CONNECTING THE DEFENCE COMMUNITY WITH INSIGHT, INTELLIGENCE & OPPORTUNITIES

Officially Supported By: Defence Contracts International Supply2Defence

Official Media Partners for:

Mobile communications are a major part of modern life but in a defence and security environment they can be vulnerable, as MOD DCB features writer Mark Lane discovered in conversation with Armour Communications’ Andy Lilly.

There is now a widespread awareness that digital data – whether stored on a computer or other device, or transmitted via the internet – is vulnerable. An unauthorised third party can gain access to it and any confidential information can be copied and read.

What is not so generally appreciated is that your communications via a mobile phone can also be intercepted with relative ease by an electronic eavesdropper without your knowledge. Furthermore, the interceptor does not have to be working for some organisation with access to expensive high tech equipment.

Andy Lilly, Director and Co-Founder of Armour Communications, explains: “The sort of equipment you need to mimic a phone base station now costs a few hundred pounds at most and, because of the exponential growth of processing power in computers, people can decrypt standard mobile communications in real time now and there are plenty of places on the web where you can go to buy the software to do this.’’

The original GSM (Global System for Mobile communication) network – often referred to as 2G – required the handset to authenticate to the network using its International Mobile Subscriber Identity (IMSI). But the network does not have to authenticate itself to the handset.

 

This makes it relatively easy to set up a base station pretending to be the network, and this IMSI catcher or a rogue cell hoovers up callers’ IMSI details. It attracts mobile phones in close proximity to connect to it, thinking that it is a legitimate base station. It then logs the mobiles’ details and location by use of the IMSI. If the IMSI catcher has its own SIM, it can log into the network which enables it to do much more, such as listening into or recording calls by breaking the much weaker encryption used by the GSM network.

Mobile communications are a major part of modern life but in a defence and security environment they can be vulnerable, as MOD DCB features writer Mark Lane discovered in conversation with Armour Communications’ Andy Lilly.

Again, Lilly emphasises the ease with which this can be done.

“The sort of equipment used for IMSI catchers is now so small and easy to get hold of. There was a base station embedded in a small office printer. Who’s ever going to notice that?’’

Nor does encryption ensure security. There are three modes of encryption for a GSM/2G network: A5/0 – which is no encryption, or A5/1 and A5/2, which were both reverse engineered as early as 1999. This means that, even without an IMSI catcher, it is possible to listen in to calls in real time, and real-time decryption of calls has been demonstrated on a number of occasions. A 3G network offers better encryption, but the IMSI catcher base station forces the mobile back to 2G, negating the stronger 3G encryption.

The new 4G uses mutual authentication between the base station and the mobile handset, which in theory is more secure as it is supposed to hide your IMSI, using a temporary IMSI during a call. However, in order to first connect to the base station, the phone must give its real IMSI and a fake base station can make use of that. Since 4G mobiles have to support 3G and 2G for areas lacking full 4G coverage, once the call has been intercepted, it can be forced back to 2G technology; and so again, the call is compromised.

Lilly’s company, Armour Communications, has developed software which has been approved by the National Cyber Security Centre (NCSC) and NATO to protect against an IMSI catcher attack by securing calls and texts between two endpoints, such as a mobile phone and a desk phone. It does this by using software installed on the phone that does the encryption and decryption. Whatever is sent from the mobile using the software – be it a call, text or attachment such as a video or photo – is encrypted end to end.

He explains: “Your voice goes into the phone through the microphone and then pretty much straight into our application. That means that subsequently something lower down in the phone or in the network, or somebody intercepting your radio communication, or an untrustworthy carrier – all of those issues are effectively covered because your transmissions have been encrypted as early as possible.’’

 

Armour Communications was formed by Lilly and co-founder David Holman – a former chief executive of data protection company Becrypt – two years ago following a management buy-out. Based in London’s Millbank Tower, it has doubled staff numbers in the last year to around 20.

The universal spread of mobile communications for voice, video and messaging means the potential demand for technology that can protect against IMSI catchers is limitless. In the defence arena frontline troops still use dedicated, robust, military radios which do a specific job using dedicated frequencies, employing techniques such as frequency hopping.

But cost limits their deployment at the same time as people increasingly expect increasing amounts of data to be immediately available. So, in areas behind the front line, common mobile communications devices such as smart phones or tablets can be and are used, giving an ease of use not typically associated with military radio systems, and they use hardware or software cryptography to protect the data.

“That could be most of the comms within a standard base, a base talking with personnel who are off-base, ship-to-shore communications, logistics or troops phoning home,’’ says Lilly.

They would also be used in areas of covert actions, such as surveillance, particularly in counter terrorism and counter insurgency.

Or they might be used as a back-up, as Lilly explains: “The military world in particular and areas of law enforcement need communications to get through – whatever. If a particular radio system isn’t working in a particular location, they will use whatever comes to hand to get a message through because it may be time-critical.’’

Mobile communications are a major part of modern life but in a defence and security environment they can be vulnerable, as MOD DCB features writer Mark Lane discovered in conversation with Armour Communications’ Andy Lilly.

Mobile communications can also be employed in the first instance in defence and security extending beyond the purely military. This involves a huge realm of communications involving short-term tactical and operational information on, for example, when an operation is going to take place or ostensibly mundane logistical information.

There is also a grey area – which would not be classified as concerning national security, but would certainly come under the heading of national interest – where government would want to ensure economic communications are secure from competitors or where negotiating positions are not disclosed to diplomatic counterparts.

There is clearly demand for mobile communications protection from outside the defence and security sectors. Armour Communications sells to the Ministry of Defence and to other governments around the world.

“There is an increasing recognition in a number of other enterprise areas of the importance of this sort of security. A few years ago, there was a strong market in Latin America with high-value individuals needing to protect themselves from kidnap,’’ says Lilly.

“But every industry has got some form of secrets. It could be somebody talking on the phone about the potential size of a new oil field, and we have customers who have been outbid on very large financial transactions which they believe was due to people hacking their phone conversations because that was the only way the information was exchanged. In the financial industry, trades that can change prices and sway billions of dollars are the sort of things you want protected and a lot of that information is passed by phone.’’

The pace of technological development is such that the nature of the threat is also always changing.

“The threat profiles for each user are different for each user and different for who they might be dealing with – everything from nation state actors through to script kiddies [amateur hackers], who just like to play with things,’’ notes Lilly.

“We spend a lot of time on the web and we monitor things daily to see where there are new problems, and that can be in every aspect of our software or the ways that third parties are attacking things now. There’s also quantum computing which means that some of the cryptography we use now is probably going to be easier to hack in a few years’ time.’’

The message is clear – as long as people talk to each other, others will try to listen in.

For more information, visit: www.armourcomms.com

 

If you would like to join our community and read more articles like this then please click here

 

4G Armour Communications communications encryption GSM NATO NCSC

Post written by: Vicky Maggiani

Vicky has worked in media for over 20 years and has a wealth of experience in editing and creating copy for a variety of sectors.


LATEST STAKEHOLDER

Become a Stakeholder today and benefit from an exclusive marketing package which will allow you to:

  • Engage with active defence buyers and key supply chain partners
  • Create your own branded micro-site which within Defence Online which is managed by you
  • Have a dedicated Digital Account Manager to help enhance your Stakeholder page
  • Promote your news, products, press releases, eBooks and Videos as a Defence Online partner which feeds through to our homepage and social media channels
  • Have your company promoted on our partner website Defence Contracts Online (DCO)
  • All news promoted in mynewsdesk, a major hub for all of our news articles which enables news to be picked up from trade magazines, national newspapers and many other publications which offers extra exposure at no additional cost!

Contact us today or call us on 0845 557 1315 to take advantage of this exclusive marketing package


.

RELATED ARTICLES

NATO's DIANA (Defence Innovation Accelerator for the North Atlantic) programme is expanding its network with new sites.

March 25, 2024

Homeland - NATO accelerator and two test centres to be established in Finland

NATO’s DIANA (Defence Innovation Accelerator for the North Atlantic) programme is expanding its network with new sites. Finland is now

In a ceremony at Lockheed Martin's Greenville facility, Deputy Prime Minister and Minister of Defence of the Slovak Republic, Robert Kaliňák, along with esteemed delegates from the United States and Slovakia, commemorated the delivery of Slovakia's first two F-16 Block 70 aircraft. 

March 12, 2024

Air - Slovakia welcomes delivery of First F-16 Block 70 Jets

In a ceremony at Lockheed Martin’s Greenville facility, Deputy Prime Minister and Minister of Defence of the Slovak Republic, Robert Kaliňák, along with esteemed