People also are irrational when it comes to their own devices. Smartphones are so integral to managing our lives that they have effectively become a part of us that we inherently trust, like a pet or another limb. It takes continuous effort to recognise that these sources of convenience and entertainment can be deployed against us.
Even if users are aware of the risks, they often shrug them off, convincing themselves that it is only “other people’s” data that hackers are interested in. Most are ignorant of the powerful ways in which seemingly innocuous data points can be combined and sold on the dark web to power sophisticated fraud campaigns.
Aside from personal risk, users are also blissfully unaware of their responsibility to act as cyber soldiers for their employers, whose networks they connect their devices to daily. Employee smartphones present the ideal launchpad for attackers to enter enterprise networks and seize sensitive data and other valuable assets.
This is something Satterwhite is all too familiar with. In 2017, it was revealed Russia carried out a campaign to compromise NATO soldiers’ smartphones, with the aim of gaining operational information, gauging troop strength and intimidating soldiers. Russia was targeting 4,000 NATO troops deployed to Poland and the Baltic states to protect the alliance’s European border with Russia. The campaign starkly illustrates how the cyber defences of even the most secure organisations can be readily unpicked with a new breed of smartphone lockpicks.
“The problem is that even if the enterprise has taken steps, it only takes one user connected to enterprise resources from a privileged account to put the company at risk,” says Satterwhite. “Even if controls are put in place for each phase of the Cyber Kill Chain, it still might not be enough. I feel the convenience of mobile phones is not worth the risk they introduce to the enterprise.
Satterwhite adds that it’s not just bank accounts or corporate/military secrets that are at risk but fundamental democratic freedoms we all enjoy.
Criminals, governments and politically driven hackers are increasingly compromising elections around the world with disinformation, taking advantage of rising smartphone use and the uncritical way we absorb information on our phones. The Digital News Report, conducted in 2015 by the Reuters Institute for the Study of Journalism at the University of Oxford, found that on average people use a “significantly smaller” number of trusted news sources on a mobile phone than on a tablet or computer.
“People trust their phones yet a phone can be easily weaponised against them and ultimately threaten free society,” says Satterwhite. “I know it sounds sensational but its reality. Political actors are inflicting damage on free thought and ultimately affecting our institutions, behaviours and norms.”
To help minimise interference in future elections, Satterwhite has started a group called MyVote which aims to fundamentally change the way people use and protect their phones. It provides technology and training to ensure voters are not microtargeted and influenced by state-sponsored democratic disruptors. Initially focused on the upcoming US elections, the group plans to export its initiative to other countries around the world.
“MyVote will teach people how to take control of their data,” explains Satterwhite. “I will ask them a simple question: ‘If you have the technology and training to ensure the only thing people know about your personal data is what you give them permission to know, will you protect your data?’ I believe people will rise to the challenge and say yes.”
“We are at a point in society where protecting our freedoms in cyber space is necessary if we want to protect our way of life. Everybody must share a commitment to mitigating the risks resulting from lives so heavily-dependent on the convenience of mobile phones.”
If you want to meet Frank and learn more about mobile security and how MyVote is protecting democratic processes, attend his presentation at TechWeek Frankfurt in November, incorporating Cloud Expo Europe, DevOps Live, Cloud & Cyber Security Expo, Smart IoT, Big Data World, Blockchain Technology World and Data Centre World (Free tickets available now).