Who’s listening to your employees’ cell phone calls?
December 15, 2009 by Steve HannafordPosted in: Security, Solutions, Special Report
In recent years, cell phones (including iPhone and Blackberries) have become as big a business tool as the laptop and the copier, but such devices are even more vulnerable to industrial espionage.
A recent UK survey of companies and institutions revealed that 79% of employees conduct confidential conversations by cell phone, and 51% do so on a daily basis. However, only 18% had security software in place.
Even businesses that carefully encrypt emails and build secure server architectures may be unaware of the issue. Most people are used to making calls from standard, wired telephone, where security is not that big an issue (unless the police or the FBI are wiretapping you). But cell phone signals can be picked up far more easily.
Yes , the phone service companies provide some encryption with their services. But it highly vulnerable. In fact, this summer, German hackers announced they had managed to crack the encryption of mobile calls using GSM, a standard that makes up 80% of the world’s cell phone calls. Furthermore, their code logic will be released to hackers in the near future.
What this means for your business is that such critical details as sales discounts, planned bids and sales leads, subjects often discussed via cell phone, might fall into your rivals or your potential customers.
You may want to take a look at the growing number of hardware and software products that are being developed to give users a higher, harder-to-break level of encryption. These include companies like:
- CallCrypt –http://www.cellcrypt.com/
- Snapcom — http://www.snapshield.com/news.asp?cat=101&id=37
- SecurStar –http://www.securstar.com/products_phonecrypt.php
DocuCrunch.com delivers the latest IT and Imaging news once a week to the inboxes of over 200,000 IT and Imaging professionals.
Click here to sign up and start your FREE subscription to DocuCrunch!
Tags: cell phones, encryption, espionage
Loading ...
December 16th, 2009 at 11:31 am
I’m a little confusted. Is this a news item or an advertisement for CallCrypt, Snapcom and SecurStar?
December 16th, 2009 at 8:51 pm
The original GSM voice call encryption was broken a decade or so ago – which only mattered if your carrier bothered turning it on, which most carriers didn’t. What’s been broken more recently has been the authentication codes and some of the newer algorithms. The crypto was a hopeless amateur botch ignoring the public state of the art. And most of the other US carrier standards also used weak crypto, initially because of anti-Communist-era export rules.
The bigger risk now is that if you lose your phone, you’re not just losing your phone list, you’re losing all those other files and apps on your phone, maybe a list of passwords, the VPN application to connect to work, and all the rest of the data you carry around. And Bluetooth isn’t highly secure either; people can eavesdrop on you from nearby even if you’re not shouting.