Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Confidential information vulnerability during mobile phone discussions

Cellcrypt : 04 December, 2009  (Technical Article)
Cellcrypt has conducted a survey into business use of mobile phones for discussing confidential information and reveals extent of vulnerability to voice call interception
A survey conducted amongst 250 senior executives in the United States by ABI Research on behalf of Cellcrypt reveals that the majority of large and medium businesses are failing to adequately protect themselves against the growing threat of mobile voice call interception; leaving them vulnerable to loss of sensitive and confidential corporate information.

Businesses clearly recognise the threat of cell phone interception: three-quarters of the surveyed corporations have a security policy covering cell phone calling and four out of five IT professionals surveyed believe that cell phones are equally or more vulnerable to interception than email.

Yet, the research shows that while mobile phones and email are both used routinely to communicate confidential information - with 79% of organisations that discuss sensitive or confidential information over mobile doing so at least weekly and 51% daily - only 18% have explicit mobile voice call security solutions in place.

Research has shown that data loss can have a major impact on market capitalisation, reducing it by as much as 5-10%, as well as resulting in lawsuits for senior executives, severely damaging their reputation.

The growing problem was highlighted in August, when German hackers announced a project to create a code table that cracks the encryption of GSM mobile calls, used in 80% of the world's cell phone calls. This codebook is planned to be freely available within the next 6 months, and significantly lowers the bar for everyday hackers to crack GSM calls using only a high-end laptop.

One alarming fact emerging from the survey was that 55% of respondents in IT roles thought that their organisation had implemented mobile voice call encryption solutions but on further investigation only 18% had actually done so.

"Effective email security has become routine but our research shows most businesses do not apply anything like the same level of robust security to cell phone calls. Companies that do not respond are exposing themselves to attack," said Stan Schatt Vice President and Practice Director, Healthcare and Security, ABI Research.

"Equally concerning is that a significant number of people who identified themselves as being responsible for cell phone voice call security incorrectly believe the organisations' mobile calls have been protected when they have not. This perception that they are protected when in reality they are not suggests a serious hole in the information security of many businesses. It is important that companies take urgent steps to review their measures for countering this growing corporate risk area," Schatt continued.

"In light of this summer's news that a GSM cracking codebook will be made widely and freely available very soon - possibly before the New Year - and sub-$1000 interception equipment being available soon after, this lack of security is particularly worrying," says Simon Bransfield-Garth, CEO of Cellcrypt.

"Businesses must plan now for the eventuality that their mobile voice calls will come under increasing attack within the next 6 months. A 'policy of hope' towards mobile phone security is not adequate, voice is another data service and should be afforded the same security considerations as email and other corporate communications," continued Bransfield-Garth.

Security of mobile voice calls is not limited to interception of radio waves between a cell phone and a base station mast: interception risks occur at various segments along a call path which may involve multiple network operators in a variety of countries each having a different level of security measures and risks.

− 75% of the businesses surveyed discuss sensitive or confidential information via cell phones and 81% do so via email

− Of that 75%, 79% of businesses do so at least weekly, 51% do so daily

− Of the businesses sampled, 82% have a high level of concern about the security of email and 69% about cell phone security

− 41% of the individuals surveyed think mobile phones are more vulnerable to interception than email and 39% think they are equally as vulnerable to interception as email

− 74% of businesses discuss financially sensitive information on cell phones and of those 77% believe that if this were intercepted it would have a major impact

− 55% of respondents thought that their organisation had implemented mobile voice call encryption solutions but on further investigation only 18% had actually done so
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo