When Cell Phone Security Matters

Feb 16, 2017 Blog Article

Mobile phones have become such an extension of our everyday lives, many think of these handheld communications devices as personal, and therefore, private. In addition, many messaging apps tout their encryption abilities, reinforcing a sense of cell phone security. Yet hackers know it’s easier to attack the endpoint than it is to intercept and decrypt communications. That raises the question: when retiring, reselling, or redeploying mobile devices, is that device protected against unwanted data access?

Richard Stiennon - Blancco Contributor

Richard Stiennon Security executive Richard Stiennon has previously held roles such as Chief Strategy Officer of Blancco Technology Group from 2016-2017 and Vice President of Research at Gartner Inc. from 2000 to 2004. Currently, Richard is a cyber security lecturer at Charles Sturt University in Australia and a strategic advisory member of the International Data Sanitization Consortium. His book, There Will Be Cyberwar, was named a Washington Post bestseller in April 2016. Richard is regularly featured in news publications such as Forbes, Dark Reading, Infosecurity Magazine, Network World and BetaNews, where he comments on data governance, data management, and cyber security.

Messaging App Security: Encryption & More

WhatsApp is a popular messaging app that’s used by more than 1 billion people in over 180 countries, including individuals and businesses. One of the app’s biggest selling points is that it allows users to communicate across countries without the fees that text messages would typically incur.

Recent controversy over how WhatsApp enables encrypted messaging has highlighted the need for secure communications. Articles in the Guardian highlighting the ability of WhatsApp to intercept encrypted messages through a “backdoor” are feared to have put people off of using it. WhatsApp argues the so-called backdoor is actually a feature included for usability. Many in the security community claim the doubt raised by the Guardian is a net bad trend because WhatsApp is fundamentally secure.

There are other secure communication apps. Signal, which fully deletes all messages, is the favorite of the tech world, and Edward Snowden has recommended Telegraph, praising its private messaging feature. There are also commercial products such as Koolspan and VaporStream which promise to keep users’ private messages secure.

To ensure security to users, many of these messaging apps tout their encryption abilities. But encrypting your communications is only half the battle. Hackers and spy agencies have long known it is easier to attack the endpoint than it is to intercept and decrypt communications. And most endpoints are woefully insecure.

One way to help guard secret communications (like that between a journalist and her source) is through ephemeral communications. Signal recently enhanced its product by allowing a user to erase messages after a set time. VaporStream hides messages in images, making them hard for the OS to read as text.

But What About End-of-Life Cell Phone Security?

What’s missing from encryption is the ability to securely erase messages, files, and images from a cell phone. Just hitting delete does not do it, and factory reset is not much better—especially on Android devices.

If you really need to get rid of information on cell phones, whether you’re retiring old devices or getting them ready for resell, secure data erasure is the way to go. The only way to ensure data is unrecoverable is by overwriting it with 0s and 1s multiple times. Once the data erasure process is complete, make sure you receive a certificate of erasure that guarantees you’re in the clear.

To see how we help organizations achieve cell phone security—even on hundreds or thousands of devices—when they move on from one user to the next, read our US Mobile Phones Mobile Device Erasure Case Study.