Archives: Resources

Dr. Bob Baxley, CTO and Head of the Bastille Threat Research Team examines how hackers can use recently disclosed Bluetooth and Bluetooth Low Energy (BLE) vulnerabilities to bypass your security, gain access to your systems, and exfiltrate data and voice information. Using research from the Bastille Threat Research team as well as analysis of data from the National Vulnerability Database, Dr. Baxley will examine 8 Recent Bluetooth and BLE Device Attacks.

Presenter: Dr. Baxley is CTO, Bastille and former Director of the Software Defined Radio Lab at Georgia Tech (bio here).

Recent Bluetooth and Bluetooth Low Energy Attacks, which:

• Affect Billions of Devices
• Allow Hackers to use RF as a Vector for Cybercrime
• Affect All Networks and Locations
• Impact the Devices we use Everyday
• Disrupt our Networks, Buildings and National Infrastructure
• How to use Radio Frequency (RF) detection and location technologies to:
• Detect, Locate and Isolate Devices Vulnerable to Attack
• Integrate Radio Frequency for Bluetooth and BLE security into your Security Infrastructure
• Geofence Sensitive Areas and Receive Alerts
• Conduct Forensic Analysis of Threats
• Tag Devices by Manufacturer

Speaker:

Dr. Bob Baxley, CTO at Bastille and former Director of the Software Defined Radio Lab at Georgia Tech

Dr. Bob Baxley, CTO, Bastille examines two aspects of how Covid-19 will impact the workplace. The RF complexity of our workplaces will change as workers return based on the devices they bring, and the devices that they may be asked to wear. Adversaries will attempt to use the confusion to defeat existing security systems and protocols. In large workplace environments and campuses, the assumption that an infected worker has interacted with all workers is likely wrong, and technology to assist with contact tracing in the workplace will become prevalent. Security professionals can leverage existing tools and add others to help them identify breaches and help their organization with contact tracing in the event of a new infection.

Presenter: Dr. Baxley is CTO, Bastille and former Director of the Software Defined Radio Lab at Georgia Tech, during the webinar he will provide updates on how to use Bastille for contact and zone tracing as well as how to use Bastille to mitigate the unforeseen new threats from other contact tracing technologies.

Workplace Contact Tracing

While phone apps from Apple and Google offer phone proximity tracking, they specifically avoid location tracking for privacy reasons. Public health officials have decried the Apple/Google emphasis on privacy over contact discovery, saying that the design will be “essentially worthless” for public health purposes. Employers bear responsibility for the health and safety of their workers and in that context location history is very important. If your employer decides to rely on the Apple/Google proximity tracking system, then Bastille can tell you what percentages of the phones on your floor are using the application. Bastille through its DVR capability can track a particular phone or other RF device assigned to a user and map out that device’s pattern of life within a facility to help with contact tracing. Pattern of life tracking also makes deep surgical cleaning more efficient, by highlighting the zones in which a device associated with an infected person has been present. In addition, Bastille can provide historic patterns of life throughout buildings to demonstrate where infected people have been to warn others who were there shortly after e.g. in a conference room or kitchen. Traffic pattern data and dwell times at locations can also deliver information about building layout or areas which may present issues for social distancing.

Covid-19’s Implications for RF Security

When workers return, adherence to RF security policy will not be their primary concern. Adversaries will attempt to take advantage of the confusion. For example, in order to accomplish one-click ease of use, some applications install software to bypass the security aspects of the operating system…and these bypasses stay in the operating system even when the application is not in use. That’s a whole new attack vector for the bad guys. What’s the chance that your workers have used their corporate laptop with software that creates backdoors during their Work From Home period? Leveraging these sorts of vulnerabilities, attackers could take advantage of Bluetooth, BLE and Wi-Fi radios on the laptop to compromise your security. Further, the newest “medical wearables” are devices designed to help with contact proximity tracing. Most have not been designed around security. Their radios could be compromised or just used to obfuscate a rogue device. Security professionals will need to re-think which devices are authorized and how they operate in an environment which may be not as quiet as the day before the shelter-in-place orders began. Of particular interest will be devices which are behaving one way on entrance to a facility, and then change their behavior after going inside.

Learn how to use Bastille’s RF detection and location technologies to:

Contact Trace Throughout Buildings and Campuses

Monitor Social Distancing Policies

Evaluate Staff Rotation Tracking

Manage Security in the Covid Aware Workplace

Detect & Authorize New Devices (including Covid-19 Tracing enabled devices)

Understand percentage uptake of the Apple/Google exposure tracking app

Increase Facility Up-Time

Reduce Cleaning Time & Costs

Who should attend?

Covid-19 Response & Facility Teams

Operations

Physical Security

Cyber Security

Speaker:

Dr. Bob Baxley, CTO at Bastille and former Director of the Software Defined Radio Lab at Georgia Tech

Until recently, device policy for secure buildings has effectively been “No Devices Allowed”. However, in some situations exceptions are now being granted for personal medical devices, health monitors and some other operation associated devices. Questions are being asked about the ability to allow some devices in some areas, some of the time. Consequently, there is a need for stratified policy and sophisticated technology which can accurately distinguish between approved and unapproved electronic devices in secure areas.

Presenter: Dr. Baxley is CTO, Bastille and former Director of the Software Defined Radio Lab at Georgia Tech, he will provide updates on the current technologies available to security professionals as they seek to effectively implement and enforce more nuanced electronic device policy.

What you will learn:

In a world where you need to detect and locate unauthorized Cellular, Bluetooth, BLE, Wi-Fi and IoT devices at temporary sites such as forward deployed, conference/hotel, tent, and other remote locations, Dr. Baxley will discuss:

• Nature of RF Propagation within Buildings
• How Point Frequency Device Finders Work
• Review of the Technologies in the Marketplace
• DoD Case Studies of Policy and Device Challenges
• Likely Changes to Device Policy Resulting from COVID-19

Devices covered:

• Handheld Detectors
• Single-Sensor Wall Mounted
• High-End Portable TSCM Tools
• Software Defined Radio Detectors
• Networked/Enterprise Solutions

Who should attend?

• Security Professionals (Physical, Cyber, SIGINT, TSCM)
• J2/6, G2/6, A2/6, N2/6
• Network Operations Professionals
• Intelligence, Surveillance and Reconnaissance and Cyber Effects Operations
• Command, Control, Communications and Computer Systems (C4)
• Joint Staff Intelligence
• Information Dominance, Intelligence, Network Operations, Cyberspace Operations

Speaker:

Dr. Bob Baxley, CTO at Bastille and former Director of the Software Defined Radio Lab at Georgia Tech

TOPIC

No doubt about it, there are devices violating your policy inside your facility as we speak.

At least, there are if you are not checking for them.

This could include the inadvertent violation of policy by an employee who accidentally left a smart phone in a bag or wore a paired smart device to work by mistake. Or it could be an intentional attempt to eavesdrop on conversations and record them using a device in the facility, or to leverage paired devices to move data from inside a facility to a device outside.

Regardless of the scenario, if you are not monitoring for signals inside your facility you are asking for trouble.

This webinar will feature an executive level overview of the emerging counterintelligence threat to intelligence community missions via mobile device protocols, including insights into the tactics and techniques of adversaries and the mitigation measures defenders should put in place.

Speakers:

Dr. Bob Baxley, CTO at Bastille and former Director of the Software Defined Radio Lab at Georgia Tech

Bob Gourley, an award winning former CTO of the Defense Intelligence Agency and co-founder of the cyber risk consultancy OODA LLC

PLUS See Demos of the Bastille system detecting Bluetooth, Cellular and other devices.

It’s a wireless world. Every agency has a Radio Frequency (RF) device policy. But policies without effective enforcement don’t work. In order to accomplish the mission, legitimate employees are carrying devices such as cell phones, wearables, smart watches, wireless cameras, tablets, hearing aids with BT or Bluetooth Low Energy (BLE) and Headsets.

Old “no devices anywhere” policies have stopped working. Security officers need to be able to exclude all wireless and cellular devices from some indoor spaces and allow authorized devices in other spaces. Or allow a device in until it misbehaves by connecting outside the secure space.

In this webinar we detail three customer use cases from Defense and Civilian Agencies including how they:

Enforce adaptable RF device policy

Geo-fence sensitive areas and alert if/when they are breached

Accurately locate known and unknown cell phones with or without Mobile Device Management (MDM)

Alert when approved devices violate policy

Detect and locate rogue devices

Integrate RF security solutions with their existing infrastructure (e.g. Splunk, Aruba, Cisco, AirWatch, PagerDuty)

Speaker:

Dr. Bob Baxley, Chief Engineer at Bastille and former Director of the Software Defined Radio Lab at Georgia Tech

Host:

George Seffers, Director, Content Development and Executive Editor at SIGNAL Magazine.

PLUS See Demos of the Bastille system detecting Cell phones and Bluetooth devices.

Bring your own device (or BYOD) may be standard policy at your organization. But it is also a serious and unmanaged risk to the security of your corporate network, sensitive data and intellectual property. Join Bastille Networks and Security Ledger to learn how undetected cellular devices including smart phones can provide access to your sensitive IT assets and how forward looking firms are tapping new tools to identify, track and manage cellular and wireless devices in their environment.

In this webinar you will learn more about:

BYOD Cyber Risk

BYOD Gone Wrong

Managing BYOD Risk

Aite Group.gif
Panelists include:

Danielle Tierney, Senior Analyst, AITE Group (author of recent paper on Cellular Surveillance)

Dale “Woody” Wooden, Founder of Weathered Security

Dr. Bob Baxley, Chief Technology Officer, Bastille Networks

Moderated by Paul Roberts, Editor of The Security Ledger.