Enterprise Mobile Device Security: Carrier-Provided Voice Encryption
With the widespread adoption of mobile devices comes a tendency to use them to conduct mission-critical business, opening up voice communications as a security vector. That makes the mobile devices a very juicy target for all the vandals out there.
And while there haven’t been widespread exploits against voice communication so far, the day can’t be far away when this critical conduit becomes a frequent target for attackers. In fact, as recently as January 2011, a researcher discovered weaknesses in the baseband chipset firmware of iPhone and devices which could be exploited to ultimately take control of these devices.
More uneasy news: Ralf-Philipp Weinmann, a researcher at the University of Luxembourg, demonstrated an exploit he created that turns on the auto-answer feature of a smartphone and then uses it as a remote listening device.
Another type of encryption starting to become prevalent is carrier-provided voice encryption. Yes, I know what you are thinking: Isn’t there some form of encryption already provided by the network radio technologies? This embedded encryption in the radio technologies is present but lately it’s starting to show signs of weakness.
This is the point at which the additional encryption provided by carriers starts to make sense, specifically for your most critical users (chief-level officers, sales heads, and so on). With sensitive data at stake, adopting voice encryption is not too outlandish.
The most common way to implement voice encryption is to use a carrier-provided two-factor encryption solution:
Each device gets a hardened, self-contained crypto engine inserted into its microSD slot.
The device gets the strength of additional hardware authentication.
Members of a defined group of trusted users can exchange encrypted calls.
You can manage this capability over the air.
Users can easily place and receive encrypted calls by integrating with the mobile device's standard operation and address book.
This security function is now on-demand.
Mutual authentication and end-to-end encryption make a high-security call mode possible.