GC security zones and dongle effectiveness (ITSAP.00.002)

Mobile devices are important business tools that help government employees communicate and perform their duties in an effective and timely manner. Mobile devices use a microphone for voice communication, recording and voice commands.

When the microphone is on, the information being discussed could be at risk. Threat actors can install malicious software (malware) which enables them to turn on the microphone remotely. Once the microphone is on, a threat actor could capture conversations from up to 20 meters away and transmit the information obtained to their counterparts without your knowledge.

To counter this threat, a headset simulator plug (HSP), also known as a dongle, was designed to imitate a headset. In older versions of mobile devices, inserting the dongle into the headset plug physically disconnected the internal speaker and microphone.

Today's threat environment

Modern mobile devices now use the device’s software to turn on and turn off the microphone. A threat actor can compromise the device’s software to remotely turn on the microphone making the dongle ineffective at preventing this type of threat.

Likewise, using mobile devices close to IT systems that handle sensitive or classified information poses an additional risk to GC information and assets. CSE’s ITSB-104 Security Considerations for Exposure of Classified IT Systems to Mobile Devices and Wireless Signals provides additional considerations for protecting GC information and assets.

IT security actions

Based on today's threat environment, CSE recommends users leave their mobile devices outside of areas where sensitive discussions are occurring. For more information consult the TBS Operational Security Standard on Physical Security and RCMP’s Guide to the Application of Physical Security Zones.

For more information including mitigation strategies for mobile device security and dongles, contact CSE’s ITS Client Services.

We are Cyber Security

Contact us
itsclientservices@cse-cst.gc.ca

© Government of Canada
This document is the property of the Government of Canada. It shall not be altered, distributed beyond its intended audience, produced, reproduced or published, in whole or any substantial part thereof, without the express permission of CSE.

Date modified: