Risk UK

RISK-UK NEWS
Open to interception Sensitive departments within organisations are being left vulnerable to mobile phone call interception. A recent survey conducted by ABI Research on behalf of Cellcrypt found that fewer than one in five people in departments that handle sensitive information such as financial, legal and research and development have deployed some form of voice encryption solutions. The survey, conducted amongst 250 senior executives in both medium and large organisations showed that despite regularly discussing financial information (78%), employee data (66%), as well as IP (51%) and commercial secrets (50%), the majority of these conversations are unprotected despite over 80% of respondents believing mobile phones to be as vulnerable, if not more so, than e-mail communications if leaked. Of those who admitted to regularly discussing sensitive information, 80% believed, if leaked, this information would have a major impact on the organisation. In addition to other interception methods such as man in the middle scams and on-device taps, the threat of mobile voice interception has intensified recently with the cracking of encryption on GSM mobile phone calls. In December, the Chaos Computer released the GSM Codebook, a large lookup table of pre-generated GSM encryption keys which allows hackers to rapidly crack A5/1 – the encryption standard for GSM mobile phone call security. Just two weeks later, cryptographer Adi Shamir, published a white paper detailing a practical method for cracking the next generation of encryption standard, A5/3, in less than two hours. “The inherent insecurities of GSM encryption have been well publicised, even though most governments and enterprises have been aware of this threat for a while,” said Simon Bransfield-Garth, CEO Cellcrypt. “However, this research shows there is still confusion out there about whom, when and how people should be protected from this threat. Organisations need to start taking serious steps to consider coherent security strategies that protect multiple weak spots against attack. This work needs to start sooner rather than later as standard GSM encryption becomes unreliable and open to easier interception within the next six months.” Despite 92% of respondents considering it the organisation’s duty to provide employees with mechanisms to protect information or their own personal safety when travelling to high-risk areas, several admitted confusion over who was responsible, with Heads of IT, Security, Networking and Operations all being assigned responsibility.

RISK-UK NEWS

Open to interception

Sensitive departments within organisations are being left vulnerable to mobile phone call interception. A recent survey conducted by ABI Research on behalf of Cellcrypt found that fewer than one in five people in departments that handle sensitive information such as financial, legal and research and development have deployed some form of voice encryption solutions.

The survey, conducted amongst 250 senior executives in both medium and large organisations showed that despite regularly discussing financial information (78%), employee data (66%), as well as IP (51%) and commercial secrets (50%), the majority of these conversations are unprotected despite over 80% of respondents believing mobile phones to be as vulnerable, if not more so, than e-mail communications if leaked. Of those who admitted to regularly discussing sensitive information, 80% believed, if leaked, this information would have a major impact on the organisation.

In addition to other interception methods such as man in the middle scams and on-device taps, the threat of mobile voice interception has intensified recently with the cracking of encryption on GSM mobile phone calls. In December, the Chaos Computer released the GSM Codebook, a large lookup table of pre-generated GSM encryption keys which allows hackers to rapidly crack A5/1 – the encryption standard for GSM mobile phone call security. Just two weeks later, cryptographer Adi Shamir, published a white paper detailing a practical method for cracking the next generation of encryption standard, A5/3, in less than two hours.

“The inherent insecurities of GSM encryption have been well publicised, even though most governments and enterprises have been aware of this threat for a while,” said Simon Bransfield-Garth, CEO Cellcrypt. “However, this research shows there is still confusion out there about whom, when and how people should be protected from this threat. Organisations need to start taking serious steps to consider coherent security strategies that protect multiple weak spots against attack. This work needs to start sooner rather than later as standard GSM encryption becomes unreliable and open to easier interception within the next six months.”

Despite 92% of respondents considering it the organisation’s duty to provide employees with mechanisms to protect information or their own personal safety when travelling to high-risk areas, several admitted confusion over who was responsible, with Heads of IT, Security, Networking and Operations all being assigned responsibility.

RISK UK CONTACTS
EDITOR:	ANDY CLUTTON TEL: 020 8295 8308
ADVERTISEMENT DIRECTOR:	PAUL AMURA TEL: 020 8295 8307
ADVERTISEMENT MANAGER:	WENDY THOMAS TEL: 020 8295 8305
PRODUCTION/DESIGN:	MATT JARVIS TEL: 020 8295 8304
ADMINISTRATION:	MARGARET HOLDEN TEL: 020 8295 1414
ADMINISTRATION SUPPORT:	TRACEY BEALE TEL: 020 8295 1414