manage cellular phone communications within a secure facility, one must control who is allowed to make and receive mobile phone calls and who is not within the walls of the facility. To do this, it must be taken into account that mobile phones smuggled in or overtly carried in all need to be discovered and dealt with. If a call is not authorized, then controlled termination of the call must be executed. How can cellular phone traffic inside of a secure facility or prison be controlled? By actively detecting and jamming cellular signals manually or automatically within controlled environments.
If the smart phones and smart devices are banned, it could have a profound impact on the day to day lives of civilians and service personnel who work at the country’s various defence establishments. For example, many of the personnel at the south block and the integrated Headquarters use mass transit, such as Delhi Metro and app based cab services, to get to work and rely on the smart phones during their commutes. In order to enforce a blanket ban on the devices, the agencies will have to screen each employee on a daily basis.
We should develop policies around protecting the information on our mobile devices and importantly protecting the data. Critical information should be the priority for looking at how we secure devices, data and how we’re securing our personnel.
This should make it clearer than ever that the battle has a new terrain — smart phones that people use every day.
Manan Bhatt is a Retired Petty Officer of Indian Navy. This article has been posted with the author’s permission. The views expressed are personal. You can reach out to the author at firstname.lastname@example.org