Whether we admit it or not, many of us probably have the unspoken notion that our mobile phone conversations are more secure than using a fixed line telephone, which everyone knows is susceptible to being tapped through various legal (and illegal) channels.

 

Of course, that was before recent revelations of the U.S. National Security Agency’s (NSA) wide-ranging and pervasive surveillance efforts, such as the collection of bulk telephone metadata without a warrant. This apparently includes the capturing of information such as the IMSI (International Mobile Subscriber Identity) number and calling card numbers.

 

Are You Live Streaming Your Mobile Call to the NSA?

 

The plot goes much deeper though: It has since been revealed that the NSA has the capability to crack the encryption commonly used in cell phones, according to a recent report on The Washington Post. Citing secret documents the publication saw, the Post suggests that the NSA can “process” calls encrypted using the AS/1 protocol that is still widely used today with 2G (GSM) networks today.

 

In a way, this should hardly come as a surprise, given that AS/1 was designed more than twenty years ago. Indeed, it has also been repeatedly cracked in public demonstrations over the last decade, with the objective of latter tests focusing on how fast it can be cracked — and not whether it can be cracked.

 

Ultimately, poor mobile security affects everyone, not just non-US citizens. After all, foreign state powers or unscrupulous corporate entities could also be listening in to important business calls conducted over mobile devices.

 

What Your Mobile Provider is Not Telling You

 

Of course, detractors will argue that AS/1 pertains only to 2G networks, and are not relevant to modern 3G or 4G capable devices. However, it is worth noting that most phones are configured to drop to 2G in congested places or areas with poor connectivity.

cell phone
And while there is newer, more robust encryption available even for 2G networks, the kind of security being employed by an operator is not readily apparent to non-specialists in the field. This creates a lack of pressure for mobile operators to upgrade their mobile phone networks.

 

Even the latest encryption standard offered by 4G LTE only protects traffic between the mobile device and the base station. This essentially leaves large swathes of the mobile providers network open to potential tapping — just like fixed line telephones.

 

A Possible Solution

 

Beyond clipping a James Bond-type scrambler unit to your phone, one possible solution that even small businesses can use to protect themselves entails using a well-established technology for voice calls: VoIP. Obviously, the use of proper encryption will have to be used for adequate protection, though there are thankfully many options available on this front.

 

This ranges from built-in encryption that may be proprietary to a product or service, or the use of a third-party VoIP encryption software. Another option may be to rely on tried-and-tested VPN technology or similar encryption offerings designed for computer networks.

 

Do you have any recommendations? Please share in the comments field below.