Warfighters need trusted sensors

More and more warfighters around the globe are starting to carry commercial smartphones. Helping to fuel this widespread adoption are a number of apps for warfighting and individual soldier support, many of which leverage the smartphone’s sensors to provide features ranging from blue force tracking to encrypted calling. But as we’ve learned from the Pentagon’s ban of mobile devices from secure spaces, smartphone sensors are a potential mother lode for hostile nation-states looking to gather mission-critical information. Rather than continuing to fight uphill against the vulnerable mobile ecosystem, defense organizations have started looking for alternative forms of trusted sensors.

How smartphone sensors help warfighters

Evidence of smartphone adoption by warfighters can be seen in recruiting commercials in which troops leverage military-issued and hardened consumer smartphones for tasks like communication, location sharing, field maintenance and even calling in airstrikes. This adoption has brought a number of key benefits. Tactically, smartphones improve situational awareness through real-time information sharing and enhanced user interfaces. Smartphones also eliminate the need for soldiers to lug around a number of items, including paper maps and single-function devices. And because soldiers already use mobile devices in their personal lives, the training requirements are minimal.

It’s not just size and portability that make smartphones such powerful tools, it’s also their collection of sensors. Smartphone sensors -- including GPS chips, microphones, motion sensors and more -- provide useful capabilities for the warfighter. Three of the most powerful use cases include:

Blue force tracking at any level. Traditionally, officers in command posts and vehicles use specialized GPS equipment to give their teams a clear picture of the location of friendly (blue) forces. But with ongoing innovations under the Army’s Nett Warrior program and the popular Android Tactical Assault Kit situational awareness app, functionality now takes place at the individual level via a smartphone integrated into a warfighter’s military gear, increasing situational awareness and safety.

Encrypted communications at any level. Warfighters expect to communicate with their peers and leaders and will do so on any network and device available. Previously, secure communication was available only to higher echelons with military-specific radios, but smartphones have changed that expectation. All warfighters now have cutting-edge communications devices in their pockets and they are using them. With encrypted voice apps on smartphones soldiers can communicate sensitive but unclassified information over any network, including untrusted ones.

Actionless logins via continuous multi-factor authentication. Because dusty conditions and unwieldy gear make biometric authentication on the battlefield a challenge, the Defense Department is currently testing the ability of smartphones to continuously authenticate users to network systems without any direct user input. In addition to noting the user’s current Wi-Fi network and GPS location, CMFA will measure other factors, including the user’s walking patterns. These factors are then combined to constantly verify identity, based on the level of confidence the algorithm has that the correct person is using the device.

The risks of trusting smartphone sensors

Commercial smartphones, including those issued and hardened by the military, come with risks. Driven by economic, not military, motivation, smartphones and their ecosystems introduce a wide variety of vulnerabilities that can never be fully mitigated. As we’ve seen with the infamous Pegasus spyware, the capability to remotely hijack smartphone sensors and their data is being used in the real world, and threat actors at the nation-state level undoubtedly have similar -- and definitely more advanced -- tools at their disposal. Acknowledging this fact, DOD has been forced to increase restrictions on even managed commercial smartphones to prevent adversaries from capturing key intel.

If DOD-approved smartphones won’t cut it at the Pentagon, they certainly won’t cut it on the battlefield. A sophisticated attacker taking total control of a military smartphone and its sensors can have disastrous consequences, as these sensors can be leveraged in a number of ways:

• GPS chip: An attacker can use readings from the GPS chip to determine a warfighters' current location and track their movements over time, making it easy to target them or determine their unit's movements and other sensitive information.
• Microphone: An attacker can use microphone access to listen in on a warfighter’s calls before they’re encrypted as well as conversations in the presence of the device (data in vicinity), potentially obtaining valuable intelligence that can be used to gain an operational or tactical edge.
• Motion sensors: An attacker can potentially use data from motion sensors to spoof a warfighter’s identity and gain access to mission-critical systems.

Enter trusted sensors

Even though smartphone sensors can’t be trusted, their benefits on the battlefield are too important to ignore. Balancing warfighter demands for improved mission effectiveness, collaboration and morale with the risks of commercial smartphone use, DOD has started working on innovative new solutions that mitigate smartphone risks by focusing on smartphone sensor control.

Going one step further, DOD officials have started looking for alternatives for trusted sensors that will allow them to deliver mission-critical functionality without succumbing to the vulnerabilities of commercial smartphones. It is already working with innovative industry partners on developing trusted sensors in form factors that include a wrist-worn wearable and an intelligent smartphone case that only allows interaction with approved, vetted and signed software. Because these devices operate independently of the vulnerable smartphone ecosystem, their sensors can be relied upon for secure location, communication and system access.

Information -- finding it, protecting it, leveraging it -- is often the key to mission success. While their future on the battlefield is still emerging, trusted sensors will have both the agility that warfighters will need to stay aware and the security they’ll need to stay safe.