Mobile Security Articles

Everyday, everywhere, priceless information is exchanged by phone.

Even companies which allocate significant resources securing their networks and employee confidentiality still discuss sensitive information over regular, unprotected cellular phones.

Your competitors, criminal organizations or foreign governments can tap into this wealth of information using non-expensive and easy to use tools.

There are several ways to intercept a cellular call.

A device called IMSI catcher can be used to capture your call within a radius of several miles.

Also, when your call travels within the network, there are numerous ways to listen-in, as the unencrypted signal travels from one cell to the next over microwave radio lines.

Not to mention the threat of competitors bribing cell company employees, or foreign intelligence agencies listening for information that could benefit their national industries.

Basic countermeasures can be implemented to mitigate this risk and protect your privacy.

Unfortunately, many people think that if their company is not in the Defense industry or is relatively small, no one will be interested in spying on them. This head-in-the-sand attitude ("It won't happen to me") increases the risk, leaving companies vulnerable to major losses.

Your competitors profit from information acquired about your business, and some of them will not stop at legal intelligence-gathering methods.

Information in the wrong hands can ruin a corporation, put people out of work, bankrupt local merchants, and devastate shareholders families.

In some cases the threat you face may stem not from what you have, but from who you are. Your risk can also increase if you possess information that may be of political value to others.

Also, you or your organization may possess information about another targeted entity, which could make you a secondary or indirect target.

Phone conversations can be targeted by illegal surveillance activities. Wireless communications can be easily intercepted. Your vulnerability to such activities cannot be fully removed, but it can be managed by appropriate countermeasures.

Industrial espionage, the process by which a company is targeted by "intelligence" activities, is conducted by international intelligence agencies, foreign and American companies, and even private individuals.

Most nations engage in espionage activities directed against U.S. companies. Some even count with their countries' intelligence agencies -which usually have huge resources and even immunity- for direct support.

Studies show that businesees of all sizes are victims of industrial espionage, which costs U.S. companies billions in losses every year.

Intelligence gathering can also help criminal organizations optimize their extorsion demands. Also, some individuals or companies may hire criminal groups to spy and steal information.

Unfortunately, many people think that if their company is not in the Defense industry or is relatively small, no one will be interested in spying on them. This head-in-the-sand attitude ("It won't happen to me") increases the risk, leaving companies vulnerable to major losses.

Your competitors profit from information acquired about your business, and some of them will not stop at legal intelligence-gathering methods. Information in the wrong hands can destroy a corporation, put people out of work, bankrupt local merchants, and devastate shareholders families.

In some cases the threat you face may stem not from what you have, but from who you are. Your risk can also increase if you possess information that may be of political value to others.

Also, you or your organization may possess information about another targeted entity, which could make you a secondary or indirect target.

Your vulnerability to such activities cannot be fully removed, but it can be managed by appropriate countermeasures.

Phones are probably among the most essential devices in the contemporary business environment. People tend to relax and be more open to share information by phone. Industrial spies know it, and thus phone tapping is among their most useful resources in their pursuit of valuable information.

Sensitive information is usually shared through phone conversations, which can be targeted by illegal surveillance activities. Wireless communications can be easily intercepted.

Basic countermeasures can be implemented to mitigate this risk and protect corporate assets and your privacy.

People may need to resource to security countermeasures to protect themselves against competitive intelligence activities, corporate espionage, extortion, media snooping, activists, terrorism, invasion of their personal privacy, etc.

Among the various types of communications that should be protected against illegal eavesdropping, we could mention: privileged conversations between clients and their counsel, company executives or board members discussing mergers and acquisitions, marketing strategies, new product development, lawsuit strategies, internal politics, labor negotiations, etc.

Competitive Intelligence is the process by which information is collected and transformed into valuable intelligence for use in tactical and strategic business decisions. Corporate Security Officers may select the easy path: trust that their current and potential competitors' "Competitive Intelligence" departments would resource only to legal approaches to snoop on them.. However, the stakes may be to high to adopt such a conservative strategy.

But it is not just corporate executives who may be targeted by illegal surveillance activities. Other targets include: famous people, movie stars, celebrities, scientists, bankers, employees of companies subject to hostile takeovers, real estate development planners, high level politicians, diplomats and their staff, people involved in high bidding wars, political campaign offices, journalists, etc.

Sigillu provides the most efficient solution for secure cellular communications.

Who could be targeted by illegal surveillance activities?

The short answer is: almost anyone.

Anyone could be targeted by covert electronic surveillance activities. Some people are at a higher risk than others due to their profession, financial status, involvement in domestic related situations, etc.

What follows is a non exclusive list of potential targets of illegal surveillance: famous people, movie stars, celebrities, business executives and directors, scientists, bankers, employees of companies subject to hostile takeovers, real estate development planners, high level politicians, diplomats and their staff, people involved in high bidding wars, political campaign offices, journalists, etc.

The most widespread professional wiretapping takes place in industrial espionage. Many businesses spy on each other just like wartime nations do. The spies listen in to gather industry secrets, business plans and any other information that will give their company an advantage over the competitor.

Telephone conversations are vulnerable. Several tools (cell phone scanners, IMSI catcher, etc.) are available to listen into private mobile and landline conversations, and there is no way to guarantee private conversations without end-to-end encryption.

There are some well known cases of massive illegal wiretapping scandals which could, according to some experts, even put democracies at risk. In some of these cases even former telco executives are suspected of belonging to the spy rings.

Technical Surveillance Counter Measures (TSCM) sweeps are intended to protect against wiretapping and telephone bugging, and are the most commonly used defense mechanisms. TSCM was originally used by government entities to protect top secret and critical information from foreign spies.

Sigillu (www.sigillu.com) uses end-to-end strong encryption to provide full protection against illegal bugging and eavesdropping of private and corporate mobile conversations. It is a cost effective counter surveillance solution that offers complete protection to people that want to make sure their cellular communications remain secure, private, and confidential.

Short answer: not necessarily.

Does the company provide all the code needed to compile the voice encryption product I can then install in my mobile phone or the one they include in the firmware of the phone they provide? If the answer is no, how do I know that the code they provide me for review is the same one they used to produce the software they installed in the phone? My understanding is that there is no way to verify that.

But even if the source code they are providing for review is the same one they used to compile their product, can't the security be compromised by how their solution was implemented on the specific phone? Does it make sense to verify the encryption algorithm if I cannot make sure the other processes involved in securing my calls, including but not limited to voice de-coding and interaction with the phone OS, are also secure and free of programming errors or back-doors?

And who is reviewing the code? Is there any incentive to do it? Are good an honest people investing their time in reviewing source code published by second tier vendors? Probably not. That the code is available does not necessarily mean that it is reviewed.

The other day I stumbled upon the web site of a company selling voice encryption products, and I sadly read their conclusion of why other vendors may not be offering their source code for review. They state they can only assume that the other vendors have something to hide, or that they may be afraid of competition, or trying to protect "so called" "trade secrets." How sad is that?

In relation to protecting their "trade secrets," I hope that's true. My understanding is that trade secret protection lasts for as long as the secret is kept confidential.

Also, what do they mean by "so called trade secrets"? If it means they have a strong position against intellectual property protection, fine. But then the question would be why are they not just releasing the software as open source? Could that impact their "so called bottom line"?

In their web site they also state that they "have no (trade) secrets". Really?

(written by uzimanu on 4/26/2007)