© 2019 Aitchison Reid Consulting Pty Ltd, a company incorporated in Australia. Trading as ARC Solutions and Aitchison Reid Consulting. ACN 158 303 774. ABN 56 347 951 609.

 

Disclaimer: The commentary and information on this website is not legal advice, IT, risk, management or general advice. Seek advice on matters of interest arising from the commentary and information on this website. Any reference made on this website to law practice Aitchison Reid Pty Ltd or Aitchison Reid Consulting Pty Ltd does not imply any warranty or any guarantee from Aitchison Reid Pty Ltd or Aitchison Reid Consulting Pty Ltd for the reference made. 

 

 

Terms of Use & Privacy Policy | News & Publications | About Us | Contact

 

.

    • Twitter Clean Grey
    • Facebook Clean Grey
    • LinkedIn Clean Grey

    Secure mobile or superficial mobile?

     

     

    Cranky at the Superficial

     

    Six days ago I placed a post on LinkedIn relating to Google's modular mobile phone (and written about on Stuff). Repeating here what I posted on LinkedIn, I'd said: "Most smart phones make for dumb risks. Their producers peddle ethical vacancy in not telling buyers about the inherent cyber security dangers of their products. Consider folks who smoke - they get heaps of warnings about smoking's dangers to their health.  So why should consumers tolerate mainstream reviewers' veneration of cyberslack phones and their makers? Most of today's mobile phone users are completely oblivious to the cyber security risks they face with their carriers' unknown and unmitigated SS7 vulnerabilities, and unmitigated exposure to IMSI catchers.  So what's there to do about this poor situation? See my next post on the matter this week."

     

    Cranky at the lack of Security
     

    My follow up uses another vacant article from Stuff.co.nz to back up my point: "Smartphone showdown: iPhone SE v Samsung S7 Edge, HTC 10 and Huawei P9 Plus". None of the phones listed featured a price in the article less than NZD$749; the most expensive was NZD$1399. Features looked at in the showdown - design and build, display, camera, OS. Where the heck is security? It's not clear why security was excluded from the evaluation. No worries, I can cover that by saying the devices have the following security vulnerabilities - none have the means to mitigate SS7-based and IMSI catcher-based attack risks. None at all. The cohort is kind of like evaluating some seemingly awesome group of cars for the consumer market, but ignoring the absence of brakes and seatbelts in those cars.
     

    Cranky at the Laziness

     

    How then can this current set of circumstances be changed? I propose you ask your local investigative journos to ask what's going on? They could be asking "Hey carriers, what are you doing about SS7 vulnerabilities? Hey banks, hey insurers, hey hospitals, hey government, are you considering changing your procurement policies to require carriers to mitigate SS7 vulnerabilities? Hey techno-bloggers - why are you letting phone makers get away with peddling slackphones to the marketplace?". Healthy free markets depend on free flows of trade, capital and information. But there's some critical information assymmetry happening with cellular network security across the

    Australian, New Zealand, and wider Polynesian and Melanesian regions. That's because there's a drought of information sharing and drum-beating about cellular network security risks and vulnerabilities and the direct and dangerous exposure to exploits available to adversaries and enemies.
     

    Happy there's folks who Care

     

    If you want find out more about what can be fulfilled with SS7 and IMSI catcher vulnerabilities (and what can reasonably be done about mitigating them), check out the following videos:

    Contact Us

     

    ARC Solutions is an information security and risk management consultancy. ARC Solutions is also ESD America's authorised reseller of ESD Oversight (SS7 vulnerability mitigation), ESD Overwatch (IMSI catcher solution) and ESD/GSMK Cryptophone (encrypted phone solution) in New Zealand, Fiji and Solomon Islands.
     
    Contact ARC Solutions anytime to arrange a private, confidential, encrypted and
    secure conversation about how we can help you or your organisation have and use secure, encrypted mobile telecommunications. We can also discuss how our Oversight and Overwatch solutions can help secure your organisation against SS7 and IMSI catcher exploits.

    Please reload

    Featured Posts

    Cyber attacks pretending to be payment schedules

    March 28, 2018

    1/6
    Please reload

    Recent Posts
    Please reload

    Archive