Cell phone hacking is an offence under UK law in the Regulation of Investigatory Powers Act 2000. It has been a well-known danger in the UK since the News of the World scandal, in which journalists at that now-defunct paper made it a regular practice. The latest statistics show 40 per cent of British companies have been affected by cell phone hacking, which is accomplished by brute force attacks using the PIN of the phone, or by using a back door for covert interception or remote control. Diligent security enables remote phone wiping, so that sensitive data can be removed from a hacked phone at any time.
UK Phone Hacking: “Malware Is Having a Field Day!”
There are no updated statistics on phone hacking in the UK, but the last estimate by Ofcom in 2013 showed that more than 40 per cent of British companies had been affected by phone hacking in one form or another, at a cost of £1.4 billion.
But analysts have noted the increased threat:
“Mobile has become the new playground for cybercrime, and so far, malware is having a field day. The migration of traditional PC-based threats, such as Trojans, spyware and spam, to the mobile platform is not surprising. The popularization of mobile operating systems such as Android, and the general lack of public awareness, has enabled malware to multiply exponentially over the past year. Cybercriminals view mobile as another lucrative platform to exploit. And they are not the only ones. Mobile is attracting shady and unscrupulous parties employing any number of dubious practices: intrusive advertising, unauthorised data collection, government surveillance and corporate espionage,” warned ABI Research analyst Michela Menting.
Enjoying what you are reading? Sign up now to receive more content from Diligent.
A recent study shows that mobile security costs UK SMEs over £66 billion per year – an average of £13,823 per company. It further shows that SMEs dedicate, on average, six hours per week to managing and monitoring mobile devices – which equates to 17% of an IT manager’s working hours. Responding reactively to mobile security threats was found to cost SMEs more time and money than proactively mitigating the threat; on average, over £3,000 more per year, and two additional IT support working hours per week.
Danger: Compromised Corporate Information
The News of the World scandal, involving the phone hacking of celebrities, politicians and even the Royals, made regular headlines from its start in 2006, through the closure of the century-old newspaper in 2011, through the arrest of the top editors at the scandal sheet. Despite this intensive notoriety, businesses are simply not aware that phone hacking poses such a direct threat – the sense among many is that only celebrities have to worry about it.
It only takes one infected mobile device on a corporate network to provide access to the entire network. The danger: compromised corporate information, followed by decreased productivity and increased malware infections, according to IT security experts at SolarWinds.
Your Phone Number Is All a Hacker Needs
In fact, your phone number is all a hacker needs to get into your cell phone, because the hacking is done on the network side and does not require the phone at all.
Hackers intercept your calls and messages via the servers on the mobile phone networks. This includes intercepting mobile telephone calls to listen to the call in progress, taking covert control of the mobile phone to receive copies of text messages and other activity, and to remotely listen in to activity around the phone
This is done by installing software on the phone to provide the functionality that is remotely accessed. The phone user is not aware of the operation of the software. Information is sent using the phone data capability and is not readily identifiable from the phone bill.
There are also flaws in the implementation of the GSM encryption algorithm that allow passive interception. The equipment needed can be built from freely available parts, and designs are available on the internet. Mobile operators are updating the encryption software to overcome this flaw, but it has yet to be updated by all operators.
Says German security researcher Karsten Nohl, who was the first to demonstrate mobile phone vulnerability: “The mobile network is independent from the little GPS chip in your phone, it knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a PIN number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That, of course, is not controlled by any one customer”.
One of the biggest dangers, beyond someone listening to calls and reading text messages, is the interception of two-step verification codes that are often used as a security measure when logging into email accounts or other services sent via text message.
Top Executives, Directors at Risk – Board Portals Can Help
Those in a place of power, within organisations or government, are most at risk of phone hacking, Nohl added. Top executives are an obvious target. The executive’s phone number is the only data the hacker needs, and that piece of information is not too difficult to obtain. A mobile number hijacker who gains control of a board director’s number might gain access to the board’s portal, where the hacker can access documents, sensitive information and funds.
Directors are an obvious target. They handle sensitive information all the time, so it is essential to protect their mobile phones.
More and more boards are using board portals so that they can conduct board business on the go from their mobile devices – and board members should be looking for a product that features remote wiping for security.
Remote wiping is a security feature that allows a network administrator to delete data on an electronic device remotely. When the cell phone hijacker tries to connect to the internet, the device erases everything on the board portal.
A security feature like remote wiping safeguards your investment reports, earnings statements, emails, and other data regarding governance and compliance.
Remote wiping works to protect data before it has been stolen. Board directors can’t be too cautious with their board’s sensitive information. Board portal services that offer remote wiping services give board directors peace of mind in knowing that their board business is secure.
November 30, 2020
The Technological Revolution: How Technology Drives Innovation in the Boardroom
If the board is not examining its own practices and not looking for better, more efficient and more process-driven solutions to routine tasks, then there’s every chance that such a laissez-faire approach to innovation and forward-thinking will permeate the rest of the business too. As Board Agenda’s Managing Editor Gavin Hicks noted in the recent Diligent/Board Agenda webinar: “Companies that innovate succeed. Those that don't often fail.” So what practices should boards be evaluating to utilise the technological revolution and embrace innovation?
September 19, 2019
What is the Diligent Governance Cloud?
In the quest for good governance, companies have focused heavily on finding efficient, cost-effective solutions for risk and compliance issues. Even while the market has placed the importance of practising good corporate governance in the limelight, governance solutions have lagged behind risk and compliance solutions. Diligent designed the…
November 16, 2018
Cybersecurity – The Disconnect Between the Chief Information Security Officer and the Board
Chief Information Security Officers (CISOs) need to better communicate strategies and initiatives to board members. UK companies are under threat from cyberattacks, yet only about five per cent have a Chief Information Security Officer, either on the board or working with the board, a recent Deloitte poll shows.