Security platform tracks rogue wireless devices via real-time map

New security tool from Bastille Networks can help security teams enforce no cell-phone zones.

A new wireless detection platform from Bastille Networks allows companies to locate security threats from managed as well as rogue wireless, IoT, and cellular devices. Bastille's system senses radio frequency (RF) energy emitted from transmitting devices and uses sensor arrays to determine the device type and its location.

The company has worked with law enforcement and government customers for several years, but just got Federal Communications Commission approval for its civilian cellular sensor array that powers the tracking system.

Bob Baxley, chief technology officer at Bastille, said the platform can help CISOs defend the RF attack service.  

"Bastille can tell you which devices in your facility--both on and off your network--are susceptible to RF attack," Baxley said.

For example, a laptop legitimately connected to a corporate network could also be tethered to a cell phone via Bluetooth, which in turn could be connected via a 40 Mbps 4G cellular data connection to a server in China.       

SEE: How to get users on board with essential security measures (free PDF)

Smart TVs, security cameras, printers and peripherals, medical devices, building controls and smartphones could all be used to steal data via radio frequency communication. Even radio-enabled and cellular devices that are not connected to the corporate network could be used to steal data.

Many IoT devices use radio signals to communicate and radios exist in cell phones, computers, wireless keyboards and mice. More than 70% of devices connected to corporate networks use RF and cellular protocols. Because these RF protocols are so new, there is a greater security threat. The system uses software defined radios (SDRs) to passively observe the entire radio space in a building from 60 MHz to 6GHz. 

Security firm Check Point Research recently found a security vulnerability in the firmware of the Philips Hue smart light bulbs. This IoT problem allows attackers to take control of an individual bulb, push malicious firmware to it, and spread other malicious software throughout a network.

In July 2019, a security researcher found a vulnerability in Logitech wireless USB dongles that could allow hackers to track keyboard traffic and inject keystrokes or even take over the computer to which a dongle has been connected.

How does it work?

The platform establishes a baseline of activity for all wireless devices, including cellular, Wifi, Bluetooth and Bluetooth Low Energy and sends an alert when a device exhibits unusual behavior.

The platform also allows customers to enforce a "no-cell phone" zone that alerts the security team when a person with a phone enters that area. This could include research labs or product development departments.

Bastille can be installed as a virtual or physical appliance in a private cloud, data center or on premise. Bastille also offers secure AWS Cloud deployment with versions certified for the enterprise and government facilities.

Bastille integrates with existing security information and event management systems through open APIs. The Bastille Portal also allows users to view alerts and monitor activity.

Bastille's platform monitors all 79 Bluetooth channels and can tell the difference between malicious Bluetooth tethering and innocuous activity such as music streaming. 

In October 2019, the Department of Homeland Security Science and Technology Directorate awarded $199,680 to Bastille to provide an Internet of Things security solution to track threats on connected devices in real-time. This is a Phase 4 award under the department's Silicon Valley Innovation Program's "Security for the Internet of Things" program, which calls for new ways to manage and secure IoT components and systems.

Bastille has 17 US patents issued around software-defined radio technology with more pending.  

Also see

screen-shot-2020-02-19-at-11-38-47-am.png

Bastille Network's intrusion detection platform creates a real-time Marauder's Map that shows the location and activity of cell phones inside an office building.

Image: Bastille Networks