Enterprise Cell Phone Security Is Lacking, Says Report

 
 
By Michelle Maisto  |  Posted 2009-12-03
 
 
 

New data from an ABI Research survey points to a major need for greater cell phone security for enterprise devices.

The survey included 250 senior executives in the United States and revealed that, while the executives recognized the security vulnerabilities posed by cell phones - with 41 percent saying they believed mobile phones to be more vulnerable to interception than e-mail, and 39 percent saying that phones are equally as vulnerable as e-mail - few had devices with adequate protection in place.

While ABI found that 79 percent of organizations discuss sensitive or confidential information over the phone at least weekly, and 51 percent daily, only 18 percent of organizations have "explicit mobile voice call security solutions in place," ABI wrote in a Dec. 3 statement.

Worse, 55 percent of respondents in IT roles said that their organizations had mobile voice call encryptions solutions in place. After looking into the matter, however, only 18 percent actually did.

"Effective e-mail security has become routine but our research shows most businesses do not apply anything like the same level of robust security to cell phone calls," Stan Schatt, an analyst with ABI, wrote in the report.

"Equally concerning is that a significant number of people who identified themselves as being responsible for cell phone voice call security incorrectly believe the organizations' mobile calls have been protected when they have not," Schatt continued. "This perception that they are protected when in reality they are not suggests a serious hole in the information security of many businesses. It is important that companies take urgent steps to review their measures for countering this growing corporate risk area."

Should the findings fall on optimistic ears, ABI describes a project devised by German hackers that came to light this summer and showed them to be working on a code table that would enable them to crack the encryption of GSM mobile calls - which is 80 percent of the world's mobile calls.

"This codebook is planned to be freely available within the next six months, and significantly lowers the bar for everyday hackers to crack GSM calls using only a high-end laptop," ABI wrote in the statement.

Intercepting radio waves, according to ABI, is not the way that the security of a call can be breached. "Interception risks occur at various segments along a call path, which may involve multiple network operators in a variety of countries each having a different levels of security measures and risks," the research firm wrote in the statement

ABI performed the study on behalf of Cellcrypt, which provides mobile phone security solutions.

"Companies that do not [act on the need for mobile phone security] are exposing themselves to attack," wrote ABI's Schatt.

Rocket Fuel