Should you keep cell phones away from sensitive data?
When should a device that can give remote access to hackers be banned, and from where?
By now it's pretty well established that cell phones, especially smartphones, are insecure.
No one is surprised that apps phone home with private data, run ads that do the same, or that the amount of malware available for Android and iOS is growing faster than almost any other type of software.
Smartphone malware is so common virus authors debate how best to monetize their opportunities as blithely as dot-commers did a decade ago, while more sophisticated authors build smartphone botnets with as many as a million members or remote-access malware that can open a door for hackers wanting to get at a user's other systems.
Still, most people think of the smartphone security threat as an outbound phenomenon – anything you put on a smartphone could find its way into the wrong hands through any of the methods above or more directly when the phones are lost or stolen.
Few think about inbound security. BYOD means allowing the most insecure devices in an organization to be carried through the doors, past the firewalls and into the heart of the corporate data vault, usually without more than a cursory virus scan or check of the onboard apps.
There are times or places even the least security conscious companies will want to ban cell phones, and not just to keep them from ringing during the CEO's speech.
Infected with malware or carried by an insider intent on stealing data, a cell phone provides an open data path to the outside, giving malware the chance to spread itself around to other phones, follow Wi-Fi signals to security-free entry to the corporate network, or letting hackers eavesdrop or launch attacks using remote-access tools.
Banning cell phones from certain areas and actually keeping them out are two different problems, however.
Unless you're willing to search every employee, contractor and visitor to a secure area, there's no way to be sure they're not carrying concealed, no matter how often you warn them their phones aren't welcome. Almost no adult with any sense of independence will voluntarily leave a cell phone behind just because someone else tells them to.
Childish as it seems to have to bust adults for carrying cell phones, sometimes it's necessary.
Fortunately there is a segment of the IT community that has been dealing with the danger of cell phones longer than the rest of us: those who work in high schools and are responsible for keeping students from cheating on big, standardized tests using apps, note-passing or Google searches to boost their GPA just a bit.
Berkeley Varitronics Systems, Inc. in Metuchen, N.J. sells a whole range of cell-phone detectors that could fill the need, the newest and smallest of which is the $500 PocketHound which, at six ounces and a bulk about the same as a pack of cards, is smaller than many of the phones it detects.
PocketHound can detect cell phones at a range of about 75 feet, whether they're in use or not by reading the radio-frequency signals they send out even at rest.
It covers all U.S. and international bands of PCS, CDMA/WCDMA, UMTS, GSM, EGSM, lets users pick the bands they'll scan for and dial the sensitivity up or down to avoid false positives.
It can signal by flashing LEDs or making noise and automatically sets its alert threshold high enough to avoid ambient RF noise already in the room.
BVS bills it as "Perfect for cheating students, corporate espionage, courtroom and prisons too."
The batteries only last two hours, but BVS sells other models with longer coverage times and wider ranges.
Most are sold by companies offering spy gear and anti-spy gear, many of which are more than a little shady.
Cell detectors don't change or block cell phone signals, however, so they're legal in most states, unlike cell-signal blockers.
Phone detectors seem like they live on the borderline between the need to keep a digital environment secure and the creepy wish to be able to spy on anyone, anywhere without their knowing.
Several of the same resellers that carry cell-signal detectors also carry covert GPS trackers, cell-phone signal intercept-and-decoders that let you listen in on calls or texts, hidden IP cameras and other systems used mainly for covert, privacy invading surveillance.
Needless to say, that's also illegal, not to mention repulsive, so it's probably best for your police record and reputation as a non-creep to stick to the parts of reseller sites displaying products that aren't quite designed specifically to invade the privacy of others. It's better for everyone that way.
Speaking of which, it's probably obvious what kinds of products are in sections marked "DNA Paternity Testing ."
If it's not obvious to you what would be sold under "Fluid Detection," it's probably best not to check.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.