Tell us about Berkeley Varitronics and how you get involved in wireless threat detection and security.
Berkeley Varitronics was founded by my father, who still serves as CTO, in 1972. We specialize in unique design solutions – mostly related to wireless detection. During the mid-to-late 80s, we developed wireless propagation test tools which were used to build out cellular networks – a service we still provide today. As a result of the experience that we’ve garnered, we understand how mobile works, how systems and networks communicate, and how the signals propagate. Many of the offshoots of our technology have resulted in security tools that keep wireless conversations safe and secure. We work both on the commercial side, helping carriers develop their networks, as well as on the security side, preventing cellular devices from being used for nefarious purposes. Personally, growing into a family business, I gained hands-on, real-world, experience including designing circuits, programming, and robotics. In addition, all of the disciplines that I learned academically really paralleled with what we did in the business.
There are many different types of wireless and communications security products on the market. What is unique about Berkeley Varitronics?
I think what makes us special is our ability to be a one-stop-shop for a wide variety of solutions. People come to us with ideas when they need a synergistic, start-to-finish solution. This ability has enabled us to work with many diverse customers, including Pepsi, The New York Times, NASA, government institutions, and the like. We aim to offer end-to-end solutions under one roof – which is unique for a small company of about 30 engineers. From hardware design to software design, from low-level machine communication to high-level programming we can do it all and that is what keeps our work exciting, interesting, and challenging. We’re able to take a concept and develop the circuit design, wireless components, and software from start to finish. This type of service has a significant market when you consider all of the IoT (Internet of Things) and smart home devices being built that require customized circuits, communication and software.
What are Berkeley Varitronics’ primary products and services? What value do you provide clients/customers?
We provide services for government and enterprise. For example, if the government needs to prevent cell phones from getting into a facility like a Department of Defense SCIF (Sensitive Compartmented Information Facility), we have a whole segment of products that scan for any ferrous property (mobile phone) that goes through a checkpoint, or radio frequency devices where we can hone in on and pick up those signals. We can also track Wi-Fi and Bluetooth as well.
Another niche that is more prevalent and sophisticated than ever is cyber thieves using skimmers to steal credit card information at ATMs and gas pumps. Our products help detect and fight these thefts. We have also developed technology, called RoadHound, that uses radio frequency detection aimed at fighting texting while driving. The product uses a direction-finding radar antenna to detect drivers that are texting and warns them of their dangerous activity. We’re finding that it is very effective in educating and changing habits. This solution has also been applied to locomotive engineers who are texting or using the phone while on the job or for the mining community. Our ”Hound” series is used at multiple levels, but we offer it primarily as an educational and behavioral modification system. Some larger corporations also use the technology for enforcement since it can supply picture, video, geolocation statistics and more.
Can you discuss the types of clients you work with?
Our traditional work - wireless technology propagation analysis - is with all the large mobile carriers including Verizon, AT&T, Sprint, US Cellular and T-mobile. We work closely with the carriers along the migration path, performing different tests and audits to ensure maximum functionality. The technologies and instruments being used are high-precision and built by hand – meaning low-volume production. On the other hand, TransitHound, RoadHound, mobile detection devices, and the like are much higher-volume products. For some of these clients, including the largest rail operators in the US, these are actually covert solutions, meaning that the operators don’t always know – so we can’t share more information than that.
Is wireless communication security issues something that only companies need to concern themselves with or should private users also be concerned?
There is a need for all of us to have secure communications. True, we do trade our privacy for convenience such as using apps or websites for free – like Google - but users can protect themselves by using products such as the TOR browser. At the enterprise level, however, it becomes more serious because it is not just your data – but your company’s or customers’ data. For example, HIPAA (Health Insurance Portability and Accountability Act) regulations require that patient data be kept secure. Companies need policies in place to keep all of that data secure. The challenge is to minimize how much private information you share with people. If someone wants to compromise your company’s security they can succeed, since nothing is 100% safe. However, having layers of security in place is critical. For example, we don’t just lock the front door – we use a deadbolt, camera, lights, motion sensor, dog, etc.
What do you see as the most significant challenges to wireless communications security today?
After several years, I still find people, even at security shows, quick to jump on free, open Wi-Fi and performing sensitive transactions such as bank transfers or trading, without knowing if the connection is secure. No matter how much people hear about it, they are still not properly addressing this issue. Using these connections exposes you to hundreds of different attacks, such as “man-in-the-middle” attacks, and the problem has not gotten any better. I’ve done a couple of presentations on this topic. One time, I took a drone and put an access point on it for an audience of about 700 people – basically setting the stage for a man-in-the-middle attack. People were using the connection – and these are security practitioners – without knowing anything about it. Even trained people easily give in to the ease and convenience of free, open Wi-Fi. If you don’t know who is running the connection, then don’t use it. Pick up your own 4G LTE hotspot or use your phone’s connection to make a much harder target for hackers. 4G LTE is not easy to hack – and your password is your own, so make it difficult to guess (i.e. long and strong). Another challenge is the ubiquity and efficacy of Bluetooth skimmers. We’re working with Secret Service as well as the Weights and Measures Division of the National Institute of Standards and Technology on this problem, but credit card liability laws are slowing us down - gas stations have until 2020 to upgrade their security equipment. For now – and two years is a long time in cyber security – you have huge numbers of gas stations and ATMs that are vulnerable without much that consumers can do to protect themselves.