Study: Despite Risks, Voice Encryption Solutions Deployed By Few Corporate Departments

ABI Research’s (News - Alert) recent survey conducted on behalf of Cellcrypt, a provider of secure mobile voice calling, found that fewer than one in five people in departments that handle sensitive information such as financial, legal and research and development have deployed some form of voice encryption solutions.

 

Simon Bransfield-Garth, CEO of Cellcrypt (News - Alert), said that the inherent insecurities of GSM encryption have been well-publicized, even though most governments and enterprises have been aware of this threat for a while.

 

“However, this research shows there is still confusion out there about whom, when and how people should be protected from this threat,” Bransfield-Garth said. “Organizations need to start taking serious steps to consider coherent security strategies that protect multiple weak spots against attack. This work needs to start sooner rather than later as standard GSM encryption becomes unreliable and open to easier interception within the next six months.”

 

The survey, conducted amongst 250 senior executives in both medium and large organizations showed that despite regularly discussing financial information (78 percent), employee data (66 percent), as well as IP (51 percent) and commercial secrets (50 percent), the majority of these conversations are unprotected despite over 80 percent of respondents believing mobile phones to be as vulnerable, if not more so, than e-mail communications if leaked.

 

Of those who admitted to regularly discussing sensitive information, 80 percent believed, if leaked, this information would have a major impact on the organization.

 

 “Despite sometimes being viewed as something for the movies, crimes such as corporate espionage, kidnap for ransom and extortion by organized criminals can and do happen,” said Stuart Quick, Operations Manager at Henderson Risk Limited. “Mobile voice interception is one way in which these crimes can be facilitated. The increasing interception risk underlines the need for organizations to adopt a robust approach to securing these calls, especially when the senior managers in departments such as finance and legal are prime targets.”

 

In addition to other interception methods such as man-in-the-middle scams and on-device taps, the threat of mobile voice interception has intensified recently with the cracking of encryption on GSM mobile phone calls.

In December, Chaos Computer reportedly released the GSM Codebook, a large lookup table of pre-generated GSM encryption keys which allows hackers to rapidly crack A5/1 – the encryption standard for GSM mobile phone call security.

 

Just two weeks later, leading cryptographer Adi Shamir published a white paper detailing a practical method for cracking the next generation of encryption standard, A5/3, in less than two hours.

 

When asked whether senior managers in key departments use voice call encryption solutions for mobile phone voice calls, the survey found that just 13.5 percent of financial, 17.1 percent of legal and 18.3 percent of research and development departments had solutions deployed.

 

When asked who in their organization is responsible for ensuring the security/preventing the interception of voice calls, 53 percent responded the Head of IT, 21 percent responded security, 7 percent responded Networking and 6 percent responded operations.

 

Read here about how plenty of mobile HD voice news will be announced at Mobile World Congress (News - Alert) in Barcelona, Spain. Several European carriers are likely to formally announce plans for mobile HD voice along with an alliance to exchange HD calls outside of the traditional world of switched telephony.