Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

companiestest Leave Vulnerable Users Exposed to Potential Voice Interception

Cellcrypt : 05 February, 2010  (Technical Article)
Voice Encryption Specialist discovers the extent of vulnerability of workers in sensitive departments to mobile phone communication intercepts
Sensitive departments within organisations are being left vulnerable to mobile phone call interception. A recent survey conducted by ABI Research on behalf of Cellcrypt, a provider of secure mobile voice calling, found that fewer than one in five people in departments that handle sensitive information such as financial, legal and research and development have deployed some form of voice encryption solutions*.

The survey, conducted amongst 250 senior executives in both medium and large organisations showed that despite regularly discussing financial information (78%), employee data (66%), as well as IP (51%) and commercial secrets (50%), the majority of these conversations are unprotected despite over 80% of respondents believing mobile phones to be as vulnerable, if not more so, than e-mail communications if leaked. Of those who admitted to regularly discussing sensitive information, 80% believed, if leaked, this information would have a major impact on the organisation.

In addition to other interception methods such as man in the middle scams and on-device taps, the threat of mobile voice interception has intensified recently with the cracking of encryption on GSM mobile phone calls. In December, the Chaos Computer released the GSM Codebook, a large lookup table of pre-generated GSM encryption keys which allows hackers to rapidly crack A5/1 - the encryption standard for GSM mobile phone call security. Just two weeks later, leading cryptographer Adi Shamir, published a white paper detailing a practical method for cracking the next generation of encryption standard, A5/3, in less than two hours.

"The inherent insecurities of GSM encryption have been well publicised, even though most governments and enterprises have been aware of this threat for a while," said Simon Bransfield-Garth, CEO Cellcrypt. "However, this research shows there is still confusion out there about whom, when and how people should be protected from this threat. Organisations need to start taking serious steps to consider coherent security strategies that protect multiple weak spots against attack. This work needs to start sooner rather than later as standard GSM encryption becomes unreliable and open to easier interception within the next six months."

Despite 92% of respondents considering it the organisation's duty to provide employees with mechanisms to protect information or their own personal safety when travelling to high-risk areas, several admitted confusion over who was responsible, with Heads of IT, Security, Networking and Operations all being assigned responsibility.

"Despite sometimes being viewed as something for the movies, crimes such as corporate espionage, kidnap for ransom and extortion by organised criminals can and do happen," commented Stuart Quick, Operations Manager at Henderson Risk Limited. "Mobile voice interception is one way in which these crimes can be facilitated. The increasing interception risk underlines the need for organisations to adopt a robust approach to securing these calls, especially when the senior managers in departments such as finance and legal are prime targets."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo