CESG releases new guidance for secure voice technology

Risks to voice data

Voice data is subject to a number of key threats:

• calls are placed to or received from an attacker and the user doesn't realise, resulting in compromise of spoken data
• attacker with privileged network access can access all call content and metadata for a user on that network
• attacker compromises a cellular base station, or uses a false base station, and gains access to all call content and metadata for all users on that base station
• attacker could cause calls to be routed via infrastructure they control (e.g. offering low-cost routing), enabling interception

New CESG guidance

Secure Voice technology is changing rapidly, and CESG policy is evolving to keep up with the pace of change.