FORCEDENTRY

Cell Phone Spyware Vulnerability

Vulnerability affecting billions of devices

1. Why an alert? News of a cell phone spyware vulnerability in July 2021 showed that a remote attacker can activate the camera and microphone on any cell phone to exfiltrate conversations or video meetings. This was first discovered by The Citizen Lab at the University of Toronto, Canada.

2. Who is affected? Billions of devices from phones to tablets.

3. How does it work? Watch this detailed video from The Washington Post.

4. Technical details/Public advisories:

   • CVE-2021-30860 dubbed “FORCEDENTRY”

   • Apple security updates page

5. Bastille’s best practices for this type of threat:

   • Establish and educate upon a corporate policy for all employees to leave cell phones outside of confidential meeting rooms for discussions of mergers, upcoming earnings announcements, new products, or trade secrets etc.

   • Require all visitors and meeting guests to leave their phones outside as well.

   • Don’t rely on the “Honor System” to enforce your policy

   • Install a solution to detect and locate cell phones in all the areas in which confidential conversations occur

6. Learn more:

   • Watch our webinar on the threats of cell phone spyware hosted by our co-founder Dr. Bob Baxley.
     

"Pegasus can allow spies to gain access to an infected phone’s memory and view photos, videos, emails and texts, even on applications that offer encrypted communication. The software can also let spies record conversations made on or near a phone, use its cameras and locate the whereabouts of its users. " New York Times, read the full article