From Mission: Impossible to James Bond to today’s new spy thrillers, nifty gadgets have defined the genre, as our secret agent heroes more or less gain super powers by way of cool technology. The spy game is all about secrets, as cat and mouse games of surveillance and secured messages carry the action. While perhaps not as glamorous as most Hollywood scripts, a real life equivalent to this genre certainly exists that companies and individuals deal with every day. Businesses have corporate secrets to protect their competitiveness, and most hold private consumer or employee data that they are required by law to keep secured. On the other side of the game are criminals who steal devices and data, which are more vulnerable than ever in our world where employees often carry mobile devices between work and home, filling them with corporate data. When sensitive corporate (or government) data is exposed to the bad guys, that’s when organizations wish they had spy gadgets out of fiction to eliminate the issue.
Sometimes espionage shows and movies are wildly unrealistic in their portrayal of data and device security. Other times they get it pretty much dead-on. Let’s fire up the projector and see how Hollywood compares to reality:
Mission: Impossible
The Fiction:
Nearly every episode of the classic 1966 series began with Peter Graves receiving a tape-recorded mission briefing, including the now iconic phrases, “Your mission Jim, should you decide to accept it” and, of course, “This tape will self-destruct in five seconds. Good luck, Jim.” The tape would then start to smoke and destroy itself, very effectively keeping its sensitive information out of the wrong hands. (This happens the same way in the movies, with occasional hiccups.)
The Reality:
It might surprise you to learn that technology similar to this is actually true to life. The first Chief Technologist at our company came up with an earlier device and data security solution while working as a consultant for the United States Army at the onset of the war in Afghanistan. Soldiers were carrying modern tools like PDAs, and the technologist was called in to solve the risk of military data exposure if these devices were lost in the field. Realizing he could automatically overclock the processor of a device that had fallen into the wrong hands, he prepared a demonstration where he handed a PDA to the army general overseeing the project and asked him to deliberately enter the wrong password three times. Within seconds of the third failed entry, the general noticed that the device was becoming too hot to handle. He set the PDA down and watched a small puff of smoke rise out. The overclocked memory chip had melted, along with the data.
For better or worse, the newer civilian versions of technology performing this same data protection function don’t make devices explode. Of course, it is indeed for the better – device security tools can provide remote access control and remote deletion of data on mobile devices. Lockouts based on timeout, invalid logons or session expirations are other methods these tools can use to revoke access. These solutions might lack the spectacle of the physical destruction of a device, but they’re just as effective for protecting data in real life.
The James Bond Movies
The Fiction:
Agent 007 plays with some of the same kinds of toys our CTO made for the military, such as a tear gas cartridge (disguised as a bottle of talcum powder) ready to discharge should a briefcase full of secrets be opened incorrectly. Bond’s quartermaster Q also provisions the agent with a slew of disguised items for gaining secret data through surveillance, as well as for protecting Bond from being spied upon. These include Snooper, a bug-like robot that functioned as a “bug,” transmitting audio and video through a remote controlled camera, and an electric shaver that is really an electronic eavesdropping detector.
The Reality:
A real – and spooky – James Bondian world exists in the realm of corporate espionage, where spying and attacks on the devices of corporate executives and government officials is so rampant, reports warn that individuals should consider all communication made while in hotels abroad to be monitored by malicious parties, from calls to texts to emails. Any unattended devices should also be considered targets for bugging and data theft. The examples of these spy activities are chilling; some businesspeople have even set up hidden cameras (built into alarm clocks) to watch their unattended laptops in hotel rooms, and have footage of strange operatives entering their rooms, copying their hard drives and installing bugs into their laptop motherboards or batteries.
Experts will even recommend that travelers known to carry very sensitive data weigh their laptop, battery and power cord before and after leaving them unattended (but use a sensitive scale, because a bug can weigh as little as two paper clips). Travelers can also use technology to remotely view what’s going on with a particular device, such as through a laptop’s built-in camera. They can also choose to use services that put strong cryptographical protections on access to secure software, or prepare automatic lockouts based on suspicious behavior. Can’t be too careful.
Now that we’re all nice and paranoid, let’s cleanse the palette with a silly one from a modern show.
Scorpion
The Fiction:
Scorpion is a current CBS show about a team of IT geniuses that solve problems. In the series’ first episode, the devices that need security are, well, every single airplane in the sky. This is because the airport has an unfortunate error in its new air traffic control software, and it’s going to get a bad up there. Luckily, there’s actually a backup version of the software on each plane, so they have one airliner descend to WiFi range of our hacker hero’s laptop. Unfortunately they can’t download it: the WiFi connection doesn’t work! By now you’ve probably guessed the only way to solve this conundrum. Drive a sports car fast enough so that the crew of the low-flying plane can dangle an Ethernet cable down to the hacker’s laptop and copy over the files. Spoiler: it’s tense, but it works! Airport saved!
The Reality:
It is very important for IT professionals to be able to back up, delete, and restore critical data on compromised devices remotely. But none of those systems portrayed on the show work that way at all. Just land the plane!
[su_box title=”About Cam Roberson” style=”noise” box_color=”#336588″]
Cam Roberson is Director of the Reseller Channel at Beachhead Solutions, a company that designs cloud-managed mobile device security tools.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.