Earlier this year, hackers hijacked text messages containing two-factor authentication codes sent to German online banking customers, allowing them to siphon money from multiple bank accounts. Though undoubtedly a surprise to the users who were defrauded, this was hardly shocking to the security community. Experts have long warned of vulnerabilities in Signaling System 7 (aka SS7), a key protocol used by wireless networks.
Developed in the 1980s, this protocol has grown long in the tooth. SS7 contains multiple security holes which allow hackers to eavesdrop on calls, read or redirect SMS messages, and track a device’s location. All a criminal requires is access to a carrier’s network – from there, they’ve free rein to do whatever they please.
In this case, they hijacked a bank’s two-factor authentication system. But they could do much more.
Imagine a terrorist tracking the location of military personnel via GPS. Imagine an unscrupulous government listening in on calls made by foreign diplomats. Imagine an attacker gaining access to your business’s data center by hijacking your SMS authentication. Imagine an underhanded competitor eavesdropping to get wind of an upcoming acquisition, then going behind your back to steal the company from you.
SS7 vulnerabilities aside, SMS has its own security weaknesses. It’s not designed to be secure – it’s designed to be convenient. Using it without encryption is therefore just asking for trouble.
In short, voice calls and text messaging need to be treated with just as much care – and skepticism – as any other communication medium. So, why aren’t they?
Tackling the Challenges of Secure Voice
For SMS, I believe it’s mostly because people don’t realize how insecure it is – they’re either unaware or wilfully ignorant of its flaws. Secure voice, on the other hand? That’s a bit more challenging.
For call encryption to be useful, it cannot interfere in any way with a phone conversation. The call quality and latency must be exactly as it would be with no encryption at all. And employees must never be forced to do additional legwork to encrypt their calls – the only thing they should have to do is dial a number.
Not only that, an encrypted voice solution must integrate with a wide range of devices, systems, and carriers. If you can only encrypt calls between two people on the same mobile network, that means all your contractors, partners, and vendors must use the same mobile carrier. That’s hardly a reasonable expectation.
Lastly, there’s the challenge of installation. Many organizations might not have the budget to purchase and manage extensive hardware for secure calling. And configuring such systems to integrate with the rest of an organization’s infrastructure can be downright daunting.
Enter SecuSuite. Part of our BlackBerry Secure approach to unified mobility, it’s designed to the strictest regulatory standards, and is the preferred solution for high-security agencies around the globe. Available for both government and enterprise, it’s simple to deploy and manage, and compatible with multiple devices and operating systems. Thanks to BlackBerry’s leading NOC infrastructure, it’s also highly reliable, and your calls over Wi-Fi will deliver the same performance as calls over carrier networks.
Because SecuSUITE is software-based, it’s easy to install, manage, and use, too. Deployment costs are minimal, and users can make calls and send text messages the same way they always would, with no interruptions. It also secures cross-network communication, so there’s no need to lock your organization or its partners to a single carrier.
Protect Your Conversations with SecuSUITE
There’s an old saying – loose lips sink ships. With all the talk about the need for email security and encrypted messaging, it’s easy to forget that those aren’t the only channels you need to protect. Voice and SMS are equally as important, especially given that the latter is frequently used to communicate in regulated fields like healthcare. And thanks to outdated carrier infrastructure and the wide availability of advanced eavesdropping tools, ignoring secure voice is akin to leaving your door wide open in a bad neighborhood.
That’s why you need a tool like SecuSUITE – because at the end of the day, you never know who might be listening in.
For more information about BlackBerry’s updated software portfolio, check out our overview blog. You can also read more about BlackBerry Workspaces, BlackBerry Dynamics, the BBM Enterprise SDK, BlackBerry UEM, or our application suite.