Wireless providers that offer cellular service might present risks to the enterprise, either through infrastructure that makes eavesdropping possible or through wireless carrier security holes that let unauthorized users access account and usage data.
Employees who bring their own devices to work transmit data and voice over cellular networks, and IT can’t see into or control that. Though it appears that only intelligence and law enforcement agencies can listen in on calls and access customer data, security researchers have demonstrated otherwise. Hackers using widely available hardware and open source technologies can intercept and decrypt cellular calls. The wireless carrier security risks are out there, and it’s important that the enterprise be aware of them and take the proper steps to secure information that employees are transmitting over cellular lines.
Wireless carrier security risk: Eavesdropping on calls
When users make calls on their mobile devices, voice data travels wirelessly from the phone to a cell base station. The base station connects to the provider’s telephone switches through
A determined individual or an organization with enough resources and expertise could intercept calls at any point, but cracking wireless carrier security is easiest at the telephone switches (where intelligence and law enforcement agencies can listen in on calls). Any organization that can gain access to the switching equipment can intercept subscriber’s calls.
Leased lines also provide an avenue for monitoring calls, and cybercriminals can intercept wireless signals without access to switches. That’s not to say that anyone who can intercept a signal can listen in on a call, however. Mobile devices and wireless networks have many built-in safeguards, but some technologies make it easier than others for criminals to monitor calls.
Two of the most common cellular technologies are Global System for Mobile Communication (GSM) and Code Division Multiple Access (CDMA). Most of the world uses GMS, but its security model has come under increasing scrutiny because of system weaknesses. Motivated attackers can crack the A5 encryption algorithm used for GSM communications, and wireless carrier security experts have demonstrated that rogue GSM base stations can trick a mobile device into routing outbound calls through that station.
CDMA is based on spread-spectrumtechnology that deliberately spreads the signal across a wider bandwidth, making specific calls more difficult to intercept and decipher. This is one reason companies such as Verizon and Sprint have gone with CDMA instead of GSM in the United States. CDMA uses the RC4 encryption protocol, which doesn’t keep keys secret, making it easier for an attacker to eavesdrop on calls. But CDMA cracking requires intense effort and expensive specialized equipment, so calls over CDMA are still far more difficult to listen in on than GSM calls.
Compromising wireless carrier security systems
Wireless carriers are the big brothers of mobile devices -- they collect information about the devices and data connected to their network. Carriers can identify the device type, operating system, IP address and they can tell which apps are installed on a device. They can also track when a device connects to a cell and determine where that device is located. Carriers can save all that information indefinitely.
Wireless carriers can also intercept the metadata for each data packet transmitted on their network. The metadata can include details about the packet’s origin and destination, the amount of data in the packet and nature of that data. In addition, carriers can conduct deep packet inspections (DPIs) on the data flowing to and from the device on their network in order to examine the integrity of the data and perform advanced network management tasks. Carriers can also use DPIs to mine data, inhibit content and eavesdrop on mobile communication.
Because they have the ability to track and record data, wireless carriers can store information about each call made from a mobile device. Such data includes the phone number called, time of the call, its duration and where the call was placed. Carriers can collect location information about individual devices even if the device owner has never made a call. Carriers often retain this data for 6 to 12 months or longer.
Even if a company intends to use the information it collects for purely benevolent reasons, malware, targeted attacks or rogue employees can compromise wireless carrier security and release customer information. Even now call records are available online for a fee. And there’s nothing to stop wireless carriers from using subscriber records for marketing purposes.
Protecting the enterprise
More on wireless carrier security
Mobile service providers and wireless carriers
Mobile security threats
Will wireless carriers adopt a device security philosophy?
There are no easy answers when it comes to ensuring wireless carrier security or the security of enterprise mobile communication. CDMA is generally considered more secure than GSM, but CDMA isn’t fail-safe. There’s little that the enterprise can do about the data collected by wireless carriers. Enterprises might consider a Voice over Internet Protocol solution that supports fully-encrypted voice communication between devices, but that means adding an extra layer of complexity and expense. Additionally, the mobile industry changes at such a rapid rate that it is difficult for the enterprise to keep up. Whatever steps an enterprise takes, they must first recognize that wireless providers carry with them certain risks, and companies should assess those risks carefully when supporting mobile communications.
This was first published in April 2012