Mobile Spies

There are spies among us. They are strapped to belts, riding on hips and sitting on conference room tables. A recent article published by Dark Reading “Innovative Attacks Treat Mobile Phones As Sensors” speaks to how mobile phones are being used as sensors.

This article was a stark reminder of the access a mobile device has and if turned against you, the damage that can be done.

Consider this scenario. Malware is installed on your CEO’s mobile phone. The malware is able to read and transmit calendar details of upcoming strategic meetings. The malware transforms the phone into a bug by enabling the microphone at the proper time to eavesdrop on sensitive meetings.

Consider another scenario. The same malware waits until the next time Exchange credentials are entered into the phone and via key stroke logging, intercepts and transmits them.

LogRhythm blog

The CEO’s account can now be synchronized to another mobile device in the hands of a bad actor. The CEO can now be impersonated. The impostor could login to SalesForce.com and request a password change, receiving this new password and quickly deleting the email via the impostor’s mobile device.

The impostor now has unrestricted access to the company’s customer base details and sales pipeline. Reviewing the logs of enterprise applications (e.g., Exchange) that mobile devices interact with is critical in defending against these threats. The perimeter is walking through the front door every day. Will you know if a spy is in your house?