There is a new device that encrypts communications between a headset and an audio jack. What is the necessity of...
this device? Are headset attacks that common, and are there any other ways to combat such attacks?
In organizations with high security requirements, any communication involving sensitive data is at risk, regardless of the specific wired or wireless communications. In certain circumstances, a Faraday cage may be the best place to have conversations you want no one to eavesdrop on. Faraday cages, however, make communicating critical information difficult, hence cryptography grew in popularity. Right now, most enterprises do not have these types of requirements, but with the increase in pervasive surveillance, assessing the risk of eavesdropping in various ways might be prudent.
Attacks specifically targeting headsets are rare, but as prior attacks on Bluetooth and Wi-Fi have shown, monitoring can be done at a much farther distance than most anticipate. As more devices get Bluetooth or other wireless features built-in, the more resources attackers will devote to compromising these kinds of communications.
The rise in both fake cell base stations and malware that listens in on phone calls might make using something like the JackPair reasonable. Such devices encrypt audio data before it gets to the mobile device. However, note that to properly secure communications, the other party must also be using the same device. This type of hardware security is not available using a software-only technology, but if the endpoints are secure, the software product could potentially be just as secure.
To ensure secure communications, enterprises can set mobile devices to require encryption using GSM for connecting to the cell network, but that doesn't necessarily protect against a fake base station. And while an encrypted connection could be setup in software on a smartphone, this doesn't protect against the smartphone from being compromised. Enterprises should also pressure their vendors to provide secure mobile technologies that protect communications from monitoring in transit.
Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email. (All questions are anonymous.)
Learn about other headset and unified communications security risks
Find the right mobile data encryption technique for your enterprise
Draft of the Compliance with Court Orders Act might mandate access to encrypted information
Dig Deeper on Social media security risks
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.