However, how many have considered that the mobile phone or PDA in their pocket could also be a problem? With the increasing convergence of phone and network aware devices, come new and often unnoticed threats. Features such as built-in cameras, wireless networking, Bluetooth, calendars, phone books, all present their own particular problems, and associated risks. If we think of each feature by category, it becomes clear that they each have their own expected security perimeter, and it is this that is quietly being expanded and, potentially, exposed.
For example, let's look at phone books and calendars. Your personal phone book will normally live in several places – on a card index, in a personal computer, and, nowadays, on your mobile phone. The perimeters, therefore, are the walls of your office, the LAN that your PC is connected to, and the pocket that your phone is carried in. If none of these are breached then your data is, in theory, safe. Or is it? The fact that these devices are becoming network aware means that they may be unwittingly creating a path that extends these perimeters way beyond that which you originally planned for or expected. Other service categories' boundaries may start to overlap in unexpected ways, and a change to the way, say, voice signals are handled, may compromise the security of your image, calendar or phone-book data, even though they are nominally unrelated.
Recently, a simple change to the UK law restricting driving whilst using a mobile phone has led to a massive increase in the number of headsets being deployed... Bluetooth is an obvious and convenient technology to use for headset connectivity -no messy wires to get tangled up in whilst driving or to create an unsightly bulge in your pocket – just switch on, stick your phone back in your pocket, and you're away. But with Bluetooth connectivity comes a number of extra features – you can copy your calendar, phone book, photographs etc. directly to your PC with a touch of a button. Although you only wanted a headset, you've opened a number of other gateways simply by switching Bluetooth on. The phone in your pocket is now capable of transmitting all of your data across the room, through walls, even into neighbouring buildings or to the car following you on the motorway, potentially without your knowledge or consent. By the simple act of adding a headset to your personal armoury of gadgets, you have extended your security perimeter beyond your wildest dreams, and it has been proven in field trials that Bluetooth devices can be attacked from over a mile away using specialist (but not hard to find) antennae and a standard laptop.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.