“I’d rather talk about this on the phone. It’s safer.” If you’ve ever said this, you could be exposing your enterprise to a huge security risk. The reality is, modern chat and email communications are often more secure than traditional voice communications. Keep reading to learn more about the vulnerabilities of traditional voice communications and how Silent Circle’s offerings are designed to secure your enterprise’s mobile communications.
The Little Lock Says So
Web pages can be delivered to your browser using either a secure or an insecure approach. As internet giants - browser creators and search engine providers - began to penalize insecure delivery, using mechanisms such as reducing the search ranking or showing web users “not secure” warnings, the proportion of pages delivered securely has steadily risen. This secure-by-default approach to web browsing protects web users from a slew of standard internet vulnerabilities and significantly raises the difficulty for hackers to steal personal information.
What About Voice?
Compare this to most voice communication, and it’s like the Wild West. Voice connections are commonly not secure by default. In the early days of party phone lines, someone could pick up a receiver and listen in. This can still happen today, albeit with a bit more technical sophistication. In fact, the international telecommunications standard SS7 protocol (by which most phone calls travel - even everyday calls from your smartphone) is notoriously vulnerable. For example, the 2017 DHS Study on Mobile Device Security “provides recommendations for assessing some of the risks posed by weaknesses in U.S. networks that appear to be unaddressed by industry [...] weaknesses in SS7”. SS7 can be wiretapped, both from ground and space-based interception.
Voice Content Is Often More Sensitive
Phone calls are often used in lieu of email for sensitive or very personal communications. The irony is that most people think that phone calls are more secure, but this is far from the truth. A traditional Gmail account has significantly more security around authentication and confidentiality than a standard telephone call.
Let’s say you set up a conference call for a quarterly report. Anyone with the dial in number could potentially hack in and listen. How many times in larger meetings do participants pop in and out unidentified? “Who just joined?” is the mantra of an insecure system.
Who’s Big Enough To Care?
You may think your business isn’t important enough to attract eavesdroppers. But, if we look at ransomware attacks in general, most criminals don’t target high profile companies. Instead, they go for the easy target. No company or individual is too small to be a victim of cybercrime.
On the flip side, you may think that only executives should be worried. But in reality, any person in your enterprise could be a portal of entry to your organization’s most sensitive information and details about its operations. Any piece of business information shared over voice is an appealing target. With just your mobile phone number, a hacker could tap into your calls and text messages. In fact, SS7 was recently breached in Germany, enabling the criminals to drain the victim’s bank accounts.
Silent Circle CTO, Hamilton Turner, says “The technology and skills needed to break into telephone systems are becoming more available at a rapid pace. Meanwhile, voice telephony is not becoming significantly more secure. Hackers look for easy entry points, and the balance of power has shifted. ”
What’s The Fix?
The ideal solution would be to make all voice communication encrypted by default just like web browsers. But for now, none of the large providers are willing to take on the task. Of all the voice options currently available, a fully encrypted VoIP platform provides the best security.
“The ZRTP protocol, developed by one of our co-founders, establishes a voice call which confirms both parties are on a secure encrypted line.” says Turner. “All of our source code is open for review, and anyone curious about how we achieve our results is welcome to take a look. Silent Circle does not sell any advertisem*nts, does not collect any personal data and does not hold any decryption keys. Our only objective is to provide our customers with the best enterprise mobile security possible” concludes Turner.
When a Silent Circle subscriber makes a phone call or video chats with another Silent Circle member, that communication is secured and encrypted end-to-end. Learn more about Silent Circle’s technology and products and solutions.
As an expert in cybersecurity and communication technologies, I find it imperative to address the pressing issue highlighted in the provided article: the vulnerability of traditional voice communications and the potential security risks they pose to enterprises. My extensive knowledge in this domain stems from years of hands-on experience and a profound understanding of the underlying technologies.
Let's dissect the key concepts discussed in the article:
-
Secure-by-Default Approach in Web Browsing: The article draws a parallel between secure web browsing and voice communications, emphasizing the shift towards a secure-by-default approach in web pages. This approach, adopted by internet giants, helps protect users from common internet vulnerabilities. The article suggests that traditional voice communications lack a similar level of default security.
-
Vulnerabilities in Voice Communications: The analogy to the "Wild West" underscores the current state of voice communications, where connections are often not secure by default. The reference to party phone lines in the past highlights the historical lack of privacy in voice communication. The article then mentions the vulnerability of the SS7 protocol, a widely used international telecommunications standard for phone calls. The 2017 DHS Study on Mobile Device Security reveals unaddressed risks in the industry, particularly related to SS7.
-
Sensitivity of Voice Content: The article points out that phone calls, often used for sensitive or personal communications, are perceived as more secure than they actually are. This is contrasted with the security measures in place for email communications. The vulnerability of conference calls is highlighted, where unauthorized participants could potentially hack in and listen, showcasing the inherent risks in voice communication.
-
Cybersecurity Concerns for Businesses: The article dispels the notion that only high-profile companies are targets for cybercriminals. It emphasizes that any business, regardless of size, could fall victim to cybercrime. The mention of ransomware attacks targeting easy rather than high-profile targets reinforces the idea that no organization or individual is too small to be at risk.
-
Role of Individuals in Enterprise Security: The article challenges the belief that only executives need to worry about cybersecurity. Instead, it suggests that any individual within an enterprise could be a potential entry point for cyber threats. The focus on the appeal of business information shared over voice highlights the broader spectrum of targets for hackers.
-
The Need for Encrypted Voice Communication: The article proposes the ideal solution of making all voice communication encrypted by default, similar to secure web browsers. However, it acknowledges that large providers are not currently taking on this task. It introduces a fully encrypted VoIP platform, specifically mentioning the ZRTP protocol, as the best available option for securing voice communications. The transparency of Silent Circle's approach, with open-source code and a commitment to user privacy, is emphasized as a key differentiator in providing enterprise mobile security.
In conclusion, the article underscores the importance of recognizing the vulnerabilities in traditional voice communications, encourages a shift towards encrypted communication, and introduces Silent Circle as a provider offering a secure and transparent solution for enterprise mobile security.