RF Activity Detected With Sensor Solution

By Claire Swedberg

Bastille Networks has released a portable kit for temporary deployments to help government agencies and companies view and manage the wireless activity taking place in their secure areas.


RF transmissions are proliferating in commercial and government enterprises, from the devices people carry with them to facilities’ Internet of Things (IoT) appliances. These items transmit over frequencies ranging from Bluetooth to cellular and from beacons to RFID. That heavy wireless traffic poses a security concern for many businesses. In some cases, an organization may need to eliminate those transmissions entirely, while others might simply want to understand what communication is taking place and be alerted if a vulnerability is created.

Bastille Networks has developed a solution that is being employed by the U.S. Department of Homeland Security (DHS), other Department of Defense (DoD) agencies and financial institutions. Its solutions detect all transmissions between 60 MHz and 6 GHz, then reports that wireless traffic to a central server. Recently, Bastille Networks released a portable kit known as Bastille Express, providing a temporary solution that the company says is easy to install and take down.

The firm already provides the system to the DoD under the name Bastille Flyaway Kit. The kit consists of five Bastille RF sensor devices and a laptop in a pelican case, enabling users to set up an RF security system within a temporary space. In the meantime, the DHS has completed the fourth  phase  of a system using Bastille’s technology to detect the presence of any RF transmissions in public or within secure areas.

Bastille’s solution consists of an array of sensors, developed and manufactured in the United States, that monitor for wireless emitters, then not only identify what transmission is taking place, but also provide the location of each transmitting device within about 3 meters (9.8 feet) of accuracy on a floor plan map of a user’s facility. The system can issue alerts to notify management of any transmission that falls outside of the authorized or expected protocol.

Throughout the past few years, Bastille has worked with the DHS to develop technology which could be used to protect the nation and secure enterprises. In some cases, for instance, government agencies may require an environment completely devoid of RF or cellular transmissions. That poses an increasingly challenging requirement, however, according to Bob Baxley, Bastille’s chief technology officer. More than 70 percent of devices currently connected to the network are connected via RF and cellular transmission, he explains. Some may be connected to a facility’s existing network, while others may not, and that creates security concerns.

The company began developing the system in 2014 under Baxley’s leadership. Before joining Bastille, he served as the director of Georgia Tech’s Software Defined Radio Lab, where he led a team that won second place in the DARPA Spectrum Challenge. Bastille developed sensors as well as the software to decode protocols, and to give customers visibility into all RF transmissions taking place at their office or other facility. The sensors detect any RF transmissions and employ signal processing to geolocate based on signal strength. The company has been issued 22 patents for its devices throughout the past five and a half years.

The solution is intended to help companies see what it is taking place wirelessly. “Our customers want visibility,” Baxley states. An average worker may bring three or four transmitters into an office space, based on his or her mobile phone alone (Wi-Fi, Bluetooth Low Energy beacons, Bluetooth and LTE, for instance), while a laptop has its own wireless connectivity with a Bluetooth-enabled mouse, a keyboard or other accessories.

Bastille’s Bob Baxley

Personal gadgets are another potential wireless source, Baxley notes, such as Fitbits, smart watches and hearing aids. But other devices are wireless as well, he adds. One customer, for example, discovered the facility’s chiller was sending Zigbee signals, despite the fact that the company had connected its own data center via Ethernet. That provides vulnerability if a hacker were to attempt to connect to the chiller and thereby access the facility’s network. Unknown to the firm, that Ethernet-cabled chiller could be providing ingress points for such a hack, simply because the manufacturer had built Zigbee into the device and the company was unaware of that fact.

Bastille Networks has been selling its RF security solution to big banks, while providing the system for the four-phase DHS project. The project is taking place at undisclosed sites, most recently exploring vulnerabilities at airports. The project was launched in 2017 to detect emitters that might be vulnerable and part of critical infrastructure systems. For commercial enterprises, several banks have been deploying the sensors and cloud-based software to manage the data at their financial centers in such locations as board rooms, where wireless networks could introduce vulnerabilities.

Each time the system is deployed, Baxley says, users learn something new about the wireless connectivity at their site. “Every place we go, there are surprises,” he states. “Most common is seeing interfaces they didn’t expect.” That can include a worker’s headset that is unencrypted, or a vulnerable mouse and keyboard. To deploy the system, a user installs the Bastille sensor array; each sensor is sized similarly to a Wi-Fi access point. The sensors utilize Power-over-Ethernet and are designed to be plug-and-play.

Along with the sensors, Bastille’s solution includes a central appliance to configure the sensors and manage the data they collect. The sensors and software employ RF-tomography to detect the conditions around a facility and any obstacles that might affect the detection of transmissions, such as shadowing created by a wall. “We infer where the walls are,” Baxley says, and adjust the software algorithms to identify location using that inference.

In addition, each Bastille sensor device includes field-programmable gate array (FPGA) IP cores to demodulate RF signals, as well as to determine whether it is interacting with another device. Often, Baxley explains, a wireless communication that serves as a threat might be entirely inadvertent, such as when an employee’s device may be infected with malware. “It could be a user with innocuous intent,” he says, but with the sensors detecting each transmission, “We have all this data about when they are connected.” The system can also distinguish between networked and unnetworked devices.

The software also enables users to view historical data. “They can rewind in real time,” Baxley says, to see what wireless activity might have taken place onsite, creating vulnerabilities at a specific time and date, and at a specific location. Users can configure the system based on rules around that data. If they seek only certain vulnerability detection capabilities, they can create settings to receive alerts regarding those specific events.

When working with a company, Baxley says, “We go to an enterprise customer and help them do an integration to their email alerting system,” which can use an incident responses system such as PagerDuty, ServiceNow or Lenel OnGuard to send an SMS or e-mail alert to authorized managers. Companies can also set up Bastille to talk to their mobile device management system to automatically turn off a phone or camera issued to an employee.

The Bastille solution is designed to be upgradable to accommodate additional protocols as new wireless products are released using them. Typically, an installation requires five or more sensors to provide granular location data, while each device could cover an area spanning approximately 3,000 square feet. Baxley says customers are deploying dozens to hundreds of the sensors at their sites. Users typically purchase the sensors and pay an annual fee for data access.