One lets hackers route individual phone calls to themselves before forwarding on to the recipient, two researchers told the Washington Post newspaper last week, while another flaw lets hackers collect all of the wireless calls and texts in a particular geographic area. As described in the widely-circulated interview, the flaws are features of the long-used SS7 (Signaling System No. 7) system used by telecom carriers to manage communications transmissions.
The flaws, which have been around for nearly 3 decades, are “really not much of a surprise” to Christoph Erdmann, Chief Technology Officer of Secusmart, an anti-surveillance vendor that BlackBerry acquired last week.
And the widespread encryption used by 3G and 4G cellular technologies such as GSM, CDMA and LTE do not protect against hackers intercepting and listening in/reading on mobile calls and texts.
“These disclosures have once more underpinned the fact that a system is only as secure as its weakest link,” says Erdmann, who is now Senior Vice-President of BlackBerry’s Secure Voice division. “In this case, the discovered vulnerability of SS7 undermines the privacy of billions of phone calls made every day via the global communications networks.”
Deutsche Telekom has said it is trying to step up to mitigate the problem as much as possible. But it’s unclear how much effect a single carrier can have, both for its own customers or others, due to the sprawling, interconnected nature of the worldwide network.
“The dilemma with this is that those systems are hard to replace as they are globally connected while at the same time the technology for attacking those systems, as demonstrated by the German researchers, becomes cheaper every day,” says Erdmann.
What Enterprises Can Do
Organizations can and should go ahead and protect themselves, however. They should seek a communications service or solution that offers end-to-end encryption and authentication, says Erdmann. These over-the-top (OTT) services, so-called because they transmit over the communication networks of large carriers but not under their control, keeps your conversations, messages and e-mails safe from any underlying network vulnerabilities.
Or as Erdmann puts it: “It is the only way to make sure that communication remains trusted and secure between two endpoints even if they are connected via an insecure network.”
Secusmart, which is best-known as the encryption provider used by German Chancellor Angela Merkel (right) to keep conversations on her BlackBerry device private, has several secure offerings today. SecuSUITE for Government for BlackBerry 10 devices provides the most complete, rigorous security for secure communications. SecuSUITE for Enterprise is used by both governments and enterprises to provide secure communications on a variety of devices, including iPhones, Android and BlackBerry 10 phones and tablets. The other is a software solution called SecuCALL that is offered via carriers such as Vodafone Germany to enterprise customers.
(As of February 2015, BlackBerry holds 70+ security certifications and approvals from governments.)
Smart IT managers know that there are three very good alternatives to BYOD. But what are the strengths and weaknesses of mobile deployment models such as CYOD), COPE) and COBO)? And how do you choose what’s best for your organization?
In a webinar on Thursday, May 28th (2015), BlackBerry director of security Alex Manea will be examining all four mobile deployment models and looking at the pros and cons of each.
Webinar attendees will also receive a new 100-page e-book from BlackBerry: The Definitive Guide to Enterprise Mobile Security: Strategies and Tactics for Business and IT Decision-Makers.
Co-edited by Manea and BlackBerry blogger Eric Lai, the e-book offers comprehensive strategies and actionable tips for tech and business managers wrestling with how to manage and deploy devices in a secure, future-proof way.
The webcast will air on Thursday, May 28th at 11:00 AM EDT, and will include a live Q&A with Alex. Register for Alex’s webcast HERE. You can also register for these webinars hosted by BlackBerry security experts:
You can also register and listen to these webinar recordings after they are broadcast.