By Dr. Hans-Christoph Quelle, CEO of Secusmart GmbH
Edward Snowden’s revelations began a new era in communication. Disclosures about electronic spying and eavesdropping shook every smartphone user to the core, from high-ranking politicians and companies of all sizes to private individuals, and resulted in a massive increase in the importance of effective anti-eavesdropping technology. In the wake of the largest wiretapping scandal in history, governments, businesses and private users all over the world vehemently demanded the services of reliable experts in eavesdropping protection.
PROTECTION OF PRIVACY
Suppliers of anti-eavesdropping solutions, in particular, recorded a sharp increase in orders. Suppliers find that the rise in demand is mainly due to concerns about protecting privacy and fears that controversial political information or sensitive company information could be stolen or misused. After all, anyone with a smartphone today lives in constant fear of not being able to completely protect their private information from attack. The concept of the transparent citizen, which had always been foreseen, was suddenly very close to becoming a reality after the bugging revelations. Another factor is uncertainty. After all, the misuse or theft of data is usually only discovered when it is far too late.
Many smartphone users have made themselves vulnerable to these technical attacks in recent years. Facebook, Twitter and online shopping sites ask for names, addresses and even bank details on a daily basis and these details are still being entered on the internet, even after Edward Snowden’s revelations. But this data is only one side of the story. Snowden also made it clear that the content of every single telephone conversation could be misused and stolen. Words are no longer fleeting, but can be intercepted, saved and consequently misused and sold. The exact same thing applies to a shopping form, bank transfer or even the last email chased through data channels.
There is a need for a shield to ensure effective eavesdropping protection in mobile communication.
Today, there is actually no form of communication that cannot be bugged. Moreover, there is an extraordinary amount of criminal activity in this field and with good reason, because data has become a lucrative commodity. It is extremely valuable even just to trace the movements of a smartphone user. After all, it is precisely this data that can be saved and sold. Under the guise of being better able to appeal to target groups, this data can be of great interest to advertisers, for example, as these marketing professionals can use this information to target specific people in telephone calls, marketing and advertising campaigns.
However, it is not only private individuals who are affected, governments and businesses also have to give serious consideration to data security. If data is not secure, the consequences are far-reaching and there are many different risks, ranging from identity theft and industrial espionage to the publication of political secrets.
THE SMARTPHONE AS A SOURCE OF DANGER
As we are all mobile and it is vital to remain mobile, we have to ask ourselves how we can protect ourselves from this invisible threat. The most important factor is smartphone security. The latest devices are at the greatest risk of being misused by others for their own ends. They are today’s data carriers, per se. They can be used to make telephone calls, surf the internet, update social networks and send emails. Diary apps are also often carefully updated and address books are always synchronised with all accounts and kept up to date. This means they contain a wealth of data, which is worth seizing.
The security risk is particularly serious with regard to security management in government agencies, where it has been common practice to have several smartphones. This made security management much more difficult. Certain tasks were allocated to each device. One smartphone was used for all work queries. The second smartphone was used to discuss private matters. Employees of ministries or government agencies often even had a third device, which was only used for email communication.
This lack of clarity made it virtually impossible for security management to guarantee security. Furthermore, it was and is difficult to make users aware of the issue of security. This is mainly because users are so accustomed to the convenience of being able to access anything with only a few clicks on a smartphone: emails, social network accounts as well as simply making a phone call whenever and wherever they want, without having to constantly wonder where someone is. The type of attack known as social engineering also makes it difficult to protect data at all times. Social engineering is a type of confidence trick where, for example, information is simply requested on the telephone. This usually involves simply giving a different name on the telephone or pretending to be calling from a certain institution. The procedure is not at all complicated but the damage is enormous if a caller is successful.
Legal problems also pose a challenge. When can data be deleted from a smartphone, in order to protect it? And how much access should a government agency’s security management even be allowed to have to a user’s smartphone?
A SECURE SOLUTION
SecuSUITE for BlackBerry 10 provides the option of central security management and combines a private and business profile on only one smartphone. This is why German government agencies and ministries make telephone calls with security solutions from Secusmart. Today, SecuSUITE for BlackBerry 10, the mobile eavesdropping protection system designed by the Düsseldorf-based company, is one of the world’s most successful security technologies. As the only solution for securing telephone and data communication, SecuSUITE for BlackBerry 10 has been provisionally approved by the German Federal Office for Information Security (BSI) at the VS-NfD (classified – for official use only) security level. The solution is available on BlackBerry devices using operating system OS 10 and higher.
This development was made possible through strategic collaboration with our business partner, BlackBerry. Security has always played an integral role in the BlackBerry company. The BlackBerry Balance function also provides the option to separate the private profile from the business profile. Together with Secusmart, BlackBerry protects voice and data communication on only one device, thereby meeting international security requirements.
In addition to security officially approved by the German Federal Office for Information Security (BSI), the device is convenient to use. For example, the private profile on SecuSUITE for BlackBerry 10 can be used for all the same activities as before; it is just as easy to post information on Facebook as it is to call a spouse. As soon as communication relates to official matters or sensitive data needs to be transferred the business profile provides protection from unauthorised access.
SMALL CARD PROVIDES SECURITY
The Secusmart Security Card provides security. The small card encrypts and decrypts the spoken word and carries out authentication and encryption. This ensures that no information reaches the public domain where it could be intercepted. The NXP crypto-controller with PKI coprocessor is responsible for authentication. An additional high-speed coprocessor encrypts voice and data communication using 128 bit AES, facilitating secure end-to-end communication. With the SecuSUITE solution, the Secusmart Security Card guarantees compliance with the German government’s security requirements (classified – for official use only (VS-NfD)).
ABOUT THE SECUSMART SECURITY CARD
User authentication prevents conversations from being intercepted. Even an IMSI catcher is of no use here. An IMSI catcher masquerades as a base station and smartphones “voluntarily” log into the catcher, making it very easy to read the required data because the catcher simply disables GSM network encryption. Other possible attacks are also prevented by the Secusmart Security Card, such as bugging via camera or GPS. Malicious software attempting to trick the device into treating it as a service update or upload is thwarted by hardware encryption.
THE SECURE APP WITH TECHNOLOGY DESIGNED FOR GOVERNMENT USE
SecuSUITE for BlackBerry 10 is precisely tailored to the requirements of government agencies and ministries. Secusmart joined forces with Vodafone to launch a weapon against bugging in order to meet the requirements of businesses for an effective, manageable and flexible eavesdropping protection system. Vodafone Secure Call integrates the technology designed for government use into an app, making secure telecommunications equally attractive to small and medium-sized enterprises and corporations.
Vodafone Secure Call is based on the assumption that businesses require an anti-eavesdropping solution, which makes security affordable and independent of any platform. Vodafone Secure Call is the result of development work with Vodafone. As early as 2013, tried-and-tested secure voice and messaging solutions were presented. The jointly developed expertise in cryptography is now integrated in the Vodafone Secure Call app. This makes secure telecommunications equally attractive to small and medium-sized enterprises and corporations.
Collaboration with experts in their respective fields and the coming-together of highly qualified specialists have helped Secusmart to blaze a trail in observing the market, learning from every single product and continually creating new, high-quality security solutions to protect communication for various user groups. Secusmart develops its high-security solutions in Düsseldorf, Germany. This is mobile security “made in Germany”. ■
ABOUT THE AUTHOR
Dr. Hans-Christoph Quelle is Managing Director and is responsible for corporate development. An internationally experienced professional, he was formerly Director of Corporate Strategy at NOKIA. Before that he was successfully active as Sales Director and Sales Development Director at NOKIA. He gained additional international experience as Business Development Manager in the field International M&A at the Deutsche Telekom as well as Assistant to the President of the Deutsche Telekom in France. Through his extensive activities he also holds numerous patents. Hans-Christoph Quelle studied electrical engineering at the Technical University of Munich and received his doctoral degree at the École nationale supérieure des télécommunications de Bretagne / Université de Rennes in France. He likes spending his vacations in France with his wife and 3 sons.