There is a new device that encrypts communications between a headset and an audio jack. What is the necessity of...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
this device? Are headset attacks that common, and are there any other ways to combat such attacks?
In organizations with high security requirements, any communication involving sensitive data is at risk, regardless of the specific wired or wireless communications. In certain circumstances, a Faraday cage may be the best place to have conversations you want no one to eavesdrop on. Faraday cages, however, make communicating critical information difficult, hence cryptography grew in popularity. Right now, most enterprises do not have these types of requirements, but with the increase in pervasive surveillance, assessing the risk of eavesdropping in various ways might be prudent.
Attacks specifically targeting headsets are rare, but as prior attacks on Bluetooth and Wi-Fi have shown, monitoring can be done at a much farther distance than most anticipate. As more devices get Bluetooth or other wireless features built-in, the more resources attackers will devote to compromising these kinds of communications.
The rise in both fake cell base stations and malware that listens in on phone calls might make using something like the JackPair reasonable. Such devices encrypt audio data before it gets to the mobile device. However, note that to properly secure communications, the other party must also be using the same device. This type of hardware security is not available using a software-only technology, but if the endpoints are secure, the software product could potentially be just as secure.
To ensure secure communications, enterprises can set mobile devices to require encryption using GSM for connecting to the cell network, but that doesn't necessarily protect against a fake base station. And while an encrypted connection could be setup in software on a smartphone, this doesn't protect against the smartphone from being compromised. Enterprises should also pressure their vendors to provide secure mobile technologies that protect communications from monitoring in transit.
Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email. (All questions are anonymous.)
Learn about other headset and unified communications security risks
Find the right mobile data encryption technique for your enterprise
Draft of the Compliance with Court Orders Act might mandate access to encrypted information
Dig Deeper on Social media security risks
Related Q&A from Nick Lewis
The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis ...continue reading
A Gmail phishing attack brought users to fake login pages designed to look like Google's. Expert Nick Lewis explains how users can prevent similar ...continue reading
A HummingBad malware variant, HummingWhale, was discovered being spread through 20 apps on the Google Play Store. Expert Nick Lewis explains the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.