Risks & Countermeasures
In September 2017, in collaboration with Kudelski Security, Tmanco SA held a presentation “Mobile Interception – Risks & Countermeasures” at the Cybersecurity Symposium in Lugano (Sept. 20th-21st) and at the ASUT Lunch forum in Zurich (Sept. 22nd).
We are glad to share with you this presentation, which highlights the vulnerabilities of the mobile infrastructure and devices, and how these vulnerabilities are exploited to listen into phone conversations, intercept sms, perform spoofing (call or send sms pretending to be…) and more. These threats compromise the privacy of communications and exposes our business to spying parties.
Many people assume that the mobile network is pretty safe and that interceptions are only performed by state agencies who have lot of resources or have access to the infrastructure. Unfortunately, it’s getting easier and cheaper for everyone to buy products or services and perform such interceptions. And because mobile is becoming an essential part of business communications, used to carry sensitive conversations, it is a target that is becoming more and more attractive. It’s a threat that businesses can’t afford to ignore anymore.
That presentation also describes White Noise , an innovative solution developped by Kudelski Security to adresses these issues and restore privacy in a wild wild world.
NO SCIENCE FICTION, THE THREATS ARE REAL
Our strong belief, which is part of our company’s long-term vision: if companies want to unlock the full potential of Enterprise Mobility, they must remove the barriers, Security is one of them and solutions exist to do that.
From an interception point of view, mobile networks and infrastructures can’t really be trusted, as their components suffer from various vulnerabilities. Hardware and software solutions are already available for those who need (or desire) to implement mobile interceptions: SMS spoofing, call spoofing and call listening are only a few activities which today are not only possible, but even easy and in some cases completely free. If you are curious to read some examples, you can find some of them in the presentation.
As higlighted during our speeches, while risks and interception activities are already reality, many businesses and their owners implemented so far no measure to prevent or face those attacks. While 64% of the companies believe they could not prevent breaches and 94% expect frequency to grow (see more stats in the PDFs), it looks like most of them would not take counter-measures before facing a serious attack. From a practical point of view, they are waiting for the catastrophe before trying to prevent it, which has no logical basis.
In front of this panorama, Kudelski Security is now giving a strong answer with a brand new set of products: White Noise (more info available here) which solves the interception problem at its root with end-to-end hardware encryption. With this approach we can have privacy and trust the communication even though we know the mobile infrastructure can not be trusted.