Recent news stories about how President Trump uses phone lines that are not secure raise the issue about what makes a line secure or insecure. What is often misunderstood is that a “secure phone line” is not referring to the line itself, but rather the information on the line.
Malicious actors can be situated at any point over the miles of telecommunication wires, wireless frequencies, systems, and services between you and the person with whom you are communicating. “Tapping a phone line” isn’t beyond the capabilities of a determined attacker, and in the mobile world it is as easy as putting up fake cell towers and fooling phones to communicate with them, known as “stingrays” (recent reporting asserts cities like Washington, D.C. are littered with them.)
Lines are not secure, but information can and should be. Securing the call is therefore about disguising the communication on the line so that if it is intercepted, it can’t be understood – also known as encryption. Many of the best secure communications solutions today are built on the principle of “zero trust,” which assumes the line or telecommunications service is insecure. These solutions employ advanced forms of encryption to ensure the information is protected completely from sender to receiver. These products are widely available and can be used to secure text messaging, as well as voice and video calls.
Encryption is not just about securing messages, but about securing all types of communication. The technologies that offer a suite of services to cover all communications, such as video conferencing, phone, and messaging, are the ones that are most secure and important. The core of security is confidentiality, integrity, and availability, which means that encryption is critical. And, an additional level of security is to ensure that any encryption technology being considered is made and coded in the U.S. We should expect that our leaders are using these ultra-secure and easy to use methods to protect national security secrets. But consumers can and should take advantage of some of the same key actions to protect their phones and data.
It is not necessarily easy to hack a phone. But, with time and intent, it is doable. The success of malicious activity is the result of strong intent and capability. We have seen lots of examples in the mobile space, including the Pegasus and Monocle exploits and Google’s Project Zero document, which warns about watering hole attacks being used to compromise iPhones. During this holiday season, every consumer should be on the look-out for fake text messages. Malicious actors send messages offering holiday deals and discounts and even messages that look like bank communications warning about increased spending. Consumers are more likely to fall for these schemes this time of year because of their increased spending patterns and financial apprehensions. When consumers click on fake links, they unwittingly download malware that gives attackers the ability to “own” the phone and ultimately gain access to consumer finances.
Some basic advice about keeping your phone secure is to ensure you only load apps from trusted app sources and to use a screenlock. Additionally, if you are no longer using an app, delete it. For example, most one-time events and conferences now offer a mobile app to keep you up-to-date on agendas, speakers, and networking opportunities. One of the most opportunistic and relatively easy ways to access a device is through apps that are no longer being used. The hosts (i.e., event sponsors) are no longer monitoring them and users are not accessing them. Deletion of data you are no longer using is an important and necessary step in improving your security.
To summarize, four key actions you can take to keep your phone more secure are:
- Use an encryption technology that does more than just encrypt messages; use one that encrypts all of your communications – phone, video, and messaging;
- Be aware of mobile phishing attempts, especially around the holiday season. Always check the sender and if you have any doubts about the source, don’t click the links;
- Ensure you download apps onto your phone only from trusted sources; and,
- Delete apps you no longer use
As with all security, the focus should be on creating a strong security posture and being cyber aware and cyber ready. Our phones hold more personal information, and, in many cases, professional information, than any other device we have ever used. We are all accountable and responsible for making sure we use these basic tools and processes to keep our mobile devices secure. As individuals, our phones make us components of global supply chains. We have to do our part to keep these devices secure.