The cellcrypt website reported that the codebook that unscrambles GSM calls - used in 80% of cell phones - has been computed and published on the web, that lowered the cost to criminals for cell phone eavesdropping to below $10,000.
According to a survey of seventy five companies and 107 senior executives in the United States, it costs U.S. corporations on average $1.3M each time a corporate secret is revealed to unauthorized parties. 18% of respondents estimate such losses to occur weekly or more frequently, 61% at least monthly and 90% at least annually.67 percent of IT practitioners surveyed lack confidence that the proprietary and confidential information conveyed during cell phone conversations is adequately secured in their organizations and 85% believe voice data security is at least as important as other security issues faced by the business.
Moreover, 80% believe that the organization would not discover the wrongful interception of a cell phone conversation that revealed valuable corporate secrets.
The survey asked participants to respond to the likelihood of six separate scenarios involving the use of cell phones to communicate sensitive and confidential information occurring in their organizations. The scenarios described the following:
- A conference call among senior leaders in the company in which cell phones are sometimes used.
- A sales manager conducting business in Asia uses her cell phone to communicate with the home office.
- An external lawyer asks for proprietary and confidential information while using his cell phone.
- A call center employee assists a customer using a cell phone to establish an account and collects personal information (including Social Security number).
- The finance and accounting staff discusses an earnings press release and one participant on the call is using a cell phone.
- A CEO's administrative assistant uses a cell phone to arrange ground transportation which reveals the CEO's identity and location.
Awareness of the problem was high with 71% stating that confidential information is communicated over cell phones in conference calls, 80% when travelling to countries known to be high risk for voice interception and 83% when discussing information with professionals such as legal representatives.
59% of respondents felt that high profile employees are likely or very likely to be specifically targeted for voice interception with 50% indicating that such interception would occur by government authorities and 32% by criminal organizations. The risk of such interception was seen to be highest in the Asia Pacific and Middle East regions.
Despite these findings, few organizations have yet deployed comprehensive protection measures with only 14% deploying technological solutions to personnel travelling to high risk locations and a surprising 83% not even providing employee training to raise awareness about the risks of using cell phones in high risk areas.
"Cellular communications are ubiquitous in business and will only become more prevalent as worker mobility grows, yet the risk to information security is often overlooked," said Larry Ponemon, chairman and founder, Ponemon Institute. "Common scenarios, such as conference calls attended by executives dialing in on their cell phone, may pose a serious threat to highly sensitive personal or corporate information if proper precautions are not taken to ensure business information integrity."
Simon Bransfield-Garth, CEO of Cellcrypt added "This data attempts for the first time to put an economic figure on the cost of cell phone interception. With recent news demonstrating the vulnerability of cell phone calls, it serves as a wake-up call to those responsible for Risk and IT within corporations to add cell phone risks to their list of hot topics."