Experts fault Kenya’s cyber security after 18-month test

cyber crime

Kenya’s cyber security remains among the weakest in the world despite the central role technology has assumed in the country’s economy, Information Security experts have warned.
Millions of mobile phone subscribers and internet users remain exposed to snooping and data interception because the service providers are using outdated network security software, industry regulators were told.
Tyrus Muya, my fellow information security expert, said that an 18-month test on the security of consumers using the four telecommunication networks had produced unsatisfactory results.
The consultant said he had managed to intercept voice traffic and obtain temporary secret keys for some subscribers, revealing the high level exposure.
Mr Muya said all the four telecommunication service providers Essar, Airtel, Telkom and Safaricom are using old technology to encrypt information, making them susceptible to attacks.
The older technologies, A5/1 and A5/2, attracted global attention mid this year when a German cryptographer, Karsten Nohl, revealed that he was able to manipulate mobile handsets into granting access to device location, SMS functions and allow changes to voicemail number.
Telkom Kenya has said it had started migration to a safer platform.
Kenya’s four telecoms operators have a combined subscriber base of 30 million.
Digital security has become even more critical in the recent past because more than two thirds of the 30 million subscribers use mobile money transfer services or mobile banking that require high level security.
“Our survey has so far revealed that anyone with basic knowledge of encryption and GSM technology together with an investment of a Universal Software Radio Peripheral can gain access and listen to the voice communication from the four operators,” said Mr Muya, at an Information Security and Public Infrastructure forum, organized by ICT Authority.
The authority said the tests are meant to inform policy on regulation that will ensure the take the matter network security more seriously.
Mr Muya is among the growing number of local information security experts who are skilled in penetration testing on IT systems such as servers.
The tests are meant to determine vulnerability of such systems with the aim of sharing the acquired information with the affected parties or government agencies for purposes of policy formulation.
The tests come at as ICT Authority and industry regulator the Communication Commission of Kenya (CCK) are working on an online identity and verification system popularly known as Public Key Infrastructure (PKI) that will give each user a unique online identity (digital certificate) they must apply whenever they take part in online transactions.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: