© The Canberra Times/ACM. Reprinted with permission.
Recent high-profile breaches of major global telecom networks, and a rise in spying on mobiles, reveals a growing and often underestimated threat to national and organizational security. That is, the networks and communication tools that make global communications accessible, connected and efficient, are also exposing sensitive data to unprecedented risks.
For organizations that rely on secure, confidential communications, the use of telecom networks and consumer-grade messaging apps such as Whatsapp and Signal to share government or commercially-sensitive information could mean exposure of trade secrets, personal health data, military location information or national security data to threat actors with malicious intent.
Understanding the Breach: Telecom Networks as a Target for Cyber Espionage
In the United States recently, cyber-espionage campaigns linked to foreign governments successfully targeted national telecom providers, exploiting their networks to intercept the communications of high-profile individuals, including political figures in the Trump and Harris campaigns in the runway to the election. Said to be lurking in the networks for more than a year, this wasn’t a case of mere data theft—attackers were able to tap into real-time data streams, intercepting voice calls, SMS messages, and mining communication metadata, which is a goldmine for gathering intelligence. Metadata provides a detailed picture of relationships and communication patterns, granting threat actors unprecedented insights into a target’s network.
For instance, attackers can learn not only who communicated with whom but also when, where, and how often. Such data, often overlooked by organizations in the category of ‘cyber risk’, can reveal key aspects of operations and priorities for individuals or organizations. In addition to traditional intelligence purposes, this information can be exploited for disinformation campaigns, targeted phishing, blackmail, or identity spoofing, all of which can be detrimental to organizational integrity.
Secure Communications Gaps within Public Telecommunications Networks
The essential design of public telecom networks prioritizes connectivity and reach, making it easy for any number to call or text any other number worldwide. This very feature, however, introduces vulnerabilities, as telecom providers establish automated interconnections to facilitate global coverage. Security, in many cases, becomes a secondary consideration, creating a fertile ground for exploits. For instance, many carriers still use outdated signaling protocols that are vulnerable to interception, allowing attackers to redirect and tap calls without user knowledge. This has led to the rise of "interception as a service" schemes, where attackers or competitors can essentially hire services to access confidential calls or messages.
What’s more concerning is the exposure created by carrier-interconnect protocols, which allow malicious actors to access cellular roaming data and redirect calls. This isn’t just a theoretical concern; there are already documented cases of espionage and interference on these networks. For government officials, corporate executives, military leaders, and law enforcement personnel, this vulnerability can mean that sensitive discussions are vulnerable to surveillance.
The High Stakes of Metadata Compromise
Metadata, often dismissed as less valuable than content data, can be instrumental in revealing critical insights. Through metadata like Call Detail Records (CDRs) or Message Detail Records (MDRs), threat actors can map out communication patterns — who is talking to whom, at what times, and for how long. This also applies to metadata available from consumer-grade messaging apps, which can include location, profile, email address, phone numbers, call volume, groups you belong to and more. Access to these patterns can expose organizational workflows, highlight relationships, and even help identify strategic decisions. For example, if a government leader communicates repeatedly with a particular advisor at unusual times, it may signal a high-stakes decision or sensitive planning.
The recent compromise of metadata in telecom breaches, including AT&T’s announcement of a large-scale metadata compromise, exposes a new layer of vulnerability. With metadata, adversaries can spoof identities to impersonate trusted contacts and infiltrate conversations, enabling sophisticated social engineering and phishing attacks. The latest Verizon breach took this a step further, as threat actors accessed not just historical metadata but real-time data, allowing for immediate exploitation of communication patterns and behaviors, which can be especially damaging during sensitive periods, like election cycles or trade negotiations.
Securing Communications: Why Certified Mobile Security Is Essential
End-to-end encryption is just the starting line. The destination is to ensure communications data remains on sovereign networks and can’t be intercepted, listened to or extracted. With Signal, for example, governments have no knowledge of where their data is being processed and what type of archiving and mining may be occurring.
To mitigate such risks, organizations — particularly in government and high-stakes industries such as critical infrastructure, energy and healthcare — must adopt more robust mobile security measures that protect the integrity of the device, and trusted ‘out-of-band’ solutions that continue to operate if networks go down.
Solutions such as BlackBerry’s SecuSUITE protects communications through the network. For employees it is easy to use; they can tap on an app deployed on their existing device just like any other, except with military-grade encryption. For governments, it promises full control over their users, data and if needed, system infrastructure - protecting the entire communication process from interception and eavesdropping. This, plus the ability to completely segregate sensitive information on the device, are particularly critical for teams handling classified or secret information, proprietary data, or high-level discussions that demand confidentiality.
The Way Forward: How Organizations Can Strengthen Communication Security
At a time when communication espionage is on the rise, and threat actors are using AI to ‘deepfake’ voice calls and texts using stolen data, maintaining sovereignty over communications has become an operational and national security imperative.
Within this evolving threat landscape, organizations must adopt a proactive approach to secure their communications infrastructure. Deploying solutions that offer certified end-to-end encryption can ensure confidentiality, validate user identities, and safeguard against interception on vulnerable networks up to top-secret level. When evaluating security solutions, organizations should look for tools that provide comprehensive protection, including secure calling and messaging that maintains integrity even on international networks, while maintaining ease of use.
In addition to investing in robust security solutions, educating teams about the risks associated with public telecom networks, the appropriate use of personal communication apps at work, and other best practices for secure communication is equally important. As espionage tactics evolve, so must an organization’s vigilance in protecting sensitive information.
In an era where telecom networks are increasingly susceptible to state-sponsored attacks, or targeted mobile interception, securing communications infrastructures isn’t just a technical challenge — it’s a strategic necessity that underpins organizational resilience. By putting communication security first, organizations can uphold data integrity, protect national interests, and ensure their competitive edge remains safeguarded.
Related Reading
- Government, Critical Infrastructure, and the Future of Secure Communications
- Are WhatsApp and Signal Secure Enough for Confidential or Secret Communications?
- NATO Selects BlackBerry's Encrypted Voice Technology to Secure its Calls
- BlackBerry SecuSUITE Awarded Updated NIAP/Common Criteria and CSfC Certification for Secure Communication
For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.
