How mobile security needs to move on after the recent News of the World scandal.

James Middleton

August 7, 2009

5 Min Read
Making a safe call
New technology brings with it a new set of threats

As we all know by now, a few weeks ago serious allegations were made by the UK newspaper the Guardian that reporters at the News of the World (a rival newspaper) were ‘tapping’ into the voicemail messages of thousands of individuals’ phones.

The public shock about this seems not to be that questionable tactics had allegedly been used by journalists, but rather that it raises serious questions about the security of our mobile phone calls. Not only that, but because they targeted so many people, between one and three thousand, with no obvious motive other than they could, it made many people wonder if they might be next.

These events remind us that the march of technology often brings with it a new set of threats that have to be tackled. So how do we, as an industry, move forward to resolve them?

The first thing to do is to offer some practical advice:

  • Never assume that voice calls are secure – like fax or email, never discuss confidential or sensitive issues on the phone, unless you are using phones with voice encryption

  • Never leave confidential voice messages or send confidential texts

  • Make sure you use and protect your voicemail PIN in the same way as your bank card PIN – voicemails can be accessed from any phone with the PIN

  • Be vigilant to prevent malicious use of your phone – be wary of texts, system messages or events on your phone that you did not ask for, initiate or expect; turn off Bluetooth if you are not using it and don’t leave your phone lying around

  • Think about the value of the conversation and then choose the right communication means for the call – if you are discussing something very valuable, such as a business deal, don’t leave information lying around or use communications means that can be intercepted

But that is only half of the problem. As the whole News of the World saga has shown, there are plenty of people willing and capable of this sort of attack if the information is valuable enough. Suddenly more and more people who make calls that have potentially valuable information are concerned about the security of those calls. The information could be vital corporate information, important security information from a government body, or interesting gossip that could be sold to a newspaper. If something is considered ‘valuable’ then it’s possible there is someone out there who wants to ‘steal’ it.

We all know the phrase “we should not be having this conversation on an open phone line” as there is a widespread belief that landlines are open to attack. Yet people haven’t previously believed the same to be true with mobile devices, or at least they haven’t in Western Europe. If you go to South America, the Middle East or Eastern Europe then there is a clear perception that all calls are potentially insecure and now that perception seems to be changing in Western Europe as well.

There comes a time when it is simply not practical to simply assume calls are insecure and that you have to find other methods of communication. People have to communicate freely on their phones to do their jobs and go about their daily lives. So people are starting to look for solutions that allow them to do this.

More and more people are making their ‘valuable’ calls over secure voice call encryption only.

Recent improvements to the quality of call encryption, both the technology and the usability have brought the capability into the reach of companies and even individual citizens. Coupled with the heightened concerns about corporate espionage and the duty of care by companies for the safety of personnel when travelling, voice security is now a serious consideration for government, business and high profile individuals alike.

Encryption technology now exists, such as Encrypted Mobile Content Protocol (EMCP), which allows standard mobile phones to add software that encrypts voice communications, delivering a level of encryption and voice security that satisfies Government requirements, in a standard business package and supports popular devices such as Nokia and BlackBerry smartphones.

As an industry, we can use this opportunity to start to push encryption. Although at first glance, it might seem that mobile network operators would be cautious of such solutions there are huge business possibilities for them.

The current situation with voice communications is not dissimilar to the email world of ten years ago, where most email traffic passed without any security measures. This, combined with evidence that organised elements and others are becoming increasingly sophisticated in their ability to intercept business communications, is driving businesses to pay increasing attention to how they protect their mobile voice data.

Yet it is very difficult currently for carriers to provide an absolute guarantee of the end-to-end security of calls – as they pass through multiple networks, operators and geographies, which often change in real-time to get the best tarrifing. So the ability to offer voice encryption to business and individual users with a particular need offers a new revenue opportunity to carriers and provides a far cheaper solution to businesses that need to protect their information assets.

So perhaps this recent ‘scare’ has done us all a service. Many users will be more careful as a matter of course; many businesses and high-profile users will be pushing for a solution that secures their voice data; while many in the industry will be creating new ways to solve these issues and new ways to offer new services that generate additional revenues for us all.

Simon Bransfield-Garth is CEO of Cellcrypt

About the Author(s)

James Middleton

James Middleton is managing editor of telecoms.com | Follow him @telecomsjames

You May Also Like