Attacks on phone calls step up as users assume voice calls to be the most secure vehicle for confidential information
Cyber criminals are now targeting confidential information that is being transmitted by voice calls.
GSMK CryptoPhone warned that unencrypted voice calls and texts are under attack and called on network security providers to do more in the fight against malicious phone fraudsters by ensuring end-to-end security measures for clients.
Bjoern Rupp, CEO of GSMK CryptoPhone, claimed that standard security measures cannot give customers the 360-degree protection they need, particularly when travelling abroad.
Rupp said: “Criminals are listening in on critical business information and stealing details and data which could do serious damage to companies. Many organisations have invested heavily in encrypting physical data sources such as laptops and disks, but they are leaving their phone correspondence completely unprotected and open to attack from professional fraudsters.
“Staff continue to exchange confidential company information such passwords and PIN codes over the phone, assuming calls to be the safest way to correspond. With many physical data sources now heavily protected, fraudsters see unencrypted calls as the easy way to gain access to sensitive information from corporate, military and national security organisations.”
This opinion follows a recent discovery of a basic vulnerability that was found in 12 out of 15 voice encryption products. Using a readily available wiretapping utility and a homemade Trojan, a blogger, known as Notrax, was able to bypass encryption and eavesdrop by capturing conversations from the microphone and speaker in real-time.
By suppressing any rings, notifications or call logs, these attacks go completely undetected, and while Trojans can be installed manually by someone with access to the phone, they could equally be delivered via email, SMS or a mobile application.
Wilfried Hafner, CEO at SecurStar, said: “Like most security breaches, Notrax went for the weakest link; he did not attempt to crack the encryption itself, but used simple wiretapping techniques.
“Unlike most of the vendors investigated, we recognised this potential security gap from the start and designed in measures to deliver complete end-to-end protection against eavesdropping.”
Following these concerns, Cellcrypt has launched a WiFi version of its secure mobile voice calling application that is free to BlackBerry smartphones users for 90 days.