• United States




Nothing is secure, your calls aren’t private and your car could kill you

Aug 01, 20145 mins
Data and Information SecurityPrivacySurveillance

BlackBerry's enterprise security briefing in New York intended to highlight the firm's acquisition of Secusmart – but the speakers discussing leaks of confidential diplomatic phone calls and easy hacks of driverless cars stole the show. It's time to rethink security

BlackBerry remains the only mobile vendor that places enterprises first and doesn’t rank them someplace after the casual game developers. At its enterprise security briefing in New York this week, BlackBerry brought out company experts as well as those from industries such as healthcare, banking and government.

While the event showcased BlackBerry’s acquisition of German security firm Secusmart, which is known for security over voice calls, it was the panels that were both the most interesting and the most frightening. We aren’t even thinking about some of this stuff right now. If we don’t get a clue, the experts say we’re due for a “come to Jesus meeting” with our CEOs and/or boards as a result of an avoidable data breach.

Your call may be monitored for quality assurance – and spying

We focus so much on data security that it’s easy to forget about voice. To drive home the point, attendees heard a conversation between a U.S. diplomat and a peer that the Russian government recorded and then leaked with the media. The diplomat shared his true feelings about the European Union, using a four-letter word I can’t repeat here.

Imagine the damage this call did to U.S.-European relations, not to mention the conversation the security team and that diplomat had with their superiors once this call went public. (It kind of explains why the EU hasn’t supported our requests for Russian sanctions – and why Russia wanted to share the call in the first place.)

Unless we encrypt our calls, we should realize that they’re likely being recorded. With smartphones and the right technology, encrypting voice calls is relatively easy now, but landlines are very difficult to secure, particularly if they don’t go to current generation PBXs. A call to someone’s home will almost always be vulnerable.

What we say may show up again, in damaging fashion, when we least expect it. Given how broadly this monitoring occurs, and given the improvements in voice-to-text tools and unstructured data analytics, many of us may wish we hadn’t thought our cell phone conversations were confidential when we spoke our minds. Increasingly, they are not.

How secure are the wireless access points in your car?

One concern surrounding the whole Internet of Things wave that’s breaking across the world is a lack of focus on securing the things that we’re connecting. For example, cars can be compromised by hacking wireless technology such as a car’s mobile hotspot or even the wireless connection to the tire pressure monitoring system. That’s frightening. Consider the trend of self-driving cars and the opportunity for a disaster increases dramatically.

[ Related: 4G in Cars Offers Amazing Potential, Familiar Challenges ]

The event highlighted Audi as one carmaker working to get ahead of this – but at some point, particularly for fleet deals, security must be part of the conversation with vendors. I doubt many CSOs imagine the when all of their firm’s delivery vehicles suddenly became homicidal. I don’t even want to even consider what this means for the big push in delivery drones.  

How confidential are the calls with your lawyer?

The final speaker at the event came from the multinational law firm Skadden. In litigation, maintaining client-attorney privilege can make the difference between whether a case is won or lost, as well as how much of a judgment is assessed at the end. How often do we audit the security of the law firms we use, making sure we don’t pay legal fees only to lose because a firm isn’t secure enough?  

I’m often engaged in multiple legal actions that could be compromised if litigation strategies are leaked to the other side. It makes me wonder if I should avoid law firms used by governments or pharmaceutical companies, since they’re most likely to be penetrated, with the information that’s pulled released accidentally. If anything related to my own efforts gets out, I’m in trouble.  

What you don’t know can kill you, or at least kill your career

What I took away from the BlackBerry event is that we don’t look at security problems holistically. We aren’t as concerned as we should be about the Internet of Things in general and driverless cars in particular. (I’m really going to watch the self-driving cars in my area more closely given Google’s horrid security record).

I’m reminded again about the security test we did at IBM decades ago. We set up the most secure site we could engineer and then challenged a former spy and security expert to break in. He did, in a matter of hours, by penetrating an insecure site connected to our impenetrable security showcase. We have to look at security holistically.  

Finally, it’s a huge mistake to not treat voice like data. It’s easy to capture and mine voice calls thanks to mobile devices. As one expert at this event implies, unless you have a secure phone with the encryption running, treat the call as if it’s being monitored by one or more governments.  


Rob Enderle is president and principal analyst of the Enderle Group, a forward looking emerging technology advisory firm. With more than 25 years’ experience in emerging technologies, he provides regional and global companies with guidance in how to better target customer needs with new and existing products; create new business opportunities; anticipate technology changes; select vendors and products; and identify best marketing strategies and tactics.

In addition to IDG, Rob currently writes for USA Herald, TechNewsWorld, IT Business Edge, TechSpective, TMCnet and TGdaily. Rob trained as a TV anchor and appears regularly on Compass Radio Networks, WOC, CNBC, NPR, and Fox Business.

Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group. While there he worked for and with companies like Microsoft, HP, IBM, Dell, Toshiba, Gateway, Sony, USAA, Texas Instruments, AMD, Intel, Credit Suisse First Boston, GM, Ford, and Siemens.

Before Giga, Rob was with Dataquest covering client/server software, where he became one of the most widely publicized technology analysts in the world and was an anchor for CNET. Before Dataquest, Rob worked in IBM’s executive resource program, where he managed or reviewed projects and people in Finance, Internal Audit, Competitive Analysis, Marketing, Security, and Planning.

Rob holds an AA in Merchandising, a BS in Business, and an MBA, and he sits on the advisory councils for a variety of technology companies.

Rob’s hobbies include sporting clays, PC modding, science fiction, home automation, and computer gaming.

The opinions expressed in this blog are those of Rob Enderle and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author