Keep Your Eye on the Camera

Organizations have finally realized that mobile devices are a productivity tool. It became abundantly clear with the sudden necessity of work from home (WFH) that employees work best when they can access a mobile smartphone. One major reason mobile phones are so useful is their integrated camera. The addition of a camera to a smart device offered myriad possibilities. Not to mention that a mobile device’s camera, and the applications associated with it, is one of the most desired mobile smartphone features.

The Value of a Photograph

Beginning with the first crude Neolithic cave drawings, people recognized the intrinsic value of pictures. No matter how well-crafted, words cannot entirely, satisfactorily capture the beauty of a sunset or describe the Mona Lisa’s smile. This ability to instantly capture information and document moments in time is, ultimately, why photography was developed and why cameras were incorporated into mobile phones. The ease with which you can take pictures with a smartphone is why nearly 90% of the more than 1 trillion pictures taken each year are snapped with a smartphone.

I Can Do That With My Camera

The power of a mobile camera is not measured by photographic functionality, but by how applications use the camera or images.  There are innumerable tasks that can be performed using the advanced capabilities of a phone’s camera when coupled with an application.

The most simple use of the camera is as a quick reminder tool. Meeting notes or document workflows are captured, and the information shared via texts, emails or external storage for immediate feedback or action. Other business uses include mobile banking, check deposits, insurance claim settlement, remote healthcare diagnosis and biometric authentication. Many additional applications are being developed.

Probably the most useful smartphone camera business application is optical character recognition (OCR). OCR technology converts handwritten, typed, scanned text and text inside images to machine-readable information. This allows digitized text to be easily presented, edited, searched and saved. OCR makes the phone an exceptionally efficient data collection and dissemination device.

Security Concerns

There are a number of security concerns and threats associated with mobile computing. The amount of information accessible via a mobile device makes them a prime target for cybercriminals. Companies are aware of many of the vulnerabilities associated with mobile phones, and take precautions to protect themselves from damage.

A comprehensive mobile security strategy is imperative, according to Brian Egenrieder, CRO at SyncDog. Protection is provided through a combination of  mobile device management (MDM), encryption of data both at rest and in transit, malware detection and protection, anti-phishing and containerized user workspaces to isolate work-related data, and even images, from personal data. Additionally, Egenrieder said, to be truly effective, there must be the ability to create and enforce granular security policies for specific roles or functions, down to the individual level – a “one size fits all” approach rarely fits anyone.

Don’t Overlook the Camera

Although the camera is arguably the most popular and useful component on a phone, securing its output is an often overlooked piece of organizations’ security strategy.

Camera phones allow nearly instantaneous surveillance or data loss, since the data capture tool is always present. Josh Bohls, CEO at Inkscreen, explained, “It is easy to discreetly take photographs or videos. Coupled with immediate remote storage, [that] turns the camera from a productivity tool into a potential data breach device.” When a camera is misused, these activities could result in privacy violations, copyright infringement, loss of proprietary information or industrial espionage.

A digital image can contain personal, proprietary or embarrassing information – but that’s just on the surface. Some of the most valuable material is hidden within a photo’s metadata. The metadata is similar to the writing on the back of a physical photo; it can contain the details of when, where and by whom the picture was snapped. The details embedded in every photo file travel with each photo. In the wrong hands, both ‘sides’ of the picture can cost an organization dearly.

The other threat associated with a smartphone or mobile device camera lies in having it surreptitiously turned against you. It is difficult to know if attackers have actually done so, but the capability has been proven, theoretically. In 2012, researchers at the Naval Surface Warfare Center and Indiana University created malware that quietly took a picture every two seconds, and sent those photos to an offsite server. Additional vulnerabilities uncovered in 2019, in the Android OS, would allow a bad actor to bypass restrictions on the use of a phone’s hardware components. For an application to use the camera or microphone, explicit user permission is required. These vulnerabilities allowed an app to take pictures and record video and audio without user approval.

Gain Control

The risks associated with a smartphone’s camera and supporting applications need to be directly addressed within an organization’s security policy. “It is counterproductive to attempt to prevent camera use,” said Inkscreen’s Bohls. “Protection should, instead, be directed towards monitoring and controlling the flow of the content.”

The key to mobile security is not just managing devices, but also the tasks being performed with those devices. Organizations must look at how they are protecting the data generated by a smartphone, including images and information snapped by the camera. Content on mobile devices must be protected and managed across the entire content life cycle—from capturing, retaining, sharing and uploading files.

Avatar photo

Charles Kolodgy

“Charles J. Kolodgy is a security strategist, visionary, forecaster, historian, educator, and advisor who has been involved in the cyber security field for over 25 years. He is an Analyst with Accelerated Strategies Group and Principal at Security Mindsets. His views and understanding of information and computer security were shaped during his years at the National Security Agency. During that time he held a variety of analyst and managerial positions within both the information assurance and operations directorates. Following NSA is was a a Research Vice President covering security markets for IDC and then a Senior Security Strategist for IBM Security. Over the years he has identified market trends and authored numerous documents to explain market realities and has been a speaker at many security conferences and events, including the RSA Conference, CIO Conference, CEIG, and IANS. He has been widely quoted in the media. He is best known for naming and defining the Unified Threat Management (UTM) market which continues to be one of the strongest cyber security markets with vendor revenue of $3 billion per year. He has been a leading analyst on software security, encryption, and the human element. Charles holds a B.A. in Political Science from the University of Massachusetts at Lowell and an M.A. in National Security Studies from Georgetown University.”

charles-kolodgy has 15 posts and counting.See all posts by charles-kolodgy