Slashdot Mirror
Cell Phone Encryption?
Black Diamond asks: "I know I'm not up to speed on cell phone encryption, but I was wondering, are there any cell phones that let you handle the encryption from your end of things? Something along the lines of a phone you hook up to your computer to input specific encryption keys for specific contacts, as well as a private key for yourself. Is such a thing plausible, or should you trust the standard encryption that comes on some cell phones nowadays?"
This isn't exactly what you're asking about, but the closest thing I can think of offhand would be PGPfone--a product abandoned years ago for encrypting voice communications much as PGP encrypts text.
There are both binaries and source code available here: http://www.pgpi.org/products/pgpfone/
Windows and Mac only, and it's a very crude app... It would be nice for someone to develop something more robust and with better features.
Chasing Amy
(We all chase Amy...)
"The more corrupt the state, the more numerous the laws"-Tacitus
GSM (and PCS) phones encrypt the traffic anyway (at least they do outside the USA).
That is one of the big advantages of digital cellular modes over older, analog cellular modes - the ease of adding encryption.
However, if you want to throw another layer on top of this, it gets more difficult - since digital phones take the audio signal and vocode it, you cannot just scramble your voice and feed it in - the vocoder won't know what to do with it and won't encode it properly. You would have to inject your signal after the vocoder but before the Viterbi/Trellis coding.
www.eFax.com are spammers
i m not sure, what you are trying to ask, but that is not going to stop me from answering your question. :)
/Palm OS based cell phone, then there are some encryption apps out there that can help you. Here are some links:
http://www.softwinter.com/sentry_ce.htmlw ww.f-secure.com/wireless/pocketpc/pocketpc -fc.shtml
Are you asking about encrypting the data stored on your fone? or encrypting the data transfer between your fone and your service provider?
If it is a Pocket PC
http://www.pointsec.com/core/default.asp
http://
However good encryption/decryption take up lots of CPU power, so I dont know how feasible it is to ecrypt all the data on your cell phone.
Consensus is good, but informed dictatorship is better
Correct, CDMA is spread-spectrum and the encryption is relatively difficult to crack.
.........
.... go look it up :)
Nobody's been able to demonstrate real-time listening capabilities (yet).
But it is a well-known fact that the law enforcement guys have taps at the cellular switches, so they just plug into the call before it goes to hardwire -- they don't even bother trying to listen out of the air, and why should they? It's a lot easier to listen at the switch
Now, as for GSM, its encryption is definitely crackable in realtime... In fact, there have been industrial espionage problems across the English channel because of this
It is trivial for anybody with the resources to build a faster than light drive, too - for some definitions of "with the resources".
It would depend upon whom this guy wishes to protect his conversations against - J. Random Carbonunit or Special Agent TLA.
If the former, than the encryption used in GSM is enough - few people have the gear to modulate and demodulate a GSM signal with proper time slotting, time of flight correction, etc. Making a GSM signal is HARD - I build gear that does it.
If the latter, then they won't screw around picking the signal off the air - they will throw a CALEA intercept on his phone when it hits the PTSN. Then the only thing that can protect him would be VERY strong encryption seperate from the phone - which as I said in my first posting is difficult due to the nature of digital phones.
Lastly, if he is trying to protect himself from Special Agent TLA, encrypting his signal like this won't help - it will just raise a big red flag saying "Look At Me! I Am Hiding SomeThing!". He would be far better served making an innocuous word code and using that.
www.eFax.com are spammers
But not in the form you say. There exist chips which will do a Diffie-Hellman exchange to set up a secret key, and then do AES encryption on the whole conversation. Comes as a Sony-Ericsson accessory.
Of course, lack of standard make these chips non-interoperable (not encryption/decryption but key management). Once it becomes popular standards need to emerge.
I've used some of the gear you build and I can't see how this is trivial by any measure.
Unless you enjoy designing custom analog/digital hardware, there is just no way you're going to override the single byte in a stream that selects clear encoding, and then just listen to a clear channel conversation. The "man in the middle" attack is your only hope for using off the shelf toys. You'll need proper amps., a sharply directional antenna, and GSM phone-test-set that will exchange two-way pcm data with sufficient programability to allow you to emulate the mark's usual carrier signature, and a GSM test phone that outputs it's received PCM data in digital format so you don't have to go analog to digital again (which would sound atrocious given the kinds of compression involved).
Assume you could get these things, expand their capabilities and get them to communicate smoothly, you still wouldn't get the right caller ID unless you intercepted the challenge going to your test phone SIM from the carrier and repeated it to the mark's phone so you could be seen as having his IMSI. That would be yet another awesome hack to your credit.
And then of course you'd have to follow conspicuously closely to keep the mark from stepping behind something that blocked your signal (extra power won't help much in the microwave band).
Until we all start using it, encrypting your voice signal would certainly just shout "I'm hiding something."
If you want one of these conversations from your GSM phone, I'd go somewhere where they had GPRS or another GSM enabled data access method and send seriously encrypted VOIP traffic. If you want stealth, pick a location where you can get multiple GPRS timeslots (some phones support up to 128k bits) and package your voice in an encrypted stream like SSH. No one would think it unusual for a computer geek to ssh into his server from the field. The fact that one of your socket connections was a VOIP stream wouldn't be externally detectable.
Check out the Qualcomm QSec-800 for a CDMA equivalent of the Siemens TopSec, although you might have to work for the government to get one for now anyway.
I know that Motorola just released an addon to a off-the-slef phone that adds comsec.
s /g eneral_dynamics_sectera_secure.htm
From what I understand, phones with this devices are aproved by NSA for secret transmittions.
Doing a google seach I came up with this:
http://www.cellular.co.za/phones/generaldynamic
hmm... for fun I enjoy launching DDoS attacks against 127.87.42.5