- The Washington Times - Friday, February 1, 2008

(UPI) Wall Street executives and K Street lawyers beware: It’s easy to eavesdrop on those wireless-phone headsets you love so much. In some cases, all it takes is a simple off-the-shelf radio scanner.

“These guys are bugging their own office essentially,” said security consultant Doug Shields.

A client recently asked him to test wireless headsets against an inexpensive commercial scanner capable of monitoring frequencies between 900 megahertz and 1.2 gigahertz, where many of the popular hands-free headsets operate.

The scanner could pick up conversations inside buildings as far away as 600 feet.

“Sometimes, when the other party has hung up, the wireless connection remains open and you can hear what [the party at your end] is saying afterwards.”

From a position across the street from his client’s office, Mr. Shields was able to record conversations by employees, including commercially sensitive information.

“Some of this stuff, if you traded on it, you’d never have to work again,” said Mr. Shields, a partner with Secure Network Inc. in Syracuse, N.Y.

Scott Beratino, executive editor of Chief Security Officer magazine, said he knew of cases in which the technique was employed for corporate espionage.

“Some are encrypted, most are not,” he said of the commercially available headsets.

“Bigger, smarter” firms were likely to have adopted encryption countermeasures, said Mr. Beratino, citing large pharmaceutical companies that use encryption even for internal presentations employing wireless microphones.

Buildings also can be shielded from electronic eavesdroppers, he said.

“More [companies] should be doing it than are,” he said.

Other widespread countermeasures include hopping between frequencies or spreading a digital signal across different parts of the spectrum — both of which break up a transmission to make it more difficult to intercept.

But most companies seem unaware of the risks inherent in this kind of technology. “They are focused on other things,” he said.

“We use industry-standard security” said Deborah Kline, a spokeswoman for Avaya Inc., a Basking Ridge, N.J., company that makes wireless headsets.

But, she added, “Industry standards … are not always as secure as we would like.”

Bob Hayes, managing director of the Security Executive Council, a Washington-based membership organization for security professionals, expressed skepticism about the seriousness of the threat.

“There are a lot of threats that are technically possible,” he said, pointing out that monitoring telephone conversations that way, without permission, is a federal crime. “Why would I do that when I could get the same information a dozen different ways?”

A corporate sleuth could rifle through someone’s garbage, for example, or eavesdrop on conversations at trade shows.

“If you’re doing business that sensitive, your whole life should be at a higher security level,” Mr. Hayes said. “Secrets are stolen out of cars … or garbage cans.”

He also said that, unless the listeners are “in the right place at the right time,” they were likely to get “a lot of pizza orders, bedtime kisses for kids” and other idle chatter.

“Think of it from the spy’s point of view,” he said. “There’s a reason every intelligence agency in the world values human intelligence the most highly.”

Jack L. Johnson Jr., former chief security officer for the Department of Homeland Security and now a partner in the federal practice at PricewaterhouseCoopers, said that, in general, when it comes to new technology, “ease-of-use considerations tend to trump security.”

“It’s not until after the technologies are in use that we realize the vulnerabilities,” he said.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide