Phone in purse pocket (Foto2rich/Shutterstock.com)

Hardening smartphones for secure facilities

Federal workers leaving their personal smartphones in a lockbox before entering a secure facility may soon become a thing of the past, thanks to a pilot program run by the Defense Information Systems Agency.

DISA is testing whether the SafeCase, which blocks a phone’s cameras, sensors and microphones, will make the personal devices secure enough to bring into areas where classified information is processed, according to Stephen Wallace, systems innovation scientist for DISA's emerging technology directorate, who spoke during an AFCEA International and George Mason University virtual event on May 19.

DISA is working on the pilot with WWT, a solutions provider, and Privoro, which focuses on mobile hardware security solutions.  The SafeCase surrounds -- but is independent of -- a user’s mobile device. When the phone is inserted into the case, a physical barrier covers each of the smartphone’s cameras, which prevents intruders from observing or recording any visual data in the device’s vicinity.

The case also transmits white noise through its microphone, so the only thing emitting from the device is a radio signal, according to the company. The on-device audio masking uses advanced audio forensics to prevent a conversation or audio snippet from being successfully deciphered. That noise is truly random, microphone-specific and adaptive to the range of human speech.

With these three characteristics, a conversation’s content (the words spoken) and context (accents, tones, number of participants, etc.) will be unidentifiable to an eavesdropper, as the final audio output will be indistinguishable from a recording of noise alone, Privoro founder and CEO Mike Fong wrote.

WWT and Privoro will also work on assigning individual user attributes on a secure hardware platform to provide identity assurance and trusted mobile access. The solution will address access to sensitive information at the edge as well as security concerns that have led to smartphone bans across the government, according to a September announcement.

The pilot, in which the Air Force is already participating, is being conducted under DISA’s assured identity initiative and would start in the Pentagon once anti-coronavirus work protocols are eased.

DISA is also prototyping watch-like wearables to continuously authenticate a paired phone and permit access to a secure container on the device.

"When the wearable is removed or breaks communication with the device, that secure container on the device is locked," Wallace said.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected