Wednesday, April 20, 2016

If Only It Were Sci-fi: CEOs, CFOs, COOs and Cell Phone Vulnerabilities

Like many of you, I ease back into the workweek on Sunday evenings getting a jumpstart on things with 60 Minutes in the background giving me a heads-up on developing matters here and abroad.  This Sunday, Sharyn Alfonsi’s segment, Hacking Your Phone, jolted me back to business.  If you missed the program, here’s the takeaway:  your smart phone is defenseless against hacking and executives are particularly targeted.  Watching a U.S. Congressman’s mobile phone hacked in seconds, I reacted childishly – hoping it just wasn’t so.  But when I reached out to my speaker, Robert Bigman, former CISO of the U.S. Central Intelligence Agency – under whose watch the CIA was never hacked – I learned that, in fact, that our mobile phones and their networks are, indeed, entirely vulnerable and for simple reasons.  I asked him what my clients and readers need to know and what they can do to protect the privacy of their calls and their clients' information discussed in those conversations.  He shared:

It has been recognized for some time now that while cell (smart) phone is a new technology, the protocols that it uses to maintain wireless sessions, collect and communicate caller/device meta data and interface with the "wired" world, is decades old software and replete with vulnerabilities.  These "wired" world protocols (collectively known as Signals System 7), lack session authentication/integrity mechanisms and thus, are subject to call spoofing and redirection attacks. 

Cell phone users should also understand that while the "smart" devices contain incredible processing and communication capabilities, they are no more secure than your desktop/laptop computer running Windows or Linux operating systems.  Smart phones, like other computers, lack trusted "boot" protection, are written in coding languages that facilitate vulnerabilities, and allow applications to run that also expose the computer's operating system to memory exploitation. 

Your best bet for securing cell phone conversations (although far from guaranteed) is to use a separate/dedicated phone device with only an encrypted Voice Over IP (VOIP) application that, hopefully, satisfies the Federal standard for system cryptography (NIST FIPS Pub. 140-2).

Here's the link to the story:  http://www.cbsnews.com/news/60-minutes-hacking-your-phone and a link to Bob's full bio at www.SecuritySpeak.net.

 

No comments:

Post a Comment