inicio mail me! sindicaci;ón

Text Security Requires SMS “Hardening”

by Paul Ruppert

February 19, 2008 at 7:25 am · Filed under MWC Barcelona, Messaging, Mobile World Congress, SMS

As I’ve been wandering through the MWC halls of the Fira at Plaza D’Espanya I’ve been lucky to discover some interesting companies and propositions in the mobile industry. There are also media events with some select companies available for in-depth review. Here’s one which caught my eye at Showstoppers ( www.showstoppers.com ) regarding text messaging security : CellTrust.

CellTrust challenges the notion that SMS is considered “secure.” They’re right. mwcCelltrustL

CellTrust provides security for SMS. Oh, you thought SMS is actually “secure”? Mate, when it comes to security it is all about degrees. Sure, for us consumers, sending short texts to each other, is secure enough. Who knows you might even be lucky enough to pull a bird by sending tonight’s pub meet to the wrong number. But what about enterprises that send out alerts and notifications to their work force, customers or even critical caretakers of mission critical equipment like your electric grid? Consumer grade security isn’t “reliable” for CIOs and company IT leads or for the even more demanding management of mobile banking or transactions. That’s where CellTrust positions its proposition. It hardens SMS.

CellTrust provides control, accountability, compliance and security to SMS in the enterprise environment. Using pubic key encryption they guarantee recipient end-to-end privacy and two factor authentication without the expense and complexity of a proprietary, bespoke (custom fit for you non-Anglophiles) solution. By providing the SMS gateway to the enterprise, their CellTrustBencryption technology layered over the routing rules enables CellTrust to create a secure SMS environment.

I had ever thought of security as critical in a consumer messaging company, which is why CellTrust caught my eye. Through the combination of their platform technology and a micro client with password protection they secure and provide an SMS security solution. Although, they could have modified the MAP layer of the SMS as we did at the former Mobile 365 to provide tracking capabilities through our networks. My two cents of consulting is this is something they should consider as an added layer of functionality in their security “suite.”

A “hardened” SMS comes with guaranteed secure delivery through their “Advanced Encryption Standard, a read and delivery confirmation to the sender, option for password protection prior to decryption and display of a message, even a remote wipe API, for when that handset is lost or stolen Mr. Phelps, you know your mission remains secure and possible.

I would think the natural market for this would be banking applications, as well as government authentication–although i think much of that may have already been explored and gobbled up by RIM’s Blackberry. Who knows, but definitely watch CellTrust.

Do you know whether your SMS is secure?

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • bodytext
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google

RELATED POSTS

-New vulnerabilities reported in AIM, Yahoo Messenger
-Code Attacks Increase on IM: So Let’s Pay More Attention, Can We?
-Change and Growth at Mobile Messaging 2.0
-Security Firm Flags 38 Malicious Code Attacks Over IM This Month

4 Comments »

  Sascha Konietzke wrote @ February 19th, 2008 at 8:38 am

Hi Paul,

this is a great article on an interesting issue. It might not be as easy as for emails to sniff an SMS message if you are not a mobile operator or the CIA. But security is a big concern, especially the authentication of the sender. Services like Twitter just rely on the phone number as authentication. However, it is so easy to spoof this number (e.g. http://www.fakemytext.com/ or any provider where you can buy and send bulk sms) and send SMS for somebody else.

“SMS 2.0″ should definitely include security features. I do not know about any further developments on SMS so it’s nice to see that private companies pick this topic up.

- Sascha

  Paul Ruppert wrote @ February 19th, 2008 at 4:42 pm

Thanks for your comments and readership, Sascha. I plan to continue watching the securitization efforts around SMS.
PRR

  Achilles wrote @ March 4th, 2008 at 12:48 pm

You may want to have a look at the GSM 03.48 (aka SMS download) norm, which specifies all necessary crypto tools to encrypt or sign SMS’s for mobile operators. This is the standard in use to modify any field in a SIM card by interacting with it over-the-air in a secure way.

  Cal Anderson wrote @ September 10th, 2008 at 12:52 am

The inherent limitations of the SMS network, as the lowest priority channel, will continue to impact the value of messaging.

Companies need to build trust in the integrity of messaging and therefore build confidence in users to communicate when required.

Messaging can connect all participants in work groups and be extremely cost effective over IP networks versus SMS.

Building a culture of instant communication can lower costs, reduce risks and improve safety.

For many mid size companies, mobile IM can serve as a cost effective mechanism where more expensive alternatives are not affordable or supportable.

Your comment

Subscribe without commenting

HTML-Tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>