Smartphone is the de facto standard in mobile telecommunications, and with open source operating systems such as Android, the price of previously expensive smartphones has fallen drastically. This enables significant market penetration of smartphone, which draws users away from conventional voice call and messaging only feature phones. With useful features such as mobile Internet, better encrypted voice and short messages transmitted by the now almost ubiquitous 3G and 4G network, smartphone offers a variety of functions useful for productivity and work previously unavailable to a mobile phone.
While it is accepted that smartphones need antivirus solutions (see blog post on system architecture and antivirus solutions, Link) for providing total coverage of all communication ports available (i.e., 3G, 4G, Near Field Communications (NFC), Bluetooth, WiFi, WiFi Hotspot, microphone and speaker), is a smartphone from a reputable manufacturer operating only in the voice call and short messaging service (SMS) mode safe from wireless attacks through the WiFi, Bluetooth, 3G, 4G and NFC ports?
The answer depends on the encryption level of the WiFi and other communication ports. But, most importantly, security of a smartphone operating in the 3G or 4G mode without a Google or Apple account depends on the encryption and security level of the 3G/4G communication ports as well as the security protocols available at the mobile base stations the phone is connected to.
Another less well known aspect of mobile communications security standards lies in whether the voice calls and short message service (SMS) are logged at the servers of the telecommunications company. If the jurisdiction allows and the mobile service providers do log the voice call and SMS in an anonymous manner for protecting against terrorism, security of these servers and access rights to the logged data would be paramount to protecting individual privacy.
At a different level, it is also possible to hack the servers of the telecommunication company for access to the voice and SMS data. Also described by the concept of wire tapping, security of one’s voice call and SMS is no longer in the control of the individual, which could be strengthen by picking a reliable service provider, having proper equipment, and updating one’s mobile device with the latest updates and security protocols.
Overall, should one use an antivirus solution to protect a smartphone without a Google or Apple account and where the user only uses the voice call and SMS function? The answer lies in the reliability of the cell phone services in the country as well as whether 2G, 3G or 4G was the mode of providing the telecommunication service. Typically, 4G is the best encrypted service followed by 3G and 2G. More importantly, one needs to ask if the cell phone connection with a mobile base station is secured by a security protocol able to withstand contemporary approaches to hacking cell phone signals.
To the average consumer such as myself, the above questions necessitate substantial time and effort in reading the pertinent literature and technical reports. But, as a rule of thumb, most original equipment manufacturers provide a high level of encryption to the cell phone signal and the security architecture of the voice call and SMS function are independently encrypted and secured with protocols different from the application layer of the mobile operating systems on which other apps sit. Basically, the primary functions of a phone remains: voice call and SMS; thus, cell phone manufacturers put in tremendous amount of effort and care in securing the privacies of individuals who purchase their device; providing them with almost unbreakable encryption. However, wire tapping still occurs, and both voice call data and SMS could be lost due to hacking at the servers of the service provider.
Collectively, a high level of security exists that protects the voice and SMS data of a user at the device level in smartphones without a Google or Apple account. While not unbreakable, loss of voice and SMS data typically occurs at the servers and mobile base stations. Wireless intercept of the signal can be achieved if one knows the encryption key of the service provider in the case of static encryption technology, i.e., the same encryption standard and key is applied for all users. On the other hand, randomized encryption of individual connection with the mobile base station provides a much higher level of protection for users. Hence, while we endeavour to take all practical steps to protect our privacies through taking best practices in mobile telephony, lax encryption standards, as well as unsecured servers and mobile base stations could be the weak points at which our voice and SMS data, and privacy, is lost.
Category: communication security,
Tags: voice call, short message service, wireless intercept, server, mobile base station, encryption protocols, communication ports, antivirus programs,