Secure Mobile¬†Telecommunications and threats against it – Article 3 in the series “Why organisations need to take responsibility for securing their telecommunications?”

There are three main methods or attacks used in corporate espionage to gain unauthorised access to confidential information transmitted using VoIP.

MAN IN THE MIDDLE ATTACKS

A man-in-the-middle (MITM) attack is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker. The attacker records, and can even change, the content of the interaction. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances.

Before a communications channel is secured, MITM is a meaningful threat to VoIP security. However, complementary security protection, used in conjunction with public-key cryptography techniques, can thwart MITM attacks.

BRUTE FORCE ATTACKS

A brute force attack consists of trying every possible code until the attacker finds the correct code. This requires not only testing a huge number of possibilities (statistically, half the number of possible codes), but also the ability to recognise when the correct code has been guessed. Because of the size of the keys used in VoIP cryptography systems today, and the ephemeral nature of the keys, this is generally not considered a serious current threat. However, the exponential growth rate of computer processing capabilities requires responsible designers of secure systems to provide protection that far exceeds the current security threshold. As an example, a leading cryptographer offered a prize in 1977 to anyone who could break his code. He estimated that it would take 40 quadrillion years to decipher the coded message. In 1993, using faster computers and improved computational methods, the code was broken.

SIDE CHANNEL ATTACKS

Side channel attacks are non-cryptographic attacks, based on information that can be retrieved from the device that is neither the text to be encrypted nor the text resulting from the encryption process. Devices using encryption often have additional output and input. For example, a mobile telecommunications device produces timing information (information about the time that operations take) that is easily measurable; radiation of various sorts; power consumption statistics (that can be easily measured as well), and more. Side channel attacks make use of some or all of this information, along with other cryptanalytic techniques, to recover the key the device is using. However, a well-designed, properly implemented secure phone system will minimise the vulnerability of the device to such attacks.

SECURE MOBILE TELECOMMUNICATIONS

For more information on how to protect your mobile communications please send a message to info@mssdefence.com

Or visit our website: store.mssdefence.com