Radio Frequency Attacks Are A Dangerous Threat To Enterprise Networks

Chris Risley, CEO at Bastille Networks - Bastille Networks

Jun 18, 2020

Corporate airspaces are in danger from a radio-based attack.

Mobile, wireless, and IoT devices all operate within the radio frequency (RF) spectrum and many have vulnerabilities that allow cyber-thieves to compromise these devices. Due to the lack of visibility of wireless communications, devices roam freely and are usually undetected in corporate airspaces.  Cybercriminals can use compromised devices to access intellectual property and sensitive company data. The blind spots in a corporate network pose a significant threat to enterprises from an RF attack more than ever before.

Enterprise Networks Are Susceptible to RF Pitfalls

According to a recent Ericsson report, there are more than 22 billion connected devices – 15 billions of these devices contain radios – making them prime targets for an RF breach. Particularly important are the radio-enabled and cellular devices in a corporate setting but not connected to their network: those which enter daily with employees and visitors, and those installed by contractors into facilities’ buildings. These devices are stealthy and can be used to exfiltrate voice, video, and computer data right past firewalls and into the unsecure world outside.

Rogue, cellular devices and vulnerable wireless are currently inside enterprises today. Examples of suspicious gadgets include cell phones, security cameras, smart TVs, printers, Bluetooth and BLE headsets and medical devices. For example, a laptop using a corporate network could also be connected to a cell phone via Bluetooth tethering and that cellphone can be connected via a 40 Mbps 4G cellular data connection to a server in China which is secretly probing company secrets in real-time.

Remediating RF Threats

Understanding transmissions in your facilities and understanding what communication is taking place is as essential as understanding what communication is going on between your network and the outside world.

Recent examples of radio-based device vulnerabilities include SweynTooth, the Phillips Hue Zigbee Worm, BleedingBit, BlueBorne, MouseJack and KeySniffer. These attacks affect billions of devices from Bluetooth Low Energy (BLE), medical devices to wireless keyboards, and these vulnerabilities are just the start because it underscores how immature security is for radio frequency protocols.

RF intrusions are getting much more common because systems using radio controls are at risk to invisible radio attacks. This is a warning notice for IT teams and professionals to understand their RF attack surface in order to maintain a secure perimeter.

Shielding Enterprise Networks From Malicious Radio Frequencies

This first thing that any enterprise security team should do is to make sure that all the devices in their facility are operating at the current firmware or patch level. Most manufacturers on my list of radio-based vulnerabilities above have published updates to their firmware which prevent these announced attacks. However, those updates won’t protect your organization if the RF hardware is not updated. You need to find those devices in your facility and get them patched.

That one is easier said than done. When we install Bastille Enterprise, we almost always locate active RF devices that the customer didn’t know was there. Sometimes a wired printer has Wi-Fi beaconing turned on, sometimes a hospital EKG machine is advertising for a BLE pair at the same time it is sending data via Wi-Fi. In one case, we found that the data room chiller system which was controlled on a wired Ethernet connection was also constantly beaconing out for a Zigbee Controller to pair with. Had it found one, that controller could shut down the chiller.

One way corporations can find their RF devices and safeguard their intellectual property and sensitive data, is to start watching radio space as rigorously as they watch their wired network. Is all RF traffic encrypted or unencrypted? Most people assume that it’s all encrypted and most of it is but we usually see one or more radio data streams which is plain text.

  • Protect Your Business: For starters, security teams must understand what communication is taking place between devices in their airspaces, this is essential to safeguard their valuable data from preventing RF attacks. 
  • Assess RF Security Technology: Security teams need to evaluate RF wireless intrusion detection systems and cellular intrusion detection systems. These are available from a few vendors. Bastille Enterprise covers both and provides corporations the ability to discover, locate, and mitigate radio borne threats to their assets, facilities and networks. Bastille does this protection by using SDRs to passively observe the entire radio space in a facility from 60 MHz to 6 GHz.
  • Deploy RF Solutions: Traditional security technology doesn’t operate in the radio frequency. However, most of your communication is moving to radio now. Deploy technology that detects devices in the corporate airspace in real-time, 24x7 and not just with a one-off security sweep. Deploying RF security technology such as Bastille Enterprise will equip security teams with complete visibility to detect, identify and locate known and unknown devices to thwart the invisible risks in radio.

All organizations want to protect their company secrets from competitors, cybercriminals and from technical espionage by foreign governments. Many have spent fortunes locking down 200 Mbps of traffic going in and out of their facilities over internet connections. The time is now for IT teams and security professionals to start monitoring the 5 Gbps leaving their facilities vulnerable over unmonitored and unchecked radio waves.

Click here to learn more about Bastille Enterprise.