According to various reports, mobile networks and devices are becoming frequent targets for cyberattacks, including malware, phishing and data breaches. A report by Check Point Research, entitled ‘2023 Cyber Attack Trends Report’, stated last year, there was an increase in mobile network threats, with operators experiencing a rise in targeted attacks, which includes advanced phishing campaigns and advanced threats.
“Mobile devices are still a tempting target for hackers, whether for stealing data or for covert surveillance by remote control” Check Point Software, cyber security, research & innovation manager, Alexander Chailytko says.
“Attackers target popular, widely used apps which users would consider safe, or exploit new vulnerabilities in Android and iOS to spread malware of all types. It’s an important reminder that most mobile devices are still under-protected, despite the amount of sensitive personal and corporate data they hold.”
However, with more sensitive data transmitted via these devices, the need for robust security measures becomes crucial. As a result, end-to-end encryption (E2EE) has emerged as a critical tool to protect mobile network threats.
THE BASICS OF E2EE
End-to-end encryption is a method of encrypting data from the sender to the receiver, ensuring that only the intended recipient can access the content.
Unlike traditional encryption methods, which might encrypt data only in transit, E2EE encrypts this data at the device level, meaning that even if the data is intercepted, it remains unreadable without the proper decryption keys.
Subscribe today for free
HOW IT WORKS
When messages are sent using E2EE, they are encrypted on the sender's device and can only be decrypted by the recipient's device.
This process involves the use of cryptographic keys:
Public key: Used to encrypt messages and is available to anyone who wants to send an encrypted message.
Private key: Also used to decrypt messages, however, it is stored securely on the recipient's device and never shared.
As a result, the security of this system lies in the complexity of the cryptographic algorithms, making it nearly impossible for anyone without a private key to decrypt the data.
PROTECTING PHONE NETWORKS FROM THREATS
Mobile networks are vulnerable to various types of threats, including data breaches, interception and man-in-the-middle (MitM) attacks, with E2EE protecting these networks by ensuring that any intercepted communications cannot be read by unauthorised parties.
Here's how E2EE keeps mobile networks safe:
SAFEGUARDING DATA
Mobile networks are susceptible to different threats that compromise data security.
Eavesdropping lets unauthorised people listen to conversations, whereas data breaches can reveal sensitive information.
For instance, in 2016, Three UK experienced a data breach where hackers accessed the telecom giant’s customer upgrade database gaining access via an employee's login. The breach exposed the personal information of millions of customers and led to fraudulent phone upgrades.
This incident raised concerns about insider threats and the need for better access controls and monitoring within telecom firms. Additionally, it also prompted calls for stricter regulatory oversight of data security practices.
“To reduce the risk of key theft, the encryption keys used in end-to-end encryption by mobile networks are constantly changing,” Simon Bain, AI expert and CEO of OmniIndex reveals.
“In some cases, the keys are even changed with every message sent. This is automatically done on the user’s device by the message application with the keys not stored on the provider’s servers. This does however still mean that if the device or application itself is compromised, then the messages and data will be readable.”
Meanwhile, in March 2020, alongside dealing with a global pandemic, Virgin Media customers also s experienced a data breach that exposed the personal information of approximately 900,000 customers. The breach was caused by an unsecured marketing database accessible online without proper protection and exposed customer names, addresses, phone numbers, and email addresses.
Although no financial information was compromised, the incident, once again, highlighted the importance of securing databases and ensuring proper access controls.
This led to Virgin Media facing criticism for the breach and the Information Commissioner's Office (ICO) launched an investigation.
“A growing challenge with end-to-end encryption is balancing user privacy with law enforcement's occasional need to access encrypted messages. Indeed, these opposing needs have ignited global debate with legislation like the UK's Online Safety Bill introducing measures to allow for access to encrypted content in specific, limited circumstances”, Bain continues.
“One potential solution to this problem is the use of homomorphic encryption. This advanced technology allows authorised parties to search the encrypted information without compromising its privacy.”
For example, law enforcement could search for specific keywords or patterns within encrypted messages to determine if what they are looking for is in them without seeing them.
This would ensure privacy is preserved with law enforcement then granted full access to the messages if their initial searches are successful, he states.
PREVENTING UNAUTHORISED ACCESS AND ENHANCING USER PRIVACY
In mobile networks, where data is frequently transmitted between devices and servers, the risk of interception is extremely high. However, E2EE enhances privacy by ensuring that no third party, including service providers, can access the content of messages.
This level of privacy has become a crucial feature for applications like WhatsApp, which prioritises user privacy and security.
In 2016, the messaging app introduced E2EE, rolling the tool out to all users of the app, ensuring that messages, calls, photos and videos sent through WhatsApp are encrypted from the sender's device to the recipients.
This meant, that only the communicating parties could read or listen to them, and no one else, including WhatsApp itself, could access the content.
By using E2EE, these applications ensure that conversations and data are accessible only to the communicating parties, however, it is not only mobile devices that have tapped E2EE tools.
Alongside WhatsApp, messaging apps like Telegram and Signal also use E2EE to protect user messages and calls. The data is also encrypted on the sender’s device and decrypted only on the recipient’s device, ensuring that conversations remain private and secure.
With the increase in remote work, video conferencing platforms like Zoom have also the tool to protect meetings from unauthorised access, ensuring that only participants can access the meeting content, and maintaining privacy and security.
“Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs,” Zoom chief information security officer, Michael Adams, said.
“With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected.”
However, E2EE can also introduce latency and performance issues, especially in real-time applications like video calls, Alex Leadbeater, technical security director at the GSMA claims.
By encrypting information from the sender's mobile device to the recipient's, E2EE reduces the risk of data leaks, message tampering or intermediate decryption.
This protection is especially valuable where every device connected to the network could potentially be a weak spot,” Jonathan Wright, Director of Products and Operations at GCX reveals.
“Unlike some security measures that only safeguard data at certain points, end-to-end encryption keeps data secure throughout its entire journey across mobile networks.
“This is particularly important for those businesses that deploy a hybrid working model, and/or where there is a BYOD model in place, where sensitive information often travels across various cellular data connections and public Wi-Fi networks.”
However, as service providers move to higher levels of digital maturity and transition more workloads to the cloud, inevitably comes a far greater reliance on encryption.
According to Mark Jow, technical evangelist EMEA at Gigamon, E2EE is an “invaluable tool to shield data from bad or even negligent actors, but businesses must also recognise that encryption itself can be exploited for malicious intent.”
RELATED STORIES
Verizon completes end-to-end CBRS demo
Is end-to-end CRM the answer to all telecom industry problems?