How Secure is Your Mobile? 

You can put in place a corporate policy to restrict the use of sensitive data on the smart phones, you can restrict e-mail access on the phone (not that it’s easy to enforce such a policy), but what if all your employees are using the very basic cell phones with absolutely no smart phone capabilities? You might think the mobile platform is now completely secure. You’re absolutely wrong.

The entire focus of our security policies usually hover around securing data wherever it is (in this case the mobile). But what about securing the voice conversations? The point is, not all communication is in the form of digital data. A large number of sensitive discussions and decisions happen over conversations on the voice network. What if your competitors are snooping into all the strategic conversations taking place in your organisation! What perhaps you’ve missed is that how easy it is becoming to snoop into voice calls and SMSs. Now, how do you restrict the use of cell phones? How do you convince people in the organisation to give precedence to in-person meetings over phone calls to discuss sensitive matters? The whole communications paradigm in an organisation is poised to change unless we find ways to secure this weakest link.

The threat perception of any given resource (in this case the GSM network) is directly proportionate to the amount of money it takes to execute an attack or to build a threat to exploit the vulnerability in it. About 80 percent of all mobile connections run on GSM networks, an ageing technology with extremely poor encryption. The 64-bit GSM encryption that was considered cutting-edge in 1988, is no longer sufficient to keep our conversations private. Till 2003 you would consider your mobile conversations private unless you knew your telecom operator was trying to spy on you. However, in 2003, the method by which GSM’s encryption code could be cracked was uncovered by a team of Israeli researchers which gave hackers a new avenue to explore. However, the method required equipment worth over $50,000 and a high level of skills to exploit. So you still didn’t need to worry much as the cost of executing the attack was still very high.