Enterprise Cell Phone Security Is Lacking, Says Report
New data from an ABI Research survey points to a
major need for greater cell phone security for enterprise devices.
The survey included 250 senior executives in the United
States and revealed that, while the executives recognized the security
vulnerabilities posed by cell phones - with 41 percent saying they believed
mobile phones to be more vulnerable to interception than e-mail, and 39 percent
saying that phones are equally as vulnerable as e-mail - few had devices
with adequate protection in place.
While ABI found that 79 percent of organizations discuss
sensitive or confidential information over the phone at least weekly, and 51
percent daily, only 18 percent of organizations have "explicit mobile voice
call security solutions in place," ABI wrote in a Dec. 3 statement.
Worse, 55 percent of respondents in IT roles said that their
organizations had mobile voice call encryptions solutions in place. After
looking into the matter, however, only 18 percent actually did.
"Effective e-mail security has become routine but our research shows most businesses do not apply anything like the same level of robust security to cell phone calls," Stan Schatt, an analyst with ABI, wrote in the report.
"Equally concerning is that a significant number of people who identified themselves as being responsible for cell phone voice call security incorrectly believe the organizations' mobile calls have been protected when they have not," Schatt continued. "This perception that they are protected when in reality they are not suggests a serious hole in the information security of many businesses. It is important that companies take urgent steps to review their measures for countering this growing corporate risk area."
Should the findings fall on optimistic ears, ABI describes a
project devised by German hackers that came to light this summer and showed
them to be working on a code table that would enable them to crack the
encryption of GSM mobile calls - which is 80 percent of the world's mobile
"This codebook is planned to be freely available within the next six months, and significantly lowers the bar for everyday hackers to crack GSM calls using only a high-end laptop," ABI wrote in the statement.
Intercepting radio waves, according to ABI, is not the way
that the security of a call can be breached. "Interception risks occur at
various segments along a call path, which may involve multiple network
operators in a variety of countries each having a different levels of security
measures and risks," the research firm wrote in the statement
ABI performed the study on behalf of Cellcrypt, which
provides mobile phone security solutions.
"Companies that do not [act on the need for mobile phone security] are exposing themselves to attack," wrote ABI's Schatt.