How secure are your mobile calls?

Since all the recent controversy about Spinvox and the recent News of the World allegations – it’s got me thinking about security on mobile phones and what we should and shouldn’t discuss via our handsets.

As I’ve pointed out quite a few times, I’ve always been a fan of Spinvox and, as a user, thought the service was pretty wicked. Instead of all that arsing around with voicemail, I very much appreciated the ability to read my message in my SMS inbox (or my email). Brilliant. So I often suggested the service to other people I met and worked with.

Indeed I suggested it to the CEO of one massive financial company I was working with a while back. He reacted with horror.

“No way! Absolutely not!”

This surprised me and it seemed a pretty harsh reaction so I pushed the chap a bit more. It turns out that as I’d explained the service I’d mentioned that the messages ‘might’ be passed to a person for verification/quality control. And that was an issue for this chap and his colleagues. A massive issue. You see sometimes the messages they leave each other are important .. you know, billions of pounds level important. They just couldn’t take the risk that someone would listen in to them. (If that’s the issue, then why doesn’t he have a PIN number on his voicemail?)

I’ve been pondering this notional security issue a bit more. For most people it doesn’t matter if someone hears their message – not much damage can be done if someone knows what I’m planning on seeing at the cinema tonight. But there are some people that CANNOT risk this. No way. Never. Not under any circumstances. Their conversations are just too important, secretive, valuable (as this Tweet by @jebbrilliant succinctly points out). But then I wondered whether they can feel safe using a mobile at all – are mobile comms out of the question completely if you’re that important?

Then I remembered a company Alex had written about called Cellcrypt. They secure calls on your mobile. Not just a bit more secure but SHIT HOT secure – to US Govt standards. And as it’s on a regular mobile (a BlackBerry or Nokia) you’re not making yourself known to everyone by being on a big ugly brick of a ‘security’ phone.

So is this the way forward for the kind of people who’re really concerned about security?

In some of the consultancy I’ve done I’ve seen the ‘dark opps’ teams that some big, multinational companies have. The kinds of teams that are gathering ‘competitive intelligence’. I’m sure these guys wouldn’t hesitate to tap into a call or two if it could help the company – and I’m also sure they could do it no matter what Vodafone or whoever says about it. Indeed some of the chaps I’ve spoken to intimated that they had ‘friends’ at mobile operators. Rather concerning if you’re relying on your mobile to transmit secure information.

Businesses can’t realistically go back to the dark ages of not using mobiles, so will they all need to start using Cellcrypt for those ‘sensitive’ calls? I reckon so. But of course we’ll never really know as they’ll just be talking as normal on their BlackBerry.

Interesting stuff. I’m going to see if I can get a demo of the service and check it out.