Secure communications expert Simon Ford, director of NCP engineering, points out that “most corporations realize the vulnerability of PCs and laptops and have implemented various security protocols to prevent security breaches. In the case of smartphones, however, we see a complete lack of awareness to the same dangers. This is the area attackers are increasingly looking to exploit."
At the ToorCon hacker conference last weekend, engineers from Sipera Systems demoed, for the first time, how iPhone and smartphone VoIP over WiFi calls can be intercepted, listened to, and recorded. All that was required was a laptop running a modified version of Sipera VIPER Labs’ UCSniff vulnerability testing app, and any open WiFi network. UCSniff can tell when an iPhone/smartphone VoIP WiFi call is initiated, and can then grab the conversation. This hack shows how smartphone VoIP WiFi calls, while saving money versus cellular network calls, are inherently unsecure and not suitable for business use.
Blog Back -- Do you have policies, procedures and technologies to protect iPhones and smartphones used by your C-suite executives? Send your input to security@bnpmedia.com
Last year, more than 139 million smartphones were sold worldwide, a 14 percent increase from 2007, according to the Gartner. A survey by security firm Trend Micro: only 23 percent of smartphone users enable security software already loaded onto their phones and 44 percent think surfing the Internet on their phone is as safe or safer than doing so on a desktop computer -- even with no security software. There are tools upcoming. For example, Sipera has a new SLiC system for securing mobile VoIP over WiFi. Sipera SLiC already is in use by multiple customers, including a Fortune Global 500 enterprise, which is using it to securely offload millions of minutes in cellular usage to VoIP.