As the use of mobile devices for business continues to rise, the risks stemming from the hacking of voice communication have increased dramatically. From public embarrassment and backlash to the loss of sensitive or regulated data, the implications are vast.
Think you’re not a target? Think again
While spying and hacking may seem like things that only fall under the realm of governments, security organizations, and the occasional celebrity, the reality is that these kinds of attacks are happening to more and more businesses, regardless of size or industry. The statistics are striking:
- At the end of 2014, security experts found that mobile attacks had increased four times to over 1 million unique attacks, compared with the same period in the previous year.
- A recent BlackBerry commissioned survey indicated that 68% of CIOs and risk and compliance leaders agreed that mobile devices were the weakest link in their security framework.
Your data can be captured even before you start to speak
Karsten Knol, a cryptography and security researcher responsible for exposing weaknesses within GSM networks, says, “Current commercial interceptors decrypt within seconds, often faster than the time a user takes to answer the call.”
The methods will leave you speechless
Hackers are highly nimble and inventive. The following examples show that where there’s a will, there’s a way:
- In 2011, researchers hacked GSM mobile calls using $9 handsets.
- The previous year, a hacker also demonstrated how to intercept calls with a $1,500 device.
- More recently, researchers at ANSSI, France’s information security research organization, showed that digital assistants can be co-opted into issuing malicious commands from up to 16 feet away. All that was needed was some fairly low-cost radio transmitting equipment and a headphone used as an antenna.
- As the News Of The World scandal in the UK proved, voicemail can be easily hacked by having two people call a user’s phone at the same time. The first call generates the busy signal, while the second caller is sent to a voicemail prompt. From there the hackers utilized insecure passwords, like 1111, to access the user’s messages.
- A 2015 undercover investigation by an Australian news program exposed vulnerabilities in the signaling system architecture. By giving German hackers access to the reporter’s phone, the hackers were able to intercept and record any of the reporter’s phone conversations with any individual, anywhere in the world, even though the hackers were half a world away.
- A recent 60 Minutes presentation called “Hacking your Phone” detailed how, thanks to flaws in SS7, it’s possible to listen in on someone if the only piece of information you have is their phone number – this includes listening in on calls, spying on who they contact, reading texts, and tracking their location.
Raising awareness and security
Part of the solution is making users aware of the vulnerabilities. Experts advise that anyone who discusses confidential or sensitive information on their mobile phone should assume that they can be eavesdropped on and act accordingly.
However, there’s no need for this awareness to be tempered with fear. Instead, this knowledge can be combined with trusted enterprise security tools that provide effective, end-to-end encryption to protect both business and personal calls. Like most business concerns, common sense and practical tools go a long way toward combating data breaches.
If you’re looking for such a tool to protect your users’ calls and text messages, read this blog to get an overview of SecuSUITE for Enterprise, a software-based solution that works across multiple platforms and carriers, providing end-to-end encryption and peace of mind for mobile communication, or check out the brochure or data sheet on our SlideShare channel. You can also take a look at this more recent post, where we go over some of the specific details of SS7’s insecurity.