This week I’ve heard two stories that you just couldn’t make up.
One – a Titanic exhibition in Belfast had to close due to ‘water damage’.
And two – the Cabinet Office minister was giving a speech to the Cabinet about how the Government Digital Service could save the Government £2b a year, when every iPad in the room was seized amid security concerns.
The fear was that China, Russia, Iran and Pakistan have each developed the ability to turn mobiles into microphones, which could also then transmit messages to people trying to listen in. This works even when the mobile is switched off.
To combat this, all ministers have been issued with soundproof lead lined boxes which they have to place their mobiles into if they want to have a ‘secretive’ conversation with somebody else.
All cabinet meetings have also been banned from using mobiles or tablet devices of any kind.
The Telegraph has quoted William Hague as saying, “I think my phone has been modified by GCHQ enough that it’d [bugging] be difficult, but I’m sure the Chinese have had a good go.”
It kind of reminds me of an old joke – after learning that pens don’t work in zero gravity, the Americans spent ten years and $12b on coming up with pressurised ink cartridges that would allow them to write in space. The Russians used a pencil.
Yes, you could use a lead lined box to prevent your mobile being turned into a microphone (although there’s nothing like alerting everybody to the fact that you’re about to have a secretive conversation than by asking whereabouts in the office the lead lined boxes are kept).
You could also use a fridge, a la Edward Snowden when he went to meet reporters in Hong Kong.
But it seems an odd reaction to something which, let’s be honest, should be expected. Surveillance between countries, though ill-mannered, is hardly a new invention. Nor is the ability to turn mobiles into microphones.
It’s even got its own name – ‘open mic technology’. This has been actively promoted by some mobile makers such as Motorola as key features of the hardware. Their Moto X smartphone, launching soon, listens to you continuously, awaiting your commands…even whilst it’s sleeping.
The focus needs to be not on elaborate lead lined boxes (sorry James Bond fans), but on an impenetrable mobile device management system.
Before you even get to protecting your mobile devices from hacking attempts (which is important by the way, I’m not trying to dilute that), you should be looking at your whole IT system and infrastructure and creating policies. Can you see who is logging into your network and what they’re doing whilst they’re in there?
It has also been reported that USBs containing Trojan malware were included in gift bags that were handed out at the G20 summit in St Petersburg, which potentially could allow Russia’s FSB intelligence agency to hack into Government computers.
If a rogue USB stick were to make its way into your organisation, whilst its intention may not be to spy on you, you do need to be able to spot it before it does any sort of damage to your data.
I’m also not sure that banning all mobile devices from meetings is the way to go. It might be a temporary measure but it’s not exactly finding the balance between security and productivity.
And whilst most businesses may not have international spy issues to contend with, the fundamentals are still the same. The most important thing is to have a robust BYOD policy in place that colleagues understand and abide by.
For more on this, take a look at our security whitepaper which includes top tips on how to implement an IT policy that works for your business.