SOMEONE’S LISTENINGThe Real Reasons You Need to Encrypt Your Calls

Whitepaper

Someone’s Listening: The Real Reasons You Need to Encrypt Your Calls2

Someone’s Listening: The Real Reasons You Need to Encrypt Your CallsWhat You Don’t Know CAN Hurt You

By now, it’s common knowledge in enterprise that text-based communications – such as SMS messages, email, and instant messages – need to be encrypted. The media has driven that point home often enough.

What many don’t seem to realize is that encrypted text isn’t enough. In order to truly protect sensitive enterprise data, voice communication needs to be encrypted, as well.

Across all business functions and levels within an organization, employees and executives alike regularly exchange critical information over the phone. This includes details on mergers, intellectual property, product roadmaps, finances, litigation, and client data. When such communications are intercepted, they can cause as much damage to an enterprise as a hijacked email – if not more.

Someone’s Listening: The Real Reasons You Need to Encrypt Your Calls3

Consider, for example, the recent breach of Securus Technologies, a phone services provider for the United States prison system. An anonymous hacker released over 70 million phone records made between 2011 and 2014. Included in these records are approximately fourteen thousand conversations between inmates and attorneys – a clear violation of attorney-client privilege.

“That 14,000 figure is likely an underestimate, because it does not include calls to attorney cellphone numbers,” Jordan Smith and Micah Lee of The Intercept explain. “These attorney calls are potentially just a small subset of the attorney-client calls that were hacked.”

“In short,” they continue, “it turns out that Securus isn’t so secure.”

The Securus breach underscores the sensitive nature of phone calls and their records. The phone calls released by Securus’s hacker comprised a wealth of privileged client-attorney information – a class-action lawsuit is already brewing as a result.

What might ill-intentioned third parties hear if they listen in on your enterprise’s calls?

That’s not a hypothetical question. Eavesdropping is now easier than ever, and the software that enables it is both highly available and simple to use. Worse still, due to security shortcomings, this eavesdropping usually goes unnoticed until it’s too late, if it’s detected at all.

At issue here is the fact that, in spite of recent developments, the architecture underpinning voice communications still falls woefully short from a security standpoint – and at the same time, eavesdropping and interception tools have only grown more advanced.

What might ill-intentioned third parties hear if they listen in on your enterprise's calls?

Someone’s Listening: The Real Reasons You Need to Encrypt Your Calls4

Weak Architecture and Advanced Hacking Tools Make For a Dangerous Cocktail

Signaling System 7 – the world’s most widely used telecommunications protocol – is positively ancient by technological standards. It was first defined as a standard in 1980, over thirty years ago. Bafflingly, it has changed relatively little since then.

“SS7 was created before there was an Internet, and was never designed to be secure in today’s world,” explains Enderle Group principal analyst Robert Enderle. “Its security was based on the fact that no one other than carriers and some governments could access it. It’s a technology well past its prime.”

More concerning is the fact that SS7, outdated as it is, forms the backbone of many mobile communications standards, such as GSM. This outdated architecture is the reason hackers can listen in on phone calls and intercept messages regardless of carrier encryption. It’s the reason GSM calls can be hacked using $9 handsets; it’s why readily available commercial interceptors can often decrypt calls before the user even picks up the phone.

It’s also why security researcher Chris Paget was able to build a $1500 cell-phone tapping device capable of intercepting virtually any GSM call he chose. Back in 2010, he demonstrated his tool by intercepting several dozen calls made by hackers at the DefCon conference in Boston.

It’s worth noting that GSM has been superseded by new standards such as 3G and 4G, and currently accounts for less than 1% of total traffic. 3G, though more secure than 2G, still uses SS7. And though 4G LTE uses the “relatively modern” Diameter Protocol, it will only account for 10% of worldwide mobile connections by 2017. 2G and 3G make up the other 80%.

What’s more, although it’s built atop more modern architecture, 4G has its own security shortcomings.

As demonstrated in a presentation at Black Hat Europe in November 2015, the idea that LTE security alone is enough to protect phone calls is naïve at best. Low-cost hacking tools can easily bypass enhanced LTE security measures, and a rudimentary denial of service attack can force most phones to drop down to a 2G or 3G connection. Enterprises cannot, in other words, rely on carriers to protect voice calls.

You need to safeguard them yourself – and that’s where SecuSUITE® for Enterprise comes in.

Someone’s Listening: The Real Reasons You Need to Encrypt Your Calls5

Protect Your Organization’s Information Against Electronic Eavesdropping

SecuSUITE® for Enterprise is a hosted software-based solution that provides secure calling and text messaging on mobile devices, across multiple operating systems – including iOS®, Android™ and BlackBerry® 10.*

› With SecuSUITE for Enterprise, technology that was designed to protect national security has been adapted and optimized to secure your organization’s communications against electronic eavesdropping and third-party attacks.

› SecuSUITE for Enterprise is hosted in the BlackBerry® Infrastructure, which provides a direct connection to more than 600 carriers around the globe.

› Connect securely with the people you need to talk to, inside and outside your organization, and across phone networks around the globe. If they use SecuSUITE® for Enterprise, you can communicate with them securely, with the crystal-clear voice quality you need and expect.

› You don't have time to waste trying to get technology working for you. SecuSUITE for Enterprise is designed to be easy and intuitive to use, so there’s no learning curve.

› SecuSUITE for Enterprise comes with a user-friendly, secure cloud-based portal where administrators can enroll or deactivate users and adjust settings. There’s nothing else to add, manage, maintain, or worry about.

› SecuSUITE for Enterprise is MDM/EMM-agnostic – so you’ve got the flexibility to deploy it even if you’re running multiple MDM solutions, or in the midst of a transition to a new EMM platform.

Leverage the security benefits of a behind-the-firewall, on-premise solution – with the convenience of a cloud deployment. With no servers or hardware to install, there’s no upfront capital expenditure and no unpredictable operating costs to wonder about. SecuSUITE® for Enterprise is available at a low monthly cost per user, on an annual license basis.

Safeguard Mission-Critical Data

Enterprise decision-makers know that in order to safeguard mission-critical data, they need to encrypt digital, text-based communications. Unfortunately, many of them don’t realize that unsecured phone calls represent as much of a threat as an unencrypted email. Outdated carrier infrastructure and the wide availability of advanced eavesdropping tools designed to intercept confidential calls are a dangerous combination for any unprepared enterprise.

A dedicated call encryption solution is necessary, but it cannot be difficult to integrate or use. Enterprise infrastructure is complicated enough already, without adding extra layers of complexity. Further, employees demand convenience from all the business apps they use – and if they aren’t afforded that convenience, they’ll simply ignore or circumvent your organization’s security measures.

By implementing a solution such as SecuSUITE for Enterprise, you’ll protect your sensitive information against eavesdropping without hindering either administrators or employees – and without making your mobile architecture any more complex than it needs to be.

Someone’s Listening: The Real Reasons You Need to Encrypt Your Calls6

Learn more about what SecuSUITE for Enterprise can do for you at blackberry.com/secusuiteforenterprise

©2016 BlackBerry. All rights reserved. BlackBerry®, BBM™ and related trademarks, names and logos are the property of BlackBerry Limited (“BlackBerry”) and are registered and/or used in the U.S. and countries around the world. All other trademarks are property of their respective owners.