You got a cell phone so you could stay in touch with the department, or maybe they provided it to you due to your on-call status. It also provides a way for your family to reach you in an emergency, and if you break down while on the way home, it’s a lot better than walking a couple of miles to a pay phone. That cell phone started out as a convenience, but quickly became a necessity.
Many law enforcement agencies have begun to rely heavily on cell phones as a vital part of their communications network. Many officers also carry them as a backup to their portable or car radios, and as a means for private communications with dispatch and other officers.
The walkie-talkie style features of direct-connect services offered by some cellular service providers also prove very useful to agencies, especially during disasters and other emergencies. Additionally, because cell phones always broadcast a signal to the cellular network, GPS-capable phones can allow police managers to monitor officers’ locations and response times.
In some smaller departments, it’s not uncommon for the chief to forward the department’s phone line to their cell phone. That way, someone calling the local police department gets forwarded automatically to the chief, without having to leave a message. This translates to better service to the citizenry, and that’s a good thing.
Bottom line: Cell phones have become indispensable to police work, and anything that threatens them should not be taken lightly. Unfortunately, now that they are ubiquitous, their growing importance in people’s lives made it only a matter of time before bad guys figured out how to mess with them with the kind of hacker attacks that have long plagued the personal computer (PC). New cell-phone malware—i.e., non-friendly software such as a virus—can steal money from you, track your call logs and or text messages, eavesdrop on your calls or just cause your cell phone not to work.
Your Cellular Defenses
The computer world has been talking about the potential for viruses and other nasties to make the leap from our PCs to cell phones (and incidentally, PDAs) for years. Fortunately, the devious fools who write these destructive software “bombs” have mostly centered their efforts on our computers. Why? Primarily because the technology employed by cell phones makes it more difficult to deliver malware and to get it activated on the device than PC technology.
Your cell phone has natural defenses. First, unlike an “always-on” PC connected to the Internet, a cell phone only occasionally connects to the global network when you open the gates to make a call, or to receive one. So, the probes employed by PC hackers don’t work on cell phones.
Even when you do open the gates to use your phone, the information that flows back and forth is real-time info, as opposed to files that might hide a virus. Unless you tinker with your phone, you probably won’t add files to it, and it will continue to use only the software the manufacturer loaded, otherwise known as the operating system. (Currently, there are three main cell-phone operating systems: Symbian, Palm and Windows Mobile.)
So, What’s the Problem?
Cell phone technology constantly evolves. The basic cell phone you use to make a simple phone call is pretty old fashioned. Now that everybody’s got one, communications companies have begun to vie for customers by adding many new features. Three features in particular really expose your phone to bad guys: customized ringtones, Bluetooth and instant messaging.
A ringtone is just a sound file, similar to those you have on your PC. When you download a new ringtone, you are, in effect, downloading a file to your phone and running it. If someone has loaded a virus into that file, it infects your phone.
Solution: Stick with the ringers built into your phone. No one wants to hear the latest hip-hop beat or the theme from Star Wars when your phone rings anyway.
Bluetooth-based attacks are a little more nefarious, but still easily defended against. If you use a cordless headset with your cell phone, you’re using Bluetooth. Bluetooth is a transmit/receive specification created to allow electronic devices to communicate wirelessly over short distances, usually 30 feet or less.
Not all phones have Bluetooth, but more and more do. In order for Bluetooth to work, you must enable it on your phone, usually by changing some menu settings. Then you must pair your phone to the headset or other device you want to use.
The requirement to manually create this linkage prevents random probes of your phone, but some people leave the security features of Bluetooth turned off. They then go about their day, and anyone they come within 30 feet of can, if they choose, link to the victim’s phone via a Bluetooth probe, often without the victim even knowing the link was established. Once the connection is made, all the bad guy has to do is stay within range, and they can transfer any files they want into the victim’s phone.
Solution: If you have Bluetooth enabled on your phone, use the provided security settings. This generally means either not making your phone discoverable to other devices, or making it discoverable but requiring the other device’s operator to input a security code to gain access.
Of course, if you don’t have a Bluetooth phone, you don’t have this problem.
Next, a sub-class of malware known as crimeware can victimize you via instant or text messages. Example: The bad guy sends your cell phone a text message and attempts to charge you $5 or more per message, a little like 900 area-code phone calls on your phone bill. This variant is known as RedBrowser, and it masquerades as a Web page.
Solution: Avoid text messages from anyone you don’t know.
Depending on your personal situation, you might need to consider an emerging spyware threat. A company in Bangkok, Thailand, has created a software application called Flexispy a person can install on an Internet-capable cell phone by logging the phone into a Web site and downloading a file. Flexispy will then send them copies of the victim’s text messages and call logs. A new version, Flexispy Pro, will even allow them to eavesdrop on the victim’s phone calls on some networks.
Flexispy currently only works on phones running Symbian, such as Nokia Series 60 handsets, but new versions will work on Windows-based phones and Blackberry devices. The company markets Flexispy as a way to keep track of your kids, or catch a cheating spouse.
Solution: Never let your phone out of your sight, get a non-Internet capable phone or live a clean life.
Many of these threats can also attack your PDA, especially if it’s a Pocket PC or Windows Mobile device. The mostly likely avenue of attack is a virus or other surreptitious file that transfers from your PC to your PDA during a data synchronization.
Solution: Keep the nasties off your PC.
The major defensive-computing software companies have been slow to develop tools to fight this stuff. While some companies like Symantec and Trend Micro have tools that will work on some phones, many developers have held back to see exactly which direction the bad guys take. Now that threats are evolving, the defensive measures will evolve also.
But until then, to stay as safe as possible, use a non-Bluetooth phone that doesn’t have Internet or messaging capability. Stick with the manufacturer’s preinstalled ringtones, and keep your phone in your pocket at all times. If you keep the gates closed and constantly stand there watching them, you should be safe. At least for a little while.
Stay safe, and wear your vest.
Avoid the Backup Loop
Cell phones are a great backup, but don’t get caught in a backup loop. This happened during the emergency response to Hurricane Katrina. The emergency communications plan for New Orleans called for cell phones to provide
backup for land lines, and vice versa. Of course, when both networks went down, a very bad situation got worse.
One particular cell provider (which shall remain nameless) set up its network so that its phones could not roam on other providers’
networks. When this provider’s network went down, so did its phones, and its phones are very popular in law enforcement. One friend of mine who was part of the law enforcement response to the disaster told me they were
borrowing phones that would work from other teams. Now imagine the difficulties if the radio network was down also, which it was.