Voice Communication

Voice communication provided the force behind the rise of cellular phones in the 1990s and early 2000s. The popularity of cellular services led service providers to create robust networks designed to provide communication services, but also one of the key desires of consumers—mobility.

For the most part, voice communication services are taken for granted in today’s market. However, voice communication technology continues to evolve, and new products, services, and devices are announced almost daily. While these advancements continue to provide subscribers with expanding and improving features, security is very much in the forefront of their concerns and interests.

Voice Communication Security

Voice communication security concerns are much different now than they have been in the past. The areas of concern may stay the same (privacy, bandwidth, and range), but the security capabilities of newer devices evolve right along with the technology. From the beginning, 1G communication was easily intercepted, due to the fact that it was transmitted in analog. 2G and 3G introduced encryption for voice communications, making it much more difficult to intercept conversations. While the encryption algorithms of 2G and 3G could be cracked by hackers, capturing voice communication and the time and required equipment needed to capture the voice transmission made eavesdropping less attractive than it may have been originally.

Because voice communications have transitioned to digital and are carried on IP networks, security threats may increase. New technology may or may not incorporate defenses from an attack by malware, exploitation of vulnerabilities, and the large variety of attacks being devised daily. Newer systems may incorporate improved security features, but, and I will say it again, system and network security is a catch-up endeavor. IP-based networks and applications have been around—and have been attacked—for years. So, it is reasonable to believe that new generation devices benefit from the security controls and measures developed for newer computer networks. Increasing data speeds allow more efficient security solutions like VPN tunnels and strong authentication passwords and mechanisms.

Email

Email is considered to be the de facto standard for business communication and virtually all newer mobile endpoint devices have remote access to email. Most corporate communications occur through voice (face-to-face, telephone, recordings) and written (memorandums, letters, notes, and email) channels, although cell phone text messaging is gaining some ground.

As newer mobile devices with additional features and more and faster computing power continue to appear, these devices are increasingly more essential in business, social, and personal cultures. Mobile endpoints are a critical element of telecommuting programs. Business continuity plans, often nonexistent or obsolete, are being created and updated to include tasks in which employees are to use email on mobile devices should a catastrophic event occur to the company. The concept of the “9 to 5” workday has changed. Employees routinely check their company inbox for email outside of their standard workday hours and on weekends.

Instant Messaging (IM) Chat

Instant messaging (IM) or chat is a popular messaging format on mobile devices as it fills a niche between emailing and texting. Like text messaging, it provides real-time communication, and its short messages are compatible with smaller mobile device screens. However, IM does not have a universally recognized standard and may never have one. A proprietary IM service usually has a client that is required to communicate with others on the same IM service. Wikipedia (https://en.wikipedia.org/) lists 28 different IM protocols, none of which are compatible with all of the others.

Even though many IM services have the capability to encrypt conversations, IM has some inherent risks. Only some anti-malware programs integrate with IM clients, which creates possibility of malware being passed through an IM network. Some IM systems support file attachments, which can raise the malware threat even higher. However, if file attachments or file transfer features are available, most likely they can also be disabled.

Another issue, which is really a continuation of the previous, is that many IM services rely on advertising to subsidize the free use and operation of the IM service. Essentially, the IM service is inserting an adware file into an IM message body before its transfer, which raises the risk level even higher. This creates a significant risk because adware is widely used for distributing malicious code.

SMS/Text Messaging

Text messaging, or Short Message Service (SMS), has become the prevalent communication mode on mobile devices. Unlike voice calling or even IM, texting does not require the recipient to be available, just his or her device. In a recent study, Interactions, LLC (https://www.interactions.com/) and the Harris Poll, reported that

… consumers are split on which method they prefer. While 51% prefer texting or typing overall, 49% prefer voice channels when communicating with a company. That’s not to say that there aren’t differences when it comes to age groups. Millennials, for example, are most likely to prefer texting or typing (67% compared to 55% of Gen Xers and 33% of Baby Boomers).

From a security perspective, texting presents fewer risks than most other communication methods. The text messaging conversation itself has little risk. The security threat, which is actually a physical security threat, is in how the physical device is used.

Perhaps the most serious problem with SMS and texting is that it can be done while doing something else. For the majority of activities that can be shared with a mobile device, there really are no safety or security issues. However, many countries and all but one of the U.S. states have laws against a driver texting and/or voice calling while operating a vehicle, motorized or not. Some states also have laws that limit the use of cellphones for a variety of purposes or by minors.

Here are a few of the statistics regarding texting while driving:

• The National Highway Traffic Safety Administration (NHTSA) reports that 660,000 drivers are “using their cell phones while operating a vehicle at any moment of a day.”

• A study by students at Virginia Polytechnic Institute and State University (Virginia Tech) found that a driver is “20 time more likely to crash while texting and driving” over when they are not.

• The American Automobile Association (AAA) says that while 94% of all teen drivers understand the law and the dangers of driving and texting, 35% admit to doing so.

• The NHTSA also reports that, on average, there are about 3000 texting while driving deaths per year, over the past 8 years.

Another potentially serious vulnerability of mobile communication devices is that very few monitoring or filtering processes protect against the transmission of sensitive information. While redacting PII and other sensitive information from text messages would likely be a priority for virtually all users, businesses and corporations must guard against proprietary and/or sensitive information being included in a text message and transmitted out of the organization. Text messages are transmitted “in the open,” meaning they are sent as plain text with no compression, no encryption, and right out there for anyone to see.

Applications for finding and redacting PII, personal health information (PHI), names, dates, places, and specified phrases in document files do exist, such as Philter from Mountain Fog (mtnfog.com) and Redact (redact.dev). However, these and similar products are computer applications intended for redacting information from word processing and other personal productivity documents, with results like that shown in Figure 13-4.

MMS Messaging

Multimedia Messaging Service (MMS) messaging is very similar to texting. MMS facilitates the sharing of multimedia content, not just text. In addition to graphics, images, and photographs, MMS supports the transmission of video, text, and audio, such as ringtones. MMS is used mostly to send and receive photos taken by smartphone cameras. MMS also has several commercial uses, including news alerts (text plus graphics), weather alerts, bulletins, and security systems that send text and graphics alarm messages to owners or offsite monitoring companies.

Because MMS is a point-to-point short messaging method, its risks are very similar to those of SMS, such as denial of service (DoS) attacks and interceptions of plain text messages. MMS can be upgraded to apply encryption, but these are essentially commercial products and rarely used by the majority of MMS users. MMS has relatively few security vulnerabilities that would compromise sensitive data. However, more danger can exist when users are in roaming areas away from their home network and using the internet.