Business Issues -> Security & Risk
By: Nigel Stanley, Practice Leader - IT Security, Bloor Research
Published: 28th April 2011
Copyright Bloor Research © 2011
Over the past few months I have written about the problem of mobile voice data protection and the need for those conducting information and business risk assessments to consider the cost of losing voice data.
When traditional computer data goes missing it is often obvious, as a laptop, CD ROM or USB stick has actually been lost. Unfortunately when a mobile phone is intercepted the bugging will happen without the user knowing, often only discovering the problem when financial data has been leaked or intellectual property stolen.
So what can be done?
Voice encryption is crucial to ensuring mobile data is secure and is a must have for those likely to be at risk—namely those talking about sensitive content on their mobile phones. A solution from Morrigan Partners can do just that.
Using the Morrigan Secure Application (or MSA), an authorised user can make a secure call over any mobile communications network to another MSA-enabled handset. The MSA solution also supports secure SMS and voicemail whilst it scans for malware threats such as Trojans.
The MSA runs in parallel to standard unencrypted smartphone systems and is capable of deployment across standard communication networks using standard smartphones. Calls are securely routed between one MSA handset to another MSA handset for call integrity and messages are securely held on the secure server if a phone is off line and immediately sent when reconnected. Four encryption keys are randomly generated and discarded after each call providing a level of protection.
The MSA runs over data‐enabled networks including 2G, 3G, 4G and Wi‐Fi allowing mobile devices to move freely and uninterrupted between all networks globally during a secure call connection. This is especially interesting as a common technique to further protect calls is to force a 3G connection. Whilst this may work in areas where there is 3G coverage there are a surprising number of black spots where a 3G connection is not possible. Would a user accept no mobile phone coverage just to protect their calls? Unlikely. Therefore a voice encryption solution that can use a 2G network if required is a useful option.
There is no doubt that voice data is at risk. As more and more people use their smartphones to run their entire lives, hackers and others will focus their efforts on getting the information they need from these devices. In many respects attitudes towards mobile phone data security reflect those held 20 years ago towards the humble personal computer. Back then attacks were minimal, anti-malware was yet to become established and hacking was in its infancy. Now we are in a maelstrom of attacks against the PC using sophistication and scale we previously thought impossible.
Cast one's mind forward 20 years and it boggles at the depth and breadth of attacks our cell phones will be subject to. In the meantime anyone that conducts sensitive business using a mobile phone should seriously consider implementing an industry leading mobile phone encryption package without delay.
We have not received any comments against this entry. Why not be the first?
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761