Phone security has always been something that not very many people have been well versed in. That has made it a bit of a mixed blessing, as the number of people with the specialised knowledge necessary to hack phones has been relatively small. Likewise, the number of people who are able to protect networks has also been small. The added security of a SIM card has been another factor in the overall security of mobile devices, as physical access is necessary to compromise a SIM card. That makes it infinitely more secure than the network protocols mobiles have traditionally run on. However, 4G is changing that security in the name of speed and connectivity.
To better understand why this is a problem, it’s important to consider what can be done with data over a wireless connection, and why that matters to the security of your mobile and your data. Read on for four reasons your data will be less secure over 4G connections, and why it’s a problem you should be thinking about if you’re considering switching to 4G.
1) Data Speeds: Anyone familiar with security will know this one instantly, but for those who don’t, here’s a simple explanation. Back in the early days of high speed connectivity, those members of sensitive government services who were allowed to remotely access systems from home or other off site locations were limited to 56k dial up speeds. In the most basic terms, this was to limit the ability of a hacker to compromise a connection and access sensitive systems or data. The less speed a connection offers, the harder it is to use for accessing information. For example, imagine trying to download a 4MB file over an old dial up connection. 4G significantly increases speeds – to the point that anyone accessing your mobile remotely will be able to almost instantly capture all of your data. The loss of security with many 4G networks means this is potentially a monster of a problem.
2) Security Protocols: Older mobile networks, like 3G, use a combination of connection protocols. One of them is the SS7 (Signalling System 7) protocol, which is a secure mobile protocol. Very few people are well versed in that technology, which means the number of hackers – or more specifically the number of young kids who just randomly hack and damage systems – is limited to a pool of technology experts. These are not people who run around randomly hacking things just because they can. Likewise, the protocol is inherently more secure than a traditional IP based network. While 3G networks also use standard IP protocols, the addition of SS7 technology makes it very secure. 4G connections are entirely IP based; meaning that the root level of security provided by SS7 on 3G networks does not exist in 4G systems.
3) Carrier Deficiencies: Many mobile operators and carriers across the UK do not encrypt data or use acceptable levels of technology to keep data secure on their networks. The most commonly used protection system in use by secure carriers using 4G technologies is known as IPSec (Internet Protocol Security). However, in the UK, only two carriers advertise the use of IPSec on their back end systems. Those two carriers are EE and O2. The other major and minor carriers and operators in the UK do not offer this necessary added level of protection, or if they do, it isn’t advertised. In a world of marketing hype, one must assume that they don’t have it or they’d be advertising it to try and win more subscribers over to their networks.
4) Micro-Cell Insecurities: One common practice of carriers around the country is to have their main network centres, which are secure, connect to remote, or micro-cell repeaters. These can be little boxes attached to a lamppost, or stuck on the top of a building somewhere. They help to boost signal reception and provide increased coverage, but these little transmitters are inherently insecure. That means someone with a working knowledge of IP technology and how to hack it, which is just about every hacker on the planet worth his or her salt, can tap into these insecure data feeds. If you aren’t encrypting your own data, then everything you send over the network is open to interception by a third party. It’s an ever greater concern for those living a ways out of town who may have their own in home signal boosters. These are usually attached outside of the home, which means anyone interested could easily get physical access to your home booster, and then be in complete control of your network and your data.
While 4G is a great technology, and the speeds are very nice to have – particularly if you are replacing your home Internet connection with a mobile 4G tether, there are also a number of risks that people have just not discussed much or worked to make sure the public understands. As the Telegraph reports, 4G technology is inherently less secure, but no one is paying much attention to it. Worse, it’s not just the UK ignoring it. Those in other markets abroad aren’t paying much attention either, with it being common practice in the US for carriers to leave their traffic completely unencrypted, letting anyone and anything in through the backdoor.