Encrypted Cell Phone Hits the Market

notshannon writes "Reuters reports about a new cell phone which automatically encrypts communications. Of course, the matching handset will decrypt the message. Security doesn't come cheap, around $4000 per pair, but it's probably as reliable as anyone in these parts could wish. Favorite quote: 'We allow everyone to check the security for themselves, because we're the only ones who publish the source code,' said Rop Gonggrijp at Amsterdam-based NAH6. Amusingly, the article cites government.nl and not nsa.gov as the world's most prolific phone tapper."

Encrypted cell phones?

You terrorists!

Wow! They invented GSM!

Amazing!

Re:Wow! They invented GSM!

[skandalfo]

The GSM mobile telephony system (used everywhere but except in USA and colonies, may God protect their industries from competition), does indeed support cryptography since its very design.

Not only that, but also a pseudo-random frequency hopping feature is also included in the scheme, so that recording a conversation from the radio waves in order to perform a later brute-force attack on it could be made impossible.

There are, however, several problems when coming down to reality in the application of the GSM standard:

• The encryption mechanism isn't an end-to-end one; that is, it secures the handset to base-station link only, and for the rest of the communication path the voice/data travels in plain. The mechanism protects the user from radio eavesdropping only. GSM network land links and equipment must be secured by the operator. When having to tap a phone number, law enforcement organizations have to get the support of the operator, too, but probably insiders would be able to eavesdrop as much as they like.
• Actually ciphering or frequency-hopping are optional features, and I think they're not used by most of the operators in Europe because of technical/cost, legal or political reasons. I know my GSM operator doesn't use them, at least at some cells. I know of cases where the available key-length has been artificially reduced because of political/legal concerns.

So, in a real world where the operator could be trusted and there weren't political restrictions about it, GSM could give the user privacy, but the fact is that it doesn't.

If the devices in the article provide end-to-end, user-controlled crytography, then they have their value indeed.

Re:Wow! They invented GSM!

[rrkap]

The GSM mobile telephony system (used everywhere but except in USA and colonies, may God protect their industries from competition), does indeed support cryptography since its very design.

AT&T Wireless, and Cingular and several small companies will be supprised to learn that their cell phone networks don't exist. One of the reasons that cell phone coverage in the U.S. is fairly poor is that there are 3 major competing and incompatable cell phone networks (strictly speaking there are several more because some providers stick you with either 800 or 1900 MHz only).

Unlike most countries, the U.S. never decreed a standard for cell phones and allows a variety of networks to exist. This has been a mixed blessing. On one hand, cell phone coverage is worse in the U.S., leading to low rates of cell phone use, on the other, there are innovative features on some networks (Nextel's push to talk walkie talkie feature, which can be handy in some lines of work, comes to mind) that don't work well on GSM or on the newer 3G networks.

Re:Wow! They invented GSM!

[hughk]

I was not aware of frequency hopping being in the GSM standard. I know that if you move between cells, the hand-over will allocate new frequencies.

The A5 cipher is standard and is turned on throughout western europe on the GSM network. Others get a strength reduced version and some have no encryption at all. Encrytion only works between the handset and base station. Law enforcement organisations normally have access at the switches but generally require warrants.

Re:Wow! They invented GSM!

[EchoMirage]

> The GSM mobile telephony system (used everywhere
> but except in USA and colonies, may God protect
> their industries from competition), does indeed
> support cryptography since its very design.

Hmm...Too bad the GSM A5 encryption is terribly flawed and easily cracked. From the linked article:

In this paper we describe a new attack on A5/1, which is based on subtle flaws in the tap structure of the registers, their noninvertible clocking mechanism, and their frequent resets. The attack can find the key in less than a second on a single PC with 128 MB RAM and two 73 GB hard disks, by analysing the output of the A5/1 algorithm in the first two minutes of the
conversation.

And you're apparently also under the impression that GSM is better. Just because Europe uses it doesn't mean it's the best, and just because a few U.S. companies have gone with the superior CDMA technology doesn't make them monopolies.

Re:Wow! They invented GSM!

[skandalfo]

Although the authentication mechanism (A3/A8) is SIM implemented, and could be "easily" replaced, it seems that A5 for communications encryption is implemented by the handset (which has its sense due to limited SIM-card processing power). So, you're right, and I'm not defending whether the given algorithm is good or bad. Indeed they should have made it pluggable/downloadable too, but this kind of remote-code downloading and executing was far ahead of the time when the GSM standard was done (and they don't seem to look at this possibility for 3G either).

About competition, what I mean is that USA "makes its own standard" whenever a new international one is seeked. See what has happened to 3G too... -> incompatible handsets.

Actually I don't know how CDMA works, if it has any built-in encryption or frequency-hopping algorithm, or whether it's better than GSM or not. I only feel that the tendency shown by USA companies and institutions in this case is directed towards making it difficult for foreign equipment makers to compete in USA, rather than towards a better technology.

I simply don't buy it has anything to do with military radio band allocations or any other kind of legal radio band allocations having to be relocated.

Do what I do...

Rather than pay $4K to encrypt your phone calls, do what I do: don't have anything worth saying

Re:Do what I do...

Whatever happened to talking in code?

"Hello Midnight Rooster? This is Urban Paddler... The eagle has laid a silver egg, repeat the eagle has laid a silver egg, but uncle George's cookies have no sugar."

Re:Do what I do...

[JediTrainer]

Rather than pay $4K to encrypt your phone calls

I have a better idea: let's attack the decryptor's business model. Talk, talk, talk (especially if you've got those free evenings and weekends). They'll have so much to listen to, they won't be able to sort out anything from the noise.

Even better, use your time to call up spammers who are dumb enough to put 1-800 numbers in their mailings and chat them up for hours.

Re:Do what I do...

Even better, use your time to call up spammers who are dumb enough to put 1-800 numbers in their mailings and chat them up for hours.

To put this into full effect... Send your own spam including the target spammer's 1-800 numbers. Not all spam goes to everybody, and the more you spam the spam, the more people will see it and the more people will call the spammer.

Re:Do what I do...

[sabNetwork]

The "decryptors" don't have a "business model", they have a task to complete.

I would say that Project ECHELON is doing a pretty good job of filtering information. The entire purpose behind the project is to collect as much data as possible and filter through it using advanced AI systems. I don't think a few extra phone calls are going to bother them.

Re:Do what I do...

[devilspgd]

Too many assholes replied with "don't forget the bullets for the silver egg"

Phone Tappers

> Amusingly, the article cites here (NL) and not here (US) as the world's most prolific phone tapper.

Maybe because they're based out of Amsterdam, you insensitive American clod?!?

Re:Phone Tappers

[spectral]

Do you really think that a government agency in the netherlands is the WORLD'S most prolific phone tapper? I kinda doubt the NSA is either, but still, I'd think SOME US agency would be doing it more than any NL agency would be.

Re:Phone Tappers

[Mawen]

Perhaps the term "prolific" isn't referring to scale, but to percentage or per-capita tapping. ...BTW, what about echelon?

Re:Phone Tappers

[jefeweiss]

Ha ha hahahahahaha .... hahahaha....ha ha hooooooo.....

But seriously. The NSA isn't the world's most prolific phone tapper ... hahahaha hhaha ha ha.... That's a good one. They probably only listen in to several hundred million cell phone calls a day. That's not so much. Of course most of that is automated listening for keywords, so maybe that doesn't count.

Re:Phone Tappers

They probably only listen in to several hundred million cell phone calls a day. That's not so much. Of course most of that is automated listening for keywords, so maybe that doesn't count.

Paranoid much?

Gotta start somewhere

[sbeast702]

It really doesn't matter if they are $4000... so where the original motorola brick phones. Hopefully these will give other companies ideas on how to make them better/faster/cheaper.

Re:Gotta start somewhere

[notoriousE]

I don't think encryption on cellular phones makes much sense. It seems that the people that could really UTILIZE the encryption technologies have counterparts that would have the technologies to crack the encryption anyways (ie government agencies)

Re:Gotta start somewhere

That's just stupid. Not every encryption can be broken at present, even if you used every computer on the planet in the attempt.

Re:Gotta start somewhere

[notoriousE]

The company distributing the phones would need to have the ability to crack the encryption i'm sure. If ANYONE has that knowledge, the encryption can be compromised if information is leaked.

Re:Gotta start somewhere

[Anml4ixoye]

No, not quite true. The strongest encryptions are not based on no one knowing the algorithims - in fact most cryptographers do not regard an algorithim as secure unless it has been exposed. The strength lies in the keys generated.

For example, the RSA algorithim is available. But currently most people do not have the computing power necessary to decipher the keys to the transmission.

Re:Gotta start somewhere

[notoriousE]

give me a practical example where two people communicated would need encrypted cellular phones. government officials would be an obvious example, but then again, they have better security measures currently in place, so they're out. i guess encryption would provide some comfort for all the paranoid, conspiracy theory people out there, but as for practicality, people SINCERELY concerned with keeping things between them will use better measures (ie in person meetings, private online chat rooms, etc) that would better ensure less eavesdropping.

Re:Gotta start somewhere

[CelloJake]

How about business people discussing corporate secrets? Sure you could meet in private... but for just $4K, this could be very convenient.

Re:Gotta start somewhere

[homer_ca]

That's exactly the problem. It seems like people who discuss business in public places on cell phones like to talk as loudly and obnoxiously as possible (maybe it makes them feel important?). You'd have to retreat to a private place to be safe from eavesdropping, which somewhat negates the convenience of a cellphone. There's cheaper solutions, like IP phones over a VPN.

Re:Gotta start somewhere

Read the article, they publish the source code.

Responsibility

[Fux+the+Penguin]

Wow, $4,000 per pair? That seems awfully high, but I'd imagine there are many legitimate uses of such technology, that may interest people to shell out that much cash. For instance, credit card authorization, police communication, and drug trafficking come to mind. I work for the second-largest supplier of solid-gold cell phones and pagers, which are often used by celebrities and collectively engaged urban businessmen, and I could certainly see where many of our clients would have use for this kind of device.

I am a little concerned, though, that this kind of technology might fall into the wrong hands. For instance, have the manufacturers considered the applications for which terrorists might use these? I hardly think that the NAH6 would like to see their products used to slaughter innocent Americans, or even Amsterdaminians. Encryption is certainly a worthwhile tool, but I think it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.

Perhaps I would be more supportive of NAH6 if they were to provide a backdoor for the NSA, FBI, CBS and the ALF. These organizations, then, could catch evil-doers in the act before they can inflict massive damage to our American way of life. Truly, the only way to secure our liberty is government supervision of the most invasive sort.

Re:Responsibility

That was an unenjoyable troll.

Re:Responsibility

bwahahaha ALF. nice one

Re:Responsibility

[pvt_medic]

The price will eventually go down, give it time. But as for tapping, it does create a problem for the agencies that would want to listen in. They of course would not publish if there is a back door, and maybe all you need to listen is the software running on the listening device? That information would be highly secretive.

I find it funny that the Netherlands tap more phones a year. I wonder if that is true or just because half of what agencies do over here is classified. There no oversight of how many people actualy are tapped. Remember for the longest time the NSA was a very classified organization and no one even knew of its existence.

Re:Responsibility

*BEWARE* explcitly dry sarcasm ahead!

Re:Responsibility

Most likely it is because Amerstdam is probably the drug use capital of the world. The police must go batty trying to tap the phones of everyone engaged in the illicit marajuana rings.

Re:Responsibility

Simple... Add a voice recognition chip wired to a small block of RDX or C-4. Say the wrong words too many times and you'll have a extra little bit of excitement added to your day.

Re:Responsibility

Ah, there is hope for America yet - an American with irony !

You are right in that talk doesn't hurt anyone. Hell if the 9/11 people talked a bit more and didn't DO or if the various Federal groups TALKED to each other a bit more then 9/11 wouldn't have happened. For that matter of US talked to Isralies who talked to Palestinians and visa versa instead of shooting each other then there wouldn't have been a cause of 9/11 at all.

Re:Responsibility

[Brandybuck]

it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.

Some quotes from Phil Zimmerman, author of PGP (emphasis mine):

Its personal. Its private. And its no ones business but yours. You may be planning a political campaign, discussing your taxes, or having a secret romance. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don't want your private electronic mail (email) or confidential documents read by anyone else. Theres nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.

If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email?

Re:Responsibility

[aallan]

I am a little concerned, though, that this kind of technology might fall into the wrong hands. For instance, have the manufacturers considered the applications for which terrorists might use these? I hardly think that the NAH6 would like to see their products used to slaughter innocent Americans...

..and the really bad thing? It took me way to long to figure out you were joking, I've been hearing far to much of that line of arguement for real lately. *sigh*

Al.

Re:Responsibility

[Fulcrum+of+Evil]

For instance, have the manufacturers considered the applications for which terrorists might use these?

Terrorists tend to use more secure methods, like meeting out in the middle of nowhere and talking face to face.

Re:Responsibility

[wfberg]

I am a little concerned, though, that this kind of technology might fall into the wrong hands. For instance, have the manufacturers considered the applications for which terrorists might use these? I hardly think that the NAH6 would like to see their products used to slaughter innocent Americans, or even Amsterdaminians. Encryption is certainly a worthwhile tool, but I think it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.

Real criminals have had access to, say, laptops connected to gsm phones that run speakfreely or simply any voip product over-ssh/ipsec/pptp/whatever for years..

Most importantly though, this cryptophone does nothing to conceal traffic data; i.e. "who's calling who". This information is not much use in corporate espionage, but worth its weight in gold in criminal investigations (and much easier to sort through than voice calls).

Re:Responsibility

[Firethorn]

But how secure are face to face meetings? And it's difficult for a mole to meet with the higher ups, as they might be under surveillance. A secure means of communication would be of great benefit to the terrorists. It'd help with combined seperated actions w/last minute changes. Most militaries already have this, if in a more expensive per unit way(at least for the US military).

Re:Responsibility

Ah, but the world would be a perfect place if you were in charge...

Re:Responsibility

[escallywag]

I think it's naive to think that there's any commercial encryption technology available that can't be compromised by at least the US intelligence and military services. If it would be near unbreakable by them it would be unavailable to the general public and/or illegal in the US.

Props to NAH6...

[tcopeland]

....for doing a PGP extension to Mailman.

The patch file alone is 56 KB... looks like they put in some effort on that one. Pretty cool.

Re:Props to NAH6...

[gnu-generation-one]

"for doing a PGP extension to Mailman."

PGPi itself always had the PGPFone module, which can either encrypt a telephone line (your modem dials their modem) or handle internet calls (useful for people whose families are abroad)

Download it here, including source-code.

can you hear me now?

that will become " ? nac uoy reah em won"

Re:can you hear me now?

[Jonny+Ringo]

!doog

Re:can you hear me now?

[TruelyGeeked]

is it just me, or couldn't this type of thing be done using current devices with an update to the unit'ss firmware. I mean, certainly if my Toshiba CMD-9500 has the horsepower to play the latest Eminem song as a ring tone then it can do some basic encryption of my text messages and voice conversations. I'm not talking about 1024bit NSA level security, I mean just enough to keep that kid with a frequency scanner from hearing my girlfriend talk dirty to me. Just a thought.

Re:can you hear me now?

[pyros]

I was under the impression that if your phone is on a digital network then communication needs to at least be decoded, as it isn't a plain audio signal like a cordless POTS phone.

Re:can you hear me now?

[wfberg]

is it just me, or couldn't this type of thing be done using current devices with an update to the unit'ss firmware

In GSM phones it's already being done in the tiny, tiny chipcard. But that encryption is only between handset and basestation (the main ISDN/POTS network is not encrypted), it's not particularly good (can be decrypted and tapped with a 100K machine - if not (much) cheaper), and of course the telco has the key (so, so does your government, among others).

This is end-to-end using Diffie-Hellman for key-exchange (you read up a checksum to make sure there is no man in the middle -- kind of biometrics!) and AES+twofish for encryption (AES and twofish were chosen/designed for being efficient in hardware). It wouldn't take much to make this into some sort of standard for encrypting voice-over-IP/digitalwhatever, but handset makers would have to feel inclined to implement it and to refrain from backdooring it.

nah

[Dreadlord]

real /.ers don't use expensive encryption phones, they do the math themselves, and then encrypt signals by waving a magnet near the phone.

Re:nah

[pvt_medic]

let me see if that works on my computer. I have been looking for some good encryption. *(%$ #$&$* #$@ F* Fh982345*#%hds

Re:nah

[UrgleHoth]

Well, if you don't have a magnet handy, you could always whistle

Re:nah

...and they get free long distance (forever!) by wrapping a comb in paper and making a PHWEET noise at the phone with it.

Re:nah

[anothy]

no, my encryption device rotates the magnet for me. the magnet's composed of super-cooled bits i salvaged when my overclocked Athlon exploded. the magnet rotation's controlled by a Z80 i programmed with an electron microscope and magnetized dental pick. and yes, i still do the math myself.
in my head.

now that is l33t.

Limited Use?

[BadCable]

Doesn't this seem of limited use?

I mean if it only encrypts for other cellphones of it's type on it's network the usability is rather limited.

You might as well use encrypted walkie talkies, it's not too different when you think about it.

Re:Limited Use?

[cmdr_beeftaco]

Yeah but how cool would it be to say to the other owner, "better move this to a secure channel."

Re:Limited Use?

[borgboy]

Yeah, except for the whole goes across the [nation|world]-wide telephone network part.

Re:Limited Use?

[pvt_medic]

besides it should be common sense that if you want true security you need to develop it your self. Otherwise you are trusting people like microsoft to make you secure.

I had a friend back in high school made his own encryption program, thing works like a charm. Not that hard to make an undecypherable encryption scheme.

Re:Limited Use?

[plierhead]

Duuh.. perhaps your walkie talkie might not be able to reach quite as far as the global phone network ? At least without requiring a 20 metre tall antenna that would turn your ears bright pink when you made a call ?

Re:Limited Use?

[spectral]

Your comment was more appropriate than you think. 'The other owner', since at that cost there prolly will only be two..

Re:Limited Use?

[Brandybuck]

I had a friend back in high school made his own encryption program, thing works like a charm. Not that hard to make an undecypherable encryption scheme.

Ahh, I get it. Next time try enclosing your posts in <sarcasm> brackets. Otherwise some humour deficient reader might come along and believe you.

Re:Limited Use?

[geoffspear]

Yes, I rewrote all of the login code on my computer and designed a new kind of locks for my house and car. And then I organized my own military and police forces to make sure I'm secure from foreign invasion and domestic criminals.

Re:Limited Use?

Walkie talkies are as limited as you might think..

http://www.motorola.com/LMPS/pressreleases/page1 62 7.htm
http://www.motorola.com/LMPS/pressreleases/ CGISS00 12.html

Re:Limited Use?

[swb]

When someone asks me what I did over the weekend I always say "I raised a people's army and seized control of the state."

MOD PARENT OVERRATED

Sheer plagiarism.

Re:MOD PARENT OVERRATED

Of whom?

How's it work?

[calebtucker]

So.. you buy a pair at a time and these phones can only talk to each other securely? Or is there some way to exhange keys?

Re:How's it work?

[AKAImBatman]

The slashdot blurb makes it sound like private key encryption, but a quick look at the article and site suggest that it is actually public key encryption. Which makes sense in my opinion. Why would I only ever want to call one other phone (with the exception of a RED phone, heh)? I simply want to send my public key, receive his, and then chat on a secure line with whomever I choose.

Re:How's it work?

So.. you buy a pair at a time and these phones can only talk to each other securely? Or is there some way to exhange keys?

They do key exchange using Diffie-Hellmann; the validity of the key is confirmed by each user reading back a checksum, just like in SpeakFreely. If you don't hear the voice you were expecting, uh-oh! Perhaps they'll add PKI stuff for organizations later (people will start to skip reading out checksums...)

http://www.cryptophone.nl/html/faq_en.html
http ://www.speakfreely.org/

(no links due to keyboard fudging up quotes and such)

Re:How's it work?

[Otto]

It's very rare for public key encryption to be used for a streaming method of sending data. For one thing, it's too slow. Encrypting and decrypting to a public key method is just CPU intensive. Not as intensive as generating the keypair itself, but still nontrivial. Generally you use public key encryption to exchange a private key for some other symmetric encryption. The private key is random and only good for that one session.

So first, the phones would exchange public keys.
Next, each phone would choose a random session key for some symmetric encryption method like Blowfish or AES or something.
Then, each phone would send its random session key to the other phone, using the other phone's public key. They'd decrypt these using their private keys and thus obtain the key to decrypt the rest of the traffic from the other phone from then on. For added security, they could shift keys every so often by the same method.. Choose a new key and send it to the other phone using his public key.

It'd be a little bit more complex than that, but that's the essentials. It's highly unlikely that it's using the public key for all of the encryption.

I for one welcome our new cryptographic overlords!

[SkArcher]

Anyway, seriously, while I see the issue about cryptography preventing terrorists being phone tapped, i'm less than enthusiastic about them being able to tap just anyone.

For that matter the ability of any kid with the right equipment to pick phone conversations out of the air, like that record that got released a few years back...

$4000?

Why would I use an encrypted cellphone for $4K when I could simply use a relatively obscure, long-distance whistle language?

Call for legislature to outlaw these phones

[kavau]

Write to your congressman immediately, demanding that these phones become outlawed worldwide! They might be used by terrorists to plan attacks against Freedom and Civilization! Or, worse than that, they may be used for illegal file trading! A Good Citizen (TM) has nothing to hide, and will have no need for Evil (TM) tools like this.

Oh yes, I'm being sarcastic...

Re:Call for legislature to outlaw these phones

[sfjoe]

They might be used by terrorists to plan attacks against Freedom and Civilization!

Undoubtedly these phones will be used to transmit kiddie porn, too. Won't somebody please think of the children?

Re:Call for legislature to outlaw these phones

mmmmmm, yes the children. i'll think all about them.

Re:Call for legislature to outlaw these phones

[dbIII]

Write to your congressman immediately, demanding that these phones become outlawed worldwide

I'm fairly sure that encryption of telephone calls is illegal in Australia.

Why not sooner?

[Orien]

Personally, I am flat-out amazed that this kind of thing hasn't taken off much sooner. There is a public outcry right now about "Privacy" and all kind of laws are being enacted to ensure consumer protection of personal information. So why isn't there a much higher demand from consumers for "Privacy" when it comes to data transmission and data storage? It's not like it's hard from a technology standpoint. Encrypted communications have been around since long before cellular phones. We just need more people asking for it to see this kind of thing standard in phones, bluetooth, 802.11, etc.

Re:Why not sooner?

[Zebbers]

public outcry for privacy?
what country are you living in?
i look around my daily life and see most people having little concern with 'privacy', aside from something like id-theft. even then they just want 0 liability, not elimination of things that make id theft easy. get a capital one no hassel card!

Re:Why not sooner?

$4000 per pair.

Next question.

Re:Why not sooner?

[gad_zuki!]

The problem might lie in that digital cell communications are already encrypted by the telecoms themselves. The technoproles may not know that equals t-mobile can hear their conversations or they're content knowing that the kid down the street can't listen in to their calls.

Not to mention, some people really just believe in unrestricted government wiretapping the "Ive got nothing to hide" attitude or are too apathetic to care.

Re:Why not sooner?

[ChicagoBiker]

As the other guy said, what country are you in? Not the USA. Hell, we just let our congressional representatives enact the Patriot Act on our asses, and nearly none of us complained. It now allows virtually any local, state or federal agency to walk all over us and peek into any part of our lives without asking any of us, or notifying us if it ever occurred!

And Privacy? With grocery store discount cards tied to our social security numbers and every kind of public database searchable by nearly anyone for free ranging in everything from our property records, tax payments, medical records, court appearances, etc, we're hardly a private country anymore. Worse yet, all these fools with "blogs" blabbing all their useless drivel for millions world wide to read and "archive". Privacy here has gone right out the window. Just wait until Walmart installs all those RFID tags in your clothing and food and then "they" can watch and track just about everything you do without even asking!

Re:Why not sooner?

[ksorim]

Cell phones with encryption capabilities has been available since at least 1999. The Tiger cell phone from Sectra has been available for more than four years now.

I don't think there is a very large demand for it though. People just don't care enough about their privacy to compensate for the disadvantages.

Re:Why not sooner?

Because the reality is that as much as people cry about privacy, it's really about having something to cry about, not actualy privacy. Actually spending their own money on it isn't usually an option.

Re:Why not sooner?

[bill_mcgonigle]

This phone system seems like a pretty significant engineering feat.

If you were to setup your own network for encrypted phones, sure, no problem, but these run over the existing network.

The telecos already compress the bejezus out of the data channels to cram as many calls as possible onto a tower, so these guys had to encode and compress the audio, then encrypt it, then send it over the allocated bandwidth, all while surviving whatever the telcos want to do with the signal.

That's probably harder than it sounds.

More information

[DerOle]

see this page for further information (in English).

How are you defining prolific?

[WIAKywbfatw]

If it's by a percentage rather than the actual total, please bare in mind that the population of New Zealand is not very large, it only hit 4 million this year, so all it would take is a few hundred phone taps on the lines of organised criminals and suspected terrorists to give you a relatively high percentage figure for NZ.

So, NZ might have a few hundred phone taps and the US might have a few hundred thousand. But because of their relative population sizes, you're going to call out NZ as a country that's big on tapping? Are you kidding me?

Next time, if you're going to editorialise in your story submission, at least try to be fair rather than comparing apples and oranges.

Decrypt?

[jabbadabbadoo]

"automatically encrypts communications"

Pretty useless if it doesn't also automatically decrypt :-) Unless you're talking to your mother in law, that is.

Available in U.S.?

[exhilaration]

Are these available in the U.S.? The last time encrypted cell phones made the news there were no plans of selling them in the U.S.

Re:Available in U.S.?

From the webpage -

Coming soon: GSMK CryptoPhone 100 US
ensuring your voice's privacy same featureset and codebase as normal GSMK CryptoPhone 100 works in any GSM 1900 network that provides data call facilities

Re:Available in U.S.?

[Realistic_Dragon]

Are these available in the U.S.? The last time encrypted cell phones made the news there were no plans of selling them in the U.S.

Amazon.com

People who brought these also purchased:
900Mhz GSM network to run them on. $1,000,000.

Re:Available in U.S.?

From the site

Coming soon: GSMK CryptoPhone 100 US

• ensuring your voice's privacy
• same featureset and codebase as normal GSMK CryptoPhone 100
• works in any GSM 1900 network that provides data call facilities

Can be Pre-Ordered already

But if you ask google nicely you might even find something cheaper.

Re:Available in U.S.?

[Cramer]

• works in any GSM 1900 network that provides data call facilities

Man, they're getting awfully close to that hair... by making a data call and doing the voice digitization (and crypto) at the handset, they just might get past US (FCC) regulations. This is, thus, the same thing as an encrypting ISDN phone set (which do exist.)

This might not go over very well in the US. Data mode on cell phones is usually a charge-by-the-byte extra service.

Mod me down...

[WIAKywbfatw]

Doh! I must be going blind. I read the link as .nz not .nl. Simple mistake, but pretty stupid at the same time.

Nevertheless, the relatively small population of the Netherlands skews these results.

The Microsoft-based XDA handheld computer phone

[burgburgburg]

The Microsoft-based XDA handheld computer phone made by Taiwan's High Tech Computer is selling for 3,499 euros ($4,121) per two handsets.

Well, since Bill IS focusing so strongly on security, I feel comfortable relaying most personal, intimate, potentially volatile information over these phones.

I also wear my Social Security number on a t-shirt, yell out the numbers of my PIN at ATMs and throw my credit cards at little children as if they were candy.

Re:The Microsoft-based XDA handheld computer phone

[TruelyGeeked]

So far I have successfully completed about 30 hours of secure conversation using my cell phone without any $4000 device. Using my cell-phone with the included data-cable, I can dial into Verizon's Express Network, and with a very good signal I get connection speeds comparable to some DSL lines. This is adequate for some VOIP applications and almost ALL web-to-phone solutions. if they tap my cell phone...they hear the notorious fax-machine screaming or simply see a "data-stream". it isn't until it gets to the other end that it is turned into an analog voice, and if the other end uses a similar configuration, it never leaves the digital realm. Which opens the solution up to SSL, WEP, etc... Just another though.

US most prolific phone tapper?

[sulli]

give me a break.

Re:US most prolific phone tapper?

[Fulcrum+of+Evil]

Yeah, right. Just how many phones does China have, anyway?

Re:US most prolific phone tapper?

You know what Stuart? I LIKE you. You're not like the other people here in the trailer park.

Re:US most prolific phone tapper?

Actually, estimates of dutch tapping figures have said to have surpassed the official figures released by the US goverment. No wonder people have been looking to get the dutch official figures, no luck so far, its claimed no grand totals excist for the modern day digital tapping system.

Ofcourse these numbers are only about telephones, in radio and satalite communications the US might be the biggest player in the echelon coallition. Here it doesn`t mather much how big a player is becouse the goal of the coalition is to trade catured data and other inteligence. Question is what intelligence do other countries have that the USA can`t get though its sigint sattalites? Sattalite communication comes to mind as that travels through radio closely directed at either the sat or the ground station making snooping only possible for groundstations or sats with big dishes nearby the intended destination. This means dishes located on non US soil, the biggest reason for the coalition. Not many other countries opperate enough sattalites to get their data from over the horizon, so tapped phones and planted microphones comes to mind as being the only change of other goverments when it comes to trading with the US in the echelon community. If you think that that what the US captures ones is traded with many countries the world over for many other intersting bits you would think the US would be be winner of the biggest total goverment snooping award. But its hard to get an idea on how much the US shares its intelligence. Looking at the arrest worldwide after september 11 shows that many goverments eager to trail people on the basis of secret intelligence may not have had the "evidence" they where willing to use. This might mean that after sept. 11 the US supplied it, now why wouldn`t germany for example have acces to US intel on mulim fundamentalists? Asuming the US is capable of splitting the captured raw data into stuff interesting for national economic reasons (Which obiously should not be shared) and stuff that is mainly usefull when shared, it may not *want* to do so if it doesn`t get back enough becouse if small countries getting to much quality processed US intel easy they could trade it with others who could be of help to the US (Big dishes in the right places or say acces to the local pakistani embasies crypto room). But unlike law enforcement telephone tapping, this snooping is mostly done by organisation with roots in the militairy meaning that they are really secretive and not open for public review.

Re:US most prolific phone tapper?

[Cramer]

Heh, well, if you use the "published" numbers, there aren't that many US taps per year. I've venture a guess there are a lot more that aren't on the books.

Re:US most prolific phone tapper?

that doesn't make US phone tapping any better.

Re:US most prolific phone tapper?

And you have factual information to back that up? ... yeah I didn't think so.

Fucking morons.

NSA vs. the Dutch

[flabbergast]

" Security specialists in the Netherlands said the device could threaten criminal investigation by the Dutch police, which is one of the world's most active phone tappers, listening in to 12,000 phone numbers every year."

The article states "one of the world's most active phone tappers" not "the world's most active phone tappers". The US had fairly stringent policies against phone tapping citizens (ie the police and FBI, not the NSA). I'm sure the NSA is not giving out statistics on how many wiretaps it does a year, but the NSA is (supposedly) forbidden from investigating within the US.

Does anyone else find it weird that its collectively called "the Dutch police?" Are they referring to all local law officials or some national law enforcement agency? Just curious...

Re:NSA vs. the Dutch

[Holi]

The NSA can tap as many phones as it wants, by it's charter it is above certain laws. On the plus side, none of thier taps can be used against you in court.

Though if yer really bad, you may just disappear.
For some insight on the NSA I recommend The Puzzle Palace

Re:NSA vs. the Dutch

After reading your article, specifically the line stating that "The US had fairly stringent policies against phone tapping citizens..." I would like to disagree with you. While the US *USED* to have fairly stringent policies, the restrictions and regulations on these policies have severy dwindled in the last few years. If you haven't done so, I suggest you research the United States of America Patriot Act (USAPA). This bullshit law pretty much gives the police and the FBI to tap the phones (cellular/mobile inlcuded, and no longer tied to ONE SPECIFIC NUMBER!!). They now have the ability to get a wiretap order (for an even longer time period than previously) based on pretty much this:

"Uh yeah... We think this guy may be contacted by someone else who may or may not be associated with a possible terrorist oganization..... we think...maybe..."

It wouldn't surprise me at all if these handsets never made it to the US market. Only terrorists and enemies of freedom have something to hide. If you're a good citizen, why the hell do you need a right to privacy?

Re:NSA vs. the Dutch

[jefeweiss]

They get around the prohibition on spying on citizens by hiring other governments, such as the Brits and Australians to do it for them. That's the big reason we gave them access to Eschelon to begin with.

And Eschelon isn't used for anti-terrorism nearly as much as it is used for economic, and industrial espionage. So the target market for these phones might be trade commissions, corporations, and other groups that have business secrets the US government might want to pass along to companies they are friendly with./P

Re:NSA vs. the Dutch

[flabbergast]

I should note that I did not say "has" I said "had." I am aware of the PATRIOT ACT and thus my use of the past tense.

Re:NSA vs. the Dutch

[zoefff]

Well, Holland isn't THAT big (like Maine, I thought), but IIRC it is done by some national agency and has the KPN (national telecom operator) mandatory equipment installed for eavesdropping (possibly) every phone (at least land-lines).

There is some concern in the Netherlands, however, that eavesdropping is done on laywer/client calls (probably the client is tapped already). Although this information can't be used in court, the laywers are not amused. It is surely easier to get the evidence, if you know the answers!

Re:NSA vs. the Dutch

[mesocyclone]

And your sources for this are?

I often hear claims about nefarious activity by NSA, but considering the level of security, I am rather dubious of these claims because it leads to the question of how people broke NSA security enough to find out about this stuff.

If you want industrial espionage, check the French. Air France was discovered to have bugged every seat in first class on every flight for the French security agency. Why first class? Industrial espionage seems an obvious reason, although again, how would you know.

The government doesn't have time to spy on ordinary citizens. Unless it is doing a criminal investigation or a national security (i.e. counter-intelligence/counter-terrorism) case, it isn't going to pay attention to you.

If the rumored key phrase sniffers are out there, then they no doubt have listened to a few of mine and lots of other conversations, just to be annoyed at the waste of time.

Oh, and NSA is allowed to operate inside the US. It is the agency responsible for communications security for the US military, and as such monitors US military communications in the US in addition to providing secure systems.

Many years ago, when I was a radio operator in P-3 Orions, another radio operator in my squadron sent a false MAYDAY as if he were a ship (not aircraft) in distress. A few days later he was in the brig. Can you say "signature analysis" and "broadband recorders"? This was in the late '60s, btw, so you can imagine what sort of technology was used to be able to go back to an arbitrary frequency, pull out the false MAYDAY, and subject it to signal analysis.

The same technique is almost certainly how the KAL-007 shootdown was recorded. Basically, at least in the past and no doubt now, NSA records and archives a whole lot of spectrum in a whole lot of places.

Re:NSA vs. the Dutch

Running to mama, You Americans and your PATRIOT ACT.

What is that anyway, lock up PATRIOTS in you stock /bonds noted on the WALLSTREET jails, wait i should should say PRISONS.... :-).

Re:NSA vs. the Dutch

The NSA was suspected of a boeing/airbus thing a while back. I don't remember how it ended though.

Also who do you think makes up the NSA robots? As long as people are a part of the mix there will always be leaks and corruption. Assuming the NSA is above both of those is stupid. Right now the NSA might not have even 1 corrupt person involved, but considering the record elsewhere I think its unlikely

>If you want industrial espionage, check the French. Air France was discovered to have bugged every seat in first class on every flight for the French security agency. Why first class? Industrial espionage seems an obvious reason, although again, how would you know.

Well this is also where you want to be to hijack the plane.

>The government doesn't have time to spy on ordinary citizens. Unless it is doing a criminal investigation or a national security (i.e. counter-intelligence/counter-terrorism) case, it isn't going to pay attention to you.

Well in Canada the gov spied on a wide range of "subversives" in the 60's and 70's

Re:NSA vs. the Dutch

[Monk[Deviant+Form]]

there is/was a small scandal brewing in holland over the use of phone tap systems made by the israeli company comverse infosys,
the claims are that its suspicious that nobody but the israeli technicians are allowed to repair/service these machines,and that its posible foreign governments have access to the wiretaps.

Re:NSA vs. the Dutch

Thanks for being a voice of reason among the tin-foil hat club.

Most, if not all of us are just not important enough, or doing anything so wrong, that we would get a second look from the NSA,FBI, etc. For those who believe otherwise, get over yourselves.

Re:NSA vs. the Dutch

I'm not exactly sure what you mean. We have only one type of police. It's divided in a couple of regions.
We used to have a kind of federal police, but that didn't really add anything to the law enforcement system, so it was split up and added to the regional police system. We also used to have things like sherrifs and stuff, but they are also gone. We now only have the police regions.

It isn't really usefull to have more agencies in a country that is urbanized to such an extent.

So collectively calling it "the Dutch police" pretty much hits the mark.

Re:I'm a Republican

There is some truth in what you say. I am an extreme right winger. I am against israel, christianity, and minorities. The republicans pretty much take the same position as the liberals on racial issues.

Pictures of the phone....

[OctaneZ]

can be found at CryptoPhone's Picture Page

looks like one of those phone/PDA's in one.

if this was I'm a liberal

it would be -1 flamebait.

--
Ann Coulter Troll

I think the most prolific phone tapper is...

[melted]

FSB, formerly known as KGB. On numerous occasions they've ordered the Russian phone companies to turn off even the weak GSM encryption and wiretapped whoever they wanted. They also release "proslushki" (wiretaps) of some politicians talking on the phone on some "independent" web sites almost weekly. BTW, in Russia they don't need the warrant issued by a court to do this. Basically every god damn cop can wiretap whoever he wants if he has the gear. Too bad the use of cryptography (except for the government-approved algorithms) is not allowed in Russia.

Re:I think the most prolific phone tapper is...

[vladkrupin]

while I agree with the rest of what you say, this part:
Too bad the use of cryptography (except for the government-approved algorithms) is not allowed in Russia.

sounds like total BS to me. To the best of my knowledge, it has never been outlawed (in fact, I believe cryptography hasn't beed specifically addressed in any laws), and, even if it were, it is most certainly not enforced. And, as we know, a non-enforceable law is as good as no law at all.

Re:I think the most prolific phone tapper is...

[hughk]

Encryption is a major problem for most organisations and you are essentially limited to GOST (which are only symmetrical ciphers). To use a GOST cipher you must obtain an implementation a license from FAPSI. FAPSI also require that some personnel are trained and certified. Keys must be generated by a FAPSI approved box, which you pay money for each time you use it. FAPSI is essentially the former communications security directorate of the KGB.

This does not apply to organisations regulated by the Central Bank of Russia, such as banks and currency exchanges. This allows them to use such things as PGP and SWIFT because the banks are open to authorised inspection at any time.

Communications between clients and banks or brokers, i.e., electronic banking and/or trading are an issue. Especially as some brokers are unregulated by the Central Bank.

If you are particularly interested, I can dig out the law references from some of my reports. Many do break the law, as happens in Russia, but this gives another good reason to be shaken down.

As the FSB is able to intercept almost anything (the primary exception is the military who do their own thing) without real control - it appears that they do. The information is also made commercially available to those who may be interested.

Obligatory rot13 joke

[BabyDave]

Pna lbh urne zr abj?

Re:Obligatory rot13 joke

[HomerJayS]

tbbq!

Call for legislature to outlaw these phones

Write to your congressman immediately, demanding that these phones become outlawed worldwide! They might be used by terrorists to plan attacks against Freedom and Civilization! Or, worse than that, they may be used for illegal file trading! A Good Citizen (TM) has nothing to hide, and will have no need for Evil (TM) tools like this.
Oh yes, I'm being sarcastic...

Something to Consider

[That's+Unpossible!]

"We allow everyone to check the security for themselves, because we're the only ones who publish the source code," said Rop Gonggrijp at Amsterdam-based NAH6. Gonggrijp, who helped develop the software, owns a stake in Germany's GSMK.

That sounds great, but this is a hardware device. How can we be sure the phones we buy are actually running this source code? Would we be able to compile the source code and install it into the phones?

Re:Something to Consider

[dmeranda]

From an open/free software view this is a wonderful announcement (an obvious role-model for the e-voting devices), but from a security perspective the issue you bring up is important.

Of course with the software (or in fact with just complete specs) you could build your own phone (or simulation of one) which you could then use for interoperability testing with a real phone. This could verify that the phone at least appeared to operate as the code specifies...black box testing.

It's also not mandatory that they allow your to install your own software....they could have this in a ROM which is not reprogrammable. But if there's a way for you to inspect the ROM or checksum it, you could still compare it against the source code they gave you....without having to give you the ability to install your own code.

But of course these kinds of tests do not mean that there aren't any backdoors in the phone, either in software or hardware. Anybody remember the Clipper Chip? If you had the source and specs, minus the backdoor part, you would not be able to determine that there was a problem. And even if the cryptography has no backdoor, you still have to trust the hardware itself to not just turn around and rebroadcast/record your conversations over another connection or some other type of intentional leaking outside of the encryption protocol itself. Some of this can be checked with the right equipment, but covert channels can be extremely difficult to detect.

But at some point you just have to trust the company and its products, or if you don't trust them then build your own encryption device.

Secure Cellular Phones

[Detritus]

Secure cellular phones have been available for years. They just don't sell them to the rabble. See this QUALCOMM web page for an example.

I'm waiting for VOIP to become ubiquitous. Then there will be no carrier or FCC type acceptance to stand in the way of encryption.

Misspelled link in post

[skizrule]

The author of the post spelled government.nl as goverment.nl. Opps. Here's a link to the correct URL.

The NSA Kids Page?

[karlandtanya]

Following the link in the story, I saw this link on the NSA's main page: Kids' Page

NSA Kids page? WTF??

Mommy, I want to be a spook when I grow up.

Re:The NSA Kids Page?

[Tackhead]

> Following the link in the story, I saw this link on the NSA's main page: Kids' Page
>
> NSA Kids page? WTF??
>
> Mommy, I want to be a spook when I grow up.

My favorite .sig of all time reads:

"NSA is now funding research not only in cryptography, but in all areas of advanced mathematics. If you'd like a circular describing these new research opportunities, just pick up your phone, call your mother, and ask for one."

no

[SweetAndSourJesus]

real slashdotters don't have anyone to call in the first place

Uh oh

[Gogl]

I think we slashdotted the entire government of the Netherlands.

Re:Uh oh

[JaredOfEuropa]

I think we slashdotted the entire government of the Netherlands.

So that's what that smell of molten circuitry was. Go on, we won't miss 'em!

Re:Uh oh

[zoefff]

you can check the Dutch and use bable fi....

Damn, no Dutch to English

digital cell phones already use encryption...

[muddy_mudskipper]

digital cell phone towers in the US already use encryption...on their control channels.

it's called CMEA (cellular message encryption algrithm)

http://www.cs.berkeley.edu/~daw/papers/cmea-cryp to 97-www/paper10.html

"Note that CMEA is not used to protect voice communications. Instead, it is intended to protect sensitive control data, such as the digits dialed by the cellphone user."

real /.ers ...

[Dreadlord]

... use the phone to connect to the Internet and post comments!

Key Exchange; Stego?

[4of12]

It wasn't clear to me if these phones were simply hardwired pairs, which would mean if you lost a phone that your security would be compromised.

If each phone saved a cache of public keys from potential correspondents, and the user needed to key-in a private key to authenticate, then it would be more intersting.

Lastly, there should be a stegospeech option where the encrypted channel overlays some uninteresting drivel conversation (you know, the kind of conversation that occupies 90% of cellphone bandwidth anyway...)

Re:Key Exchange; Stego?

[acaird]

That'd be easy... you only need to phrases: "Can you hear me now... how about now? No, well, sorta... " and "So, where are you?... Yeah, I'm on the train/plane/highway". I'm sure that 50% of all cell phone traffic is that.

Their concerns about Windows (from the FAQ)

[burgburgburg]

From their FAQ

I noticed that your CryptoPhone is based on Windows CE / PocketPC. Isn't this a security risk?

The current version of the CryptoPhone runs on top of a heavily modified and stripped down Microsoft PocketPC2002 ROM. The reason is that we wanted an affordable and well researched platform that offered sufficient performance for the speech encoding and crypto functions.A Pocket PC based system was chosen as the first platform for CryptoPhone because it was the only sufficiently fast device allowed us to do software integrity protection in ROM and the stripping of unnecessary functions.

The only commercially available alternative at the time of the necessary development decision was Symbian. Symbian is even more closed source (Windows CE is open source for developers in most parts) and was available only on a more expensive hardware platform. There was (and still is) no viable mass-market Embedded Linux based hardware with sufficient performance, stability, hardware integration and availability on the market at decision time, so we were not able to pursue this alternative.

We are aware that there are risks associated with using any Windows platform and we have taken a number of measures to mitigate these risks as best we could. We removed applications, communication stacks and system parts that are unnecessary for the CryptoPhone operation and which may cause potential security problems. You should not install third party software on the CryptoPhone to prevent software based attacks on the firmware integrity. The firmware update mechanism is cryptographically secured.

Re:Their concerns about Windows (from the FAQ)

[jdavidb]

Interesting. They are misusing the term "open source," though. Open source doesn't just mean you get to look at the source code, although that is valuable.

By the open source definition, you can't have such a thing as "open source for developers." An open source license must not discriminate against fields of endeavor.

Re:Their concerns about Windows (from the FAQ)

[Devi0us]

If it runs on Pocketpc, why can't they just make an app that will run on all softphones? Its trivial to intercept the mic and speaker calls and route them through an encryption/decryption routine. Hell, you could use bluetooth for it and just make a headset profile that handles the encryption/decryption. Then you could use your PDA as a handset for your bluetooth enabled phone, with encryption over the public network segment. The PAN would be encrypted as well.

Re:Their concerns about Windows (from the FAQ)

[GigsVT]

It might use ASICs not normally available. Since they mentioned speed of platform, it does seem to imply a full software solution, however.

Re:Their concerns about Windows (from the FAQ)

[aminorex]

They are using "open source" correctly.
They are not using "Open Source", which would
be an incorrect use. ESR does not get to
redefine the English language for his personal
political purposes, sorry.

*yawn* so what?

[Not_Wiggins]

First, cell-phone encryption has AT LEAST been available (weak or otherwise) in GSM since 1990. Sure, it is crackable, but it takes hours to do... making it impractical for eavesdropping on a conversation in real-time.

Ok... let's say you're not happy with the encryption. This product will have use in every part of the world *except* the US because, I believe, encrypted voice transmission is illegal. Heck, there have even been home cordless phones available for years that would encrypt only between the handset and the base station... and you're not allowed to have them in the US for that same restriction.

So... either you're going to spend a lot of money to gain encrypted communication that you could more cheaply acquire with other technologies, or you won't be allowed to use it (in the US) without giving the government a backdoor to listen in. For $4K? Forget it.

Re:*yawn* so what?

this is END-to-END encryption. With GSM and CDMA, the encryption is only over the air. With these "encrypted cell phones", the conversation is encrypted from one phone all the way to the other.

Re:*yawn* so what?

[Not_Wiggins]

My point still stands... it doesn't matter that it is end-to-end... it isn't allowed in the US to go over the airwaves in a manner that doesn't allow the government to listen in if they wish... and if they can, someone else can figure out how to break-in too.

My point is you can accomplish the same thing using cheaper (and legal, via loopholes) methods. For example, why not use your GSM connection (GPRS, to be specific), setup a VPN and use VoIP tech to talk in a completely encrypted manner? Not only would you be able to talk to several people (conference), but you wouldn't be limited to how you connect and chat.

IMHO, it just seems to me that $4K is a high premium to collect from those who don't know there's better (defined as more flexible) and cheaper options available.

Re:*yawn* so what?

and the government is going to enforce that how ?
it doesnt. using encryption is fine over the airwaves unless they catch you.
but if youre using it getting caught for using encryption is a trivial offense.

Re:*yawn* so what?

If that is the law (and I don't see any references in your post), then it wouldn't stand up in court. It's an obvious 1st amendment violation, because it's prohibiting communication. I can choose to talk to someone in person in pig latin, or in 256-bit RSA encrypted code if I want. The government can't just decide that I can't do it over the phone. There is no difference between that and prohibiting the use of swear-words in telephone conversations, or any other words for that matter. Sure they can do it on public TV, but that's because it's public. Public communication becomes subject to a certain realm of law that does not apply to private communication. If there are unconstitutional laws like this, then people, ordinary people, need to ignore them and get them thrown out. The founder of this country were willing to give their lives for freedom. If we aren't even willing to give some money and time, then we're in a sad state.

Re:*yawn* so what?

[randombit]

Sure, it is crackable, but it takes hours to do... making it impractical for eavesdropping on a conversation in real-time.

Actually, A5/1 and A5/2 (the GSM algorithms) can be cracked in real-time.

Re:*yawn* so what?

" I believe, encrypted voice transmission is illegal"

You made that up. Show me the law or retract your statement. I'm posting as AC because I have mod points and wanted to give you a chance to correct yourself before modding you down.

Encryption Cracked!!

[Rick.C]

They just translate everything into Esperanto.

CIA has one too

[October_30th]

NSA Kids page? WTF??

Well, why not?

After all, CIA has a site for kids, too.

Cheaper

[segment]

PGPFone or... VoIP with tunneling... Or... Smoke Signals over SSL and Bongo packets Yes $4000 saved is $4000 more worth of starbux cappucinos

What about GSM?

[TwistedGreen]

Wasn't GSM supposed to be encrypted as well, but the algorithm was found to be extremely trivial to crack?

How long until that happens with these technologies? I'd hope a long time, for $4000/pair.

Re:What about GSM?

GSM is encrypted.

I know at least part of the encryption has been cracked, in theory. I don't think there are any practical exploits... it certainly wasn't "trivial".

It doesn't matter for wiretaps though, the encryption is only between the handset and base station. Voice and data still goes unencrypted over the regular phone lines...

Re:What about GSM?

[TwistedGreen]

Ah, okay. I'm based my post on something I heard years ago, and I received the impression that it was a trivial "there goes GSM's security" crack.

I was wondering when someone would finally start encrypting the content rather than the signal. Though maybe we don't want to get into the whole Clipper Chip thing again.

Re:What about GSM?

GSM IS encrypted, but only when the conversation is transmitted over the air (i.e. between the phone and basestation/big antenna overlooking your house). It is decrypted at the sender's basestation, travels through the PLMN to the receivers basestation, where it is encrypted again and decrypted at the receiver's phone

Re:What about GSM?

actually, depends on what you mean by trivial. for the most part, tapping into a GSM conversation would involved having to know the frame slot (channel) being used by the mobile, you would also need to be in sync with the base station and mobile, you'd have to work a hash function out backwards to obtain the encryption key (which change every 3ish hrs). to my knowledge this is how GSM security works:

secret key stored in SIM and the network AUC. this is then multiplied by a random number then passed thru a hash function to obtain another key, which is used, along with the frame sequence number, to encrypt the conversation. so 'tapping' a conversation just over the air waves is probably not so easy and requires some trickery, and thats why when the [insert favorite government agency] want to tap a converation they just do it via the phone company, who can just decrypt the conversation for them.

Re:What about GSM?

[babyrat]

$4000 per pair is NOT really that expensive - look at the list price of current phones - they are generally $300->$400 for a relatively fancy one, and over $500 for the PDA versions.

So $2000 vs $500 is not that big of a deal, especially for the corporate execs will find this very useful (or at lesat NAH6 will be hoping they find it very useful). After all they are spending the peons' raises and not their own money :)

It'll secure my business!

[Valiss]

Yeah, selling drugs has never been easier or more secure!

Re:It'll secure my business!

[geoffspear]

Yeah, it would be really effective to require all the junkies you're selling the drugs to to carry around a $4000 phone so they can get in touch.

Re:It'll secure my business!

[kaltkalt]

Yah... shit, you could pawn that phone for fifty bucks. Quick dope money.

Here is the URL of the company

[Fefe]

Cryptophone.de

It's actually a division of a privately held German company called GSMK.

Re:Here is the URL of the company

[daniel23]

Yes, and one of the owners of that company and co-developer of that phone is Andy Mueller-Maguhn, speaker of the German chaos computer club (ccc) and until recent one of the elected ICANN directors.

There is some more info in German at heise

MOD PIZARENT UP

omg thank you. some trolls are worth havin for sure

give it time

[obsid1an]

You got to start somewhere. Odds are, the technology will advance to where you can connect to anyone, and then start encrypting the call assuming the other cell phone has some standard chip to do so.

How secure is it?

"The Microsoft-based XDA handheld computer phone made by Taiwan's High Tech Computer is selling for 3,499 euros ($4,121) per two handsets."

So, it's MS-based... How secure can it be?

Government.nl

[r84x]

The reason the link in the article is FUBAR is because it was spelled goverment.nl, missing the n. This one works: link

No way. NL is up there

I'd think SOME US agency would be doing it more than any NL agency would be.

No way. The National League taps every phone call in the US. They, along with the American League, want to make sure no one is rebroadcasting baseball games without their express written consent.

And implied, oral consent doesn't cut it with those guys.

Oolcay!

[Chibi]

Cryptedenay Onephays!

Mod Cellphone Encryption 'Overpriced'

[Mulletproof]

So we're basically talking $300 nice cellphone and another $3700 just for encryption? I know we're overpricing in the name of security, but doesn't that strike anybody else here as a tad extortionary??? Hard telling who their customer base will be with that sort of price tag...

Encrypted Cell Phone?

[xmda]

Hmm... How the hell do you use an encryptet phone? I didn't think that you even *could* encrypt physical objects... (sorry, couldn't resist)

GSM is encrypted

[dabadab]

Actually, we are there. GSM is encrypted and it does frequency-hopping. The only point where it is vulnerable is at the provider's site: and that's exactly where it is tapped :)

Re:GSM is encrypted

[ckaminski]

Which is why you encrypt the payload, and not the envelope. Same as email. The headers are all decrypted, for deliver, yet the payload, the actual message, that's what's encrypted. They can tap your line all you want, but if they don't have the keys to your conversation, they're phucked. :-)

Re:GSM is encrypted

[Shanep]

They can tap your line all you want, but if they don't have the keys to your conversation, they're phucked. :-)

The encryption of GSM phones is only between the handset and the base station that you are currently connected to. The data is decrypted at the base station to be injected raw into what is typically digital packet switched PSTN nowdays.

The telco has the keys to your encryption with GSM, but does not need to go out of their way to actively use them to eavesdrop on you, because decryption is *required* to get onto the PSTN (it's a part of the system).

The psuedo random number generator used in GSM phones is a very weak sandwich of (3?) short linear feedback shift registers, which are initialized with your IMEI from memory (or something that simple).

This is designed to prevent any lay man with a radio scanner from listening to GSM phone calls. The fact that the transmission is digital, spread spectrum and encrypted makes eavesdropping difficult (but not impossible) to everyone but your telco/government.

Even if you call GSM to GSM and both handsets are connected to the same base station, still you are not assured of communications that are secure from your telco/gov or another very commited eavesdropper with enough money to break your weak security.

Re:GSM is encrypted

[dan_sylveste]

Sectra builds GSM-phones with advanced encryption. See http://www.sectra.se/security/

Same thing could be done for hybrid phones

[DrXym]

Each month sees more and more Palm / PocketPC / Phones on the market. Why not just write an app for one of these that encrypts and decrypts and sends the stream as data or VoIP?

smartphones will eat these..

[gl4ss]

this is a market that will die quite fast quite soon(in few years) because then it's just a matter of getting the right software for the phone(heck, it already boils pretty much down to that).

How will you verify keys?

[whois]

Nobody verifys keys for webpages, email or ssh right now. How many times have you seen "HOST KEY HAS CHANGED" or "host key not found" and typed "yes" anyway?

The good news is that if people really understood crypto, key exchange would be easy. You meet in person, establish a bluetooth link, swap public keys and verify fingerprints.

The bad news is that nobody will do this, or the phone won't support it (article didn't say how key exchange happens)

So when Joe calls and it says "incoming encrypted call" are you going to answer it because you know and like Joe, even though you've never exchanged keys with him?

Key exchange can't be done through a trusted third party (except the company you work for) because there is no trusted third party. Even if you trust Bob, and he trusts Mary, you don't know where their dirty phones have been.

If your work is the trusted third party, they'll probably hold copies of your private keys so calls can be monitored later if needed. (Hopefully the phone ethier allows you to generate a new key whenever you want, or doesn't allow exporting of it's private key. Hopefully both)

Don't get me wrong, I want one. Real bad, but not $4k bad, not to test out someones (probably flawed) cryptosystem.

Even if they understand crypto and got it right, the user still has to understand it to make it all work.

If I had about 10 of these I'd give one to each of my friends and make sure they only accept encrypted calls from known keys. I'd also make the screen light up in red or green or something to show it's an encrypted call.

Then we could talk about Joe behind his back, with no chance of interception from governments.

So yeah, anyone got a real use for these?

Re:How will you verify keys?

you know joe.
joe knows you.
you exchange keys.
joes voice is different.
you delete the keys.

or...
joes voice is the same.
you verify keys are ok.

Re:How will you verify keys?

While your concerns are valid (and another poster has already commented on them), cryptography isn't only used for authentication. It can also be used for secrecy.

Let's say you enjoy having privacy. Further, let's say that you get an encrypted call. Now, if you don't know who it's from, you can still accept it on the basis of maintaining your privacy. That's right: crypto can keep people from listening in. Of course, it doesn't help if the other end of the line is recording the call, but that's a problem no matter what.

Re:How will you verify keys?

[GoofyBoy]

>you can still accept it on the basis of maintaining your privacy

Not really. You will still be vulnerable to man-in-the-middle attacks.

1. Some one calls you.
2. Evil person intercepts it. Decodes it, reads plain text. Encodes it with his own key.
3. You recieve message encoded from Evil person. You decode it, read it, encode it with your own key. You send it to who you recieved it from, Evil person.
4. see step 2.

As you can see Evil person can read everything you are transmitting and recieving, not much privacy. Although I'm not 100% sure that this would apply here.

Re:How will you verify keys?

[^MB^]

This is something that has bothered me about crypto phones in the past.
Key verification usually isn't handeled all that well on mobile devices.

From reading the pdf and making some logic leaps this is how i think they handle key verification:

Looking at the DH to encrypted data tree, the DH key gets hashed broken up and passed off to be the AES key, the twofish key and to the user. There is a little user picture and the key is heading to the user!
hummm, interesting.

So the user gets to see part of hash, then what?

On the larger phone images you can clearly see a "you say: XXX" and "partner say: XXX"...
It seems that the user would read off a sort of challenge and responce for the key (text not hex), which i _hope_ would scroll on to show a lot more charecters. I would also guess that it probably is based of hash that 'goes' to each user.

The crypto scheme doesn't seem to have any capabilites for signing the DH key. The DH key changes every time a phone call is made. This leaves me with only one conclusion, the user has to read off the string every time.

This seems to be a large user interface weakness with the phone, as most user would get very tired of reading off a number of phrases before starting each phone call... or perhaps even worse the DH key is hashed into only six chars.

Well, I could be completely off base...or then again not.
-Nick

Re:How will you verify keys?

[wfberg]

The bad news is that nobody will do this, or the phone won't support it (article didn't say how key exchange happens)

So when Joe calls and it says "incoming encrypted call" are you going to answer it because you know and like Joe, even though you've never exchanged keys with him?

The key exchange is done using Diffie-Hellman. You read out checksums to each other to verify that there is no MITM. Assuming you know Joe's voice it works OK, but it seems a bit tedious in the long run.

Re:How will you verify keys?

[Adam9]

Nobody verifys keys for webpages, email or ssh right now. How many times have you seen "HOST KEY HAS CHANGED" or "host key not found" and typed "yes" anyway?

Nobody? Maybe the people who don't care. I use SSH for a reason. I never thought that someone would try to do anything malicious until a week ago. A week ago, someone in my dorm tookover my i.p. and had a sshd running. I was connecting to it from another computer in the same building, and I got PuTTy's friendly warning about the host key changing. What did I do? I clicked abort, exited the program, went back to my room, and investigated the incident. Anyway, my point is that I hope most people don't blindly click OK.

Re:How will you verify keys?

You obviously don't understand the problem. Read up about encrypted communication and you may begin to understand the key-exchange problem. Basically you can't exchange keys across an insecure medium. You can't make the network link secure until after you exchange keys. Therefore you must exchange the keys in person. You may be able to verify the signature of the key by asking joe to read it to you across the phone, making the assumption that faking joe's voice would be difficult. Otherwise you open yourself up to man in the middle attacks.

Re:How will you verify keys?

Nobody verifys keys for webpages, email or ssh right now. How many times have you seen "HOST KEY HAS CHANGED" or "host key not found" and typed "yes" anyway?

When I use ssh, the only time I accept a new key is when I log on for the first time from a machine. I admit there is a window of opportunity there. If I get a new key or something like that, I always check with the sysops to see if I'm supposed to get one.

Ofcourse, it someone would find a way to reroute my telephone call, I would be screwed, but that is a pretty complicated middle man attack!

Matching handset?

[MongooseCN]

Of course, the matching handset will decrypt the message.

As opposed to those phones where the matching handset doesn't decrypt the message. Too bad the market for those isn't larger. I have quit a few algorithms that can encrypt voice into something that can never be decrypted.

Re:Matching handset?

[nmg]

[i]That[/i] sounds useful.

"targeted at business executives"

[v_1matst]

yea... but they really mean drug dealers, terrorists, etc.
Don't get me wrong, I think personal privacy is very
important (for individuals as well as 'executives'), however
I think this technology is just begging to be abused.

just my 2 cents...

Terrorists? Give it a rest.

[mindstrm]

Get real.

Look.. law enforcement snoops on phones because they can, not because from day 1 it was required by law to let them. Yes, there are rules in the US and elsewhre that require companies to make it easier for law enforcement to snoop.. but still.

Just because some form of communication exists does NOT mean you need to make it's contents available to the government upon request.
You have the RIGHT to encrypt your communications, and keep them private, as do terrorists.

I think maybe you are a troll, though.

Re:Terrorists? Give it a rest.

[Cramer]

According to CALEA requirements, if the telco knows the encryption codes, they must hand them over when presented with a tap order -- or deliver decrypted data.

And in the US, encrypted radio transmissions are illegal -- that's why current cell phones don't have any encryption at all; they rely on spread spectrum tricks to make it hard to listen in (and it isn't that hard.) As the FCC licenses the spectrum used by cell phone carriers, there may be some steap barriers to deployment in the US.

Re:Terrorists? Give it a rest.

[42forty-two42]

And in the US, encrypted radio transmissions are illegal

Does this mean SSL over WiFi is illegal?

Re:Terrorists? Give it a rest.

[Cramer]

No. As has been repeated for years in HAM circles... this is not illegal as the radio is simply transmitting the bits exactly as it received them -- i.e. something else encrypted the bits.

(WEP does muddy the water. But it's rather simple to break, so I doubt the .gov boys care.)

In the context of the cell phone, the entire thing is one unit. As such, the scambling of a voice call is prohibited -- the radio is the device doing the scambling. (even when it's digital cellular network.) The GSMK phone cleverly uses a loophole (albeit a small one)... it makes DATA calls.

first time I've ever seen pidgin pig latin

If the word starts with a vowel, 'way' is appended to it, but it is otherwise unchanged.

Encryptedway Honespay.

Encryption

[Detritus]

Encryption isn't illegal, except for a few limited cases, like amateur radio. The government is more subtle than that. If you are doing something that needs a FCC license, type acceptance or other government paperwork, your paperwork will be approved much more quickly if you have a "cooperative attitude".

Re:Encryption

[Cramer]

... where "limited cases" are all public, unlicensed bands, and any licensed spectrum where the license doesn't (specifically) allow it. This covers HAMs, the aforementioned cordless, and most cell networks. (however, I'd have to go fish through the FCC records to see what they are currently allowing -- GSM's "encryption" included.)

Re:I for one welcome our new cryptographic overlor

[Greyfox]

Funny, these not being available at the time didn't help catch the last batch...

Nothing prevents people from meeting in parks or isolated areas and planning out a crime in private. If you send out a coded message it doesn't matter if it's encrypted or unencrypted, no one but your target party is going to understand what you're talking about.

Outlawing crypto will not prevent crimes from taking place and it will not help law enforcement stop those crimes. It will just stop the use of cryptographic methods for the useful things that cryptographic methods are good for, such as verifying identity and keeping your personal information safe from identity thieves. And you know identity theft is a major problem when you start seeing television commercials about it.

I suspect that the law enforcement entities complaining about crypto are trying to draw attention away from their short comings. No one wants to do any work -- they'd rather everything was just handed to them on a silver platter. If crypto is outlawed worldwide tomorrow, the same enforcement officials currently complaining about crypto will probably start whining about something else making it impossible for them to do their job. They'll probably want to outlaw meeting in parks or isolated areas. Sorry, but I'm not buying it.

So what?

[Shoten]

This technology has been around for years. Motorola, for example, has made phones with native encryption capabilities built in, and plug-on encryption modules for normal phones. This goes back all the way to encryption modules for the original "brick" phones. While marketed towards the federal market, all but the highest (STU-III capable, I think the standard is) have been available to anyone who wants to buy them.

Steganography

[Cee]

Now imagine a steganography-capable cell phone! The wire-tapping people wouldn't even know the call is encrypted and just hear a totally different conversation.
(And yes - if someone tries to patent this, this counts as prior art)

"I CAN'T HEAR YOU..."

[freeze128]

"I'm using the SCRAMBLER..."

Great

[Remlik]

No for the low low price of $4k anyone(terrorists/drug dealers/mafia) can keep their conversations(plots to kill people/drug shipments/sports gambling) private(don't let the CIA/FBI/INS...know!)!

I can't beleive anyone(criminals) could have survived without these babys! I'm going to run right down to my local Radio Shack and get a pair!

Yikes! Tubgirl!

[EnglishTim]

I don't think anyone with that in their signature should be allowed to get a +5 modded comment. Luckily I was able to close the window before more than top inch of the picture downloaded, but I almost had a great deal of embarrassed explaining to do to my wife...

So, er... +1: tubgirl

Re:Yikes! Tubgirl!

Funny I only got a blank window. Looking at the source, it uses javascript to forward my browser, something I don't allow. That's as far as I'm willing to go. I'm not about to turn off my "protection".

Re:Yikes! Tubgirl!

Not to mention that the comment was not insightful in any way. In fact it was stupid.

Re:Yikes! Tubgirl!

[Mad+Marlin]

What really doesn't make any sense to me is why, in a picture like that, is the vagina blurred out? Did the person who took the photo think it would be inappropriate to show it?

OT: The FSB is only half of the former KGB

[burgburgburg]

As discussed here, the KGB was split into two organizations: the domestic security service, the Federalnaya Sluzba Bezopastnosti (Federal Security Bureau or FSB) and the civilian intelligence service, Sluzba Vneshnei Razvedka (SVR).

What ever happened to Starium?

There was an interview article about a year ago with Eric Blossom of Starium, and I posted a question asking him about what happened to Starium, but it got modded down. Does anyone know what happened to them? They had a product that seemed like it was "in beta" for years, people used it and loved it, some companies were about to start selling it, it was reasonably priced (several hundred dollars/unit), but somehow it never made it to the market. Any word? Fyi, the url was: www.starium.com.

How is it non-enforceable?

[melted]

You can only use GOST and several other government approved encryption schemes/algorithms. That's it. And if they catch you with this phone you'll be in prison. If they can't wiretap you using SORM (Sistema Operativno Rozysknikh Meropriyatii - Operative Investigation System) you're against them, and if you're against them, you're in trouble.

Re:How is it non-enforceable?

[in7ane]

Could you please provide a reference to a law? (I've got a copy of the Russian criminal code here - it's quite thin and doesn't seem to have anything remotely like what you mention in it - maybe on closer inspection...)

Re:How is it non-enforceable?

[melted]

Order #334 issued by Russian President Boris Yeltsin on April 4th 1995 explicitly prohibits "juridical and physical entities" from "developing, manufacturing, selling and using" crypto stuff without a license issued by Federal Agency of Communication and Information (aka FAPSI). Just look it up on any Russian search engine. Please note, that even if you're _using_ cryptography without a license, you're doing so against this order (which pretty much means "against the law"), and you can be punished by whoever wants to punish you at any time. That's how Russian legal system works. There are lots of laws that are impossible to abide by, so people break the law pretty much every day. When the time comes and they want to fuck you up, you'll get it all the way up the rectum.

A new commercial!

[grasshoppah]

Scene: A youngish, slightly geeky guy wandering with his cell phone. Enters from the right.

guy: "can you hear me now?"
phone: "!@$(U*HAa9810"
guy: "... good?"

NSA

Silly American Pride.

Lets rock!

[t_allardyce]

Most new phones nowdays can have new software installed - they are basically becoming PDAs that just happen to have a certain type of wireless port so isnt it entirely feasable that soon you could just download an encryption app onto your phone and then your talking securely for free :) Im sure certain people will make it their prime job to stop mobile manufacturers from allowing API access to the mobile functionality of the phone to stop this but im sure people will tell them where to stick it. With bluetooth and cameras and all the funky things modern phones have they could easily take advantage of some very cool killer apps - N-gage hacks are just the start.

Why terrorists won't use them

[JakiChan]

They're not necessary. As any Tom Clancy fan knows proper tradecraft can provide more than adequate privacy. So you can outlaw this for business folks but it won't stop Mr. Terrorist.

Mr. Terrorist gets a cell phone with the number 555-222-2048. He knows it could be tapped. But one day he gets a call and the person says "Oh...I was looking for 555-222-2084." "Sorry, you have a wrong number." Of course that's a pre-arranged signal, with the 2084 being agreed upon in advance.

Yes, encrypted cell phones could make it easier for terrorists, but the real dangerous ones have excellent tradecraft anyway so it doesn't really matter.

It was a joke. Laugh!

[Ungrounded+Lightning]

Get real.

[Long, cogent answer to "what about terrorists" and assertion of the right to encrypt communications deleted.]

I think maybe you are a troll, though.

As I read it, the part about terrorists was obviously a subtle satire. Note the links to the four agencies he proposes should have a back door to let them tap phones and stage preemptive strikes (spoofing the original article's linking to, rather than naming, the NSA and the Netherlands government). The four agencies are:

- NSA: The National Security Agency,
- FBI: The Federal Bureau of Investigation,
- CBS: The Columbia Broadcasting System, and
- ALF: The Association of Libertarian Feminists.

(And I hope I havent wrecked it for anybody by explaning the punchline. *I* thought it was a scream. B-) )

Key Demographic

[t0ny]

With a $4000 pricetag, something like this is only in the reach of drug dealers, terrorists, and other hardcore criminals.

Dont let this prevent you from sleeping at night!

Security on a cell phone?

[wcbarksdale]

HI HONEY. YEAH, I'M IN THE MOVIE THEATER NOW. OH, I'M FINE, THE HERPES HASN'T BEEN ACTING UP LATELY. YOU WANT ME TO PICK UP SOME CONDOMS ON THE WAY HOME? SURE THING. OK, SEE YOU THEN. HEY, IT'S A GOOD THING WE GOT THE ENCRYPTED CELL PHONE, WOULDN'T WANT ANYONE LISTENING IN.

(lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance)

Can be switched off without notification!

[chrisvdb]

Mobile phones switch off this encryption on simple request from the antenna responsible for your cell. Most phones don't warn for this. The encryption is then put off for all users of this cell.

So maybe a phone with p2p encryption is useful afterall?

Would this be possible in software? For example in for the Sony P8/900? Or do we have to wait a couple of cpu generations before this will be possible?

Chris.

go gongrijp!

Ah, good to see that one of the xs4all.nl hackers/funders/millionaires is still active.

Re:I for one welcome our new cryptographic overlor

[halo1982]

Anyway, seriously, while I see the issue about cryptography preventing terrorists being phone tapped, i'm less than enthusiastic about them being able to tap just anyone.

For that matter the ability of any kid with the right equipment to pick phone conversations out of the air, like that record that got released a few years back...

Yes, any kid with the right equipment can pick up your phone conversations. But if that kid has the resources to illegally acquire $100k equipment and wants to listen in on your phone conversation you probably have other things to worry about.
Old analog phones could easily be tapped into, but todays digital CDMA and GSM phones use many encryption methods (dynamically changing keys, etc....CDMA moreso than GSM..especially now that GSM has that vulnerability...which even so makes it REALLY difficult and pricey...but anyway) to keep this from happening. Usually its just easier to subpoena the phone company to have the line listened to.

Not the first

The Siemens S35i had integrated hard encryption a year or two ago in GSM phone. Again, this isn't news.

PGPFone.

[caluml]

You can download PGPFone for free or do what I did involving cat'ing dsp through the stdin of gpg, and into netcat, and the reverse at the other end. Can't remember the exact switches - man gpg, and man nc.

compiler?

[Dare+nMc]

> we're the only ones who publish the source code,'

as a embedded programer, I always found that a bit useless. unless you can verify the md5 sum from reading your compilation of the source, or completly reload the phone after you compiled it. then saying this is secure because we showed some source, used at some point, is not much more than having it closed.

Where's the source again?

[Mike+McTernan]

Looking over the site, I found this where I was expecting to download the source:

"We are currently performing a internal round of reviews with a expert group of security researchers and cryptographers. Depending on the results of this review and the time it takes us to implement the relevant recommendations, our current plan is to have the Source available for Download"

So it sounds like they plan to publish the source if no flaws are found, else they will not i.e. security though obscurity :(

Incidentally, I was wondering how this could work, being that the stuff transmitted to/from the network on a digital cell phone is already encoded for speech and can't really carry much data, and can only be encrypted if the network chooses. I'm guessing that the way it works is to setup a GSM (it's european right) circuit switched data call and use that as the transport, effectively giving voice over IP. I would imagine that the call quality will drop in this case, since various things are done differently in the network for data as opposed voice, and I would expect a higher latency and much less guarantee over how the network will handle the data; in short, it's a hack that might not work too well in practice...

Four years after Sectra

[Chainsaw]

Swedish company Sectra released their secure GSM phone named Tiger in October 1999. This phone was in use by the Swedish military before that, too. And you don't need some shoddy Windows implementation for the encryption.

Re:Four years after Sectra

[aminorex]

Except you can't buy it.

Unless you have a military alliance with
the U.S., that is.

I don't.

Re:I for one welcome our new cryptographic overlor

[ckaminski]

You say this in a day and age when people are building cruise missiles for under $5000, and building homemade scanning tunneling electron microscopes.

Nothing a good set of radio receivers and a few moderately powerful computers cannot fix.

Encrypted cell phones are nothing new

[ksorim]

Encrypted cell phones has been around for quite some time now. The Tiger cell phone from Sectra Communication Systems has been available since 1999.

Some details

Dutch tv covered the story (wmp version there for those who care for an some questions answered by Rop Gonggrijp). Only thing it mentioned is that people have to tell each other a "fingeprint" after establishing a connection (Which might imply it could be done over the encrypted phonecall which would make a mitm attack possible for those who can generate a familair voice reading numbers in time). Mitm attacks on the radio side of a gsm call are possible and well understood, afterall base stations are not authenticated in any way. Anyway, just check the specs now (AES256 and Twofish,4096 bit Diffie-Hellman key exchange with SHA256 hash function,Readout-hash based key authentication, 56 bit effective key length, encryption key is destroyed as soon as the call ends). Or just get the source later. The readout sounds great if you can arange a "secret" meet, otherise key signing might be needed.

Ofcourse those who watch netwerk (the dutch tv show that made all the fuss) more often know that it could not be bothered to verify this "First crypto phone" claim by, say, asking google which reveals profesional stuff based on normal gsm`s instead of this big/exspensive pda hack (Just as the GSM spec is professionally developed) and even homebrew projects free of the same susspicion that surrounds the normal gsm crypto which ends at that base station and is no use for those afraid of telcos involved in snooping. Many are required to by goverments who dont feel like having to have people go around capturing calls on the radio end with the limited range of gsm sets.

real programmers

[apankrat]

Real programmers don't use compilers. Good old

c:\>copy con program.exe

works just fine.

Rob Gongrijp background

[rigolo]

For those that are worried about the security of these product should lookup Rob Gongrijp with google. He is one of the original founders of XS4ALL, one of the first dutch ISP and well known for his Hactic magazine on hacking. He ran a white hat hacking company wjere he was hacking companies for money to check their security. So if he is behind it, you can be pretty sure that some solid check and double check on the security was done.

PGP Phone

[hikerhat]

Anybody every use it before its apparent demise? http://web.mit.edu/network/pgpfone/

Interesting link

[Pan+T.+Hose]

Cryptanalysis of the Cellular Message Encryption Algorithm by David Wagner, Bruce Schneier, and John Kelsey is worth reading, if one don't know the status quo of cellular encryption.

Re:Interesting link

Hey, that's a great paper. Gives great insight into cellular crypto. Thanks. Why the hell is it Score:1? Why do I have to browse below +4 threshold to find such links like the above? What the hell has happened to Slashdot? Thanks once again.

Amusingly?

[Dessignator]

An arguably dated New York Times article:

"In absolute figures, the Dutch tap three times more phone lines than the U.S. agencies. Imagine if you correct this figure for the population's size," ...

A broadcast of Netwerk (a critical dutch news service) this week, stated again that the dutch police were more Orwellian regarding to phone-tapping than the US. In absolute figures! The police were also criticized for being too focused on tapping phonecalls for criminal investigation. Now encryption can rule out the means of phone-tapping, the investigation process can be crippled by a large extent.

Hate to be voice of reason...

[SAFH]

Ok, so there's several questions about this.

First, if you read their FAQ, they state embedded linux doesn't exist - yes it does, STFW.

Second, yes - it's cool, but this has been available for a while, at a comparable price.

Blah.

Why so expensive?

[chhamilton]

Wouldn't this be trivial to implement? Imagine a very simple (closed) system consisting of cell phones on a standard digital network. You and a friend could decide to share a 'key' (which you manually type in to your phones, and associate with the other persons number). When you dial each other, your phones (recognizing which phone, by it's number, is on the other end), automatically applies some private-key non-expansive encryption algorithm to the compressed audio.

I have no idea of the data format or protocols involved in cellular communications, but assuming the phones were on the same network and spoke the same algorithm, then you could easily have encrypted calls from any two handsets.

Heck, this may even be possible through a simple cell-phone firmware upgrade, and nothing else. And I'm sure there are people out there who have reverse engineered the firmware on some cell phones (just like most handheld electronic devices out there).

Anybody with a little more knowledge know if something like this is possible?

Don't follow the link

it's in chinese. you wouldn't be able to read it.

Interesting business plan...

[Bomb-19]

Now there's a business plan. Create an encryption enabled device and offer it for sale at a VERY inflated price. All the spook agencies will of course want to find a way to listen in so they'll have to order a set or two no matter what the cost. Anyone want to purchase a pair of my new encrypted FRS radios at say $27,000 per pair? Each radio comes with a "encryption" cloth that you place over the microphone...

Keep Secrets Secret

[Pan+T.+Hose]

No, not quite true. The strongest encryptions are not based on no one knowing the algorithims - in fact most cryptographers do not regard an algorithim as secure unless it has been exposed. The strength lies in the keys generated.

Actually, the algorithm might be secret, but in that case it has to be:

1. kept secret
2. easy to replace in case it is no longer secret

So in other words, if you have a secret algorithm you have to handle it just like the keys, i.e. distribution of such an algorithm as part of software package is absolutely unacceptable.

One could argue that a public algorithm plus the key is in fact a secret algorithm. That's true. But keeping the keys secret and easily replaceable is all one needs to do to make this algorithm+key combination secret, if the algorithm itself is designed competently, like AES or Twofish.

Just keep secrets secret---that's a no.1 rule of cryptology.

Re:Keep Secrets Secret

I totally agree. I can see you've read Applied Cryptography by Bruce Schneier or the Handbook of Applied Cryptography by Menezes, van Oorschot and Vanstone. Too bad that your comment while finally saying the most important thing about crypto algorithm secrecy was modded as only (Score:2, Informative). If Slashdot moderators knew anything about crypto, it would've been modded as (Score:2, Insightful). I just wanted to say that some people understood your comment, even if they are not moderators.

why the hardware

[0ptix]

from a cryptographic point of view there is a rather strong argument for the need of actual hardware. in a purely software solution (i.e. determinisitic) it is imposible to create random numbers which are essential to any cryptographic protocols.

one improvment is to have a small (and individual to each piece) random number stored permanantly on board sellected in the factory. this is how smartcards and atm cards do it. (your public/private keys are the random nubers). useing appropriate random number generators the secret random seed can be securly extended to any required amount of random bits (though for this a state must be stored which is again vulnerable to attack as it gives everything away).

the other problem with that solution is the important and all knowing role which the factory plays. this is not only a single point of failure but comercialy unviable for products whos selling point is security from EVEYONE. thats the real advantage of a true hardware random number generator on board each and every device. only like that can one really gaurantee that the cryptographic protocols implented are as secure as they're proofs claim

(as an after thought u could always just leave the security of chooseing a truely random seed to the user of each device. "enter password:") *g*

Gongrijp

[groomed]

Gongrijp knows what he's talking about. He was one of the founders of Hacktic magazine, a "magazine for techno-anarchists" that was published from 1989 till 1994. Hacktic publications included schematics for pay television descramblers, detailed expositions of operating system vulnerabilities, articles on "social engineering" (I think they might even have coined the phrase), and numerous topics on hacking the phone company ("phreaking") and war dialing.

These guys have also organized some huge hacker conferences such as Hacking at the End of the Universe in 1993 and Hacking In Progress in 1997 (I was there in '97). Later Hacktic professionalized and they became the first ISP in the Netherlands. Still later that turned into XS4ALL, probably the best ISP in the Netherlands.

Through everything, Gongrijp ("Public Enemy #1") was a driving force. If he says the phone is secure, then that's a pretty damn strong endorsement.

More questions than answers

[tgt]

No word of what kind of a hardware the phone is built on. AES may be fast in both software and hardware, but 4096 Diffie-Hellman is a lot of computations.

How the DH keys are generated ? Does the phone come with factory pre-generated keys built-in ? That would be some privacy ! The best way as I see it would be for the phone to be able to connect to PC and upload the regular PGP key or some other key, probably certified by some CA. Then again, what CAs will the phone understand ? I bet "Cryptophone CA" only. Then what ? You'll have to certify the key I generate with them ?

Enough with the crypto. Who says they will listen to the cell phone's traffic ? The user is still talking aloud, so why not intercepting the voice with sensitive microphones from 100s meters away, rather than decrypting GSM packets ? You lose all convenience of a cell phone, because each time you want to securely talk to someone you have to go in a specially shielded concrete bunker... or, will cell phone work from a concrete bunker ?

Re:More questions than answers

[tgt]

Oops... Should be
You'll have to certify the key you generate with them ?

No they aren't

[Goonie]

The term "open source" did not exist when Raymond, Perens, and co. devised it in 1998 (or so). The creators of the phrase specifically intended it for software that met the Open Source definition (ie GPL'd, BSD-licensed, or similarly-licensed software).

They didn't attempt to redefine the language for their personal use, they invented a phrase to describe a concept.

Not the first time

[martingunnarsson]

A similar solution called Tiger was developed for the Swedish armed forces several years back, and was released in a "civilian"-version in 2000. Just like these new phones the old ones was sold in pairs, and they weren't cheap!
Check this out: Sectra, the manufacturer of the Tiger.

Simpler solution

[Zog+The+Undeniable]

Speak in Swedish. No-one bothers learning Swedish except the Swedes.

Seriously, how can you ever really encrypt anything that can be heard by a human? It might work in transmission, but the phone can still be bugged, which is pretty trivial to do.

Isn't GSM encrypted by default?

[kalleh]

I was under the impression that GSM is encrypted by default. I even recall a story where the KGB requested russion operators to cancel encryption in their networks to be able to tap the maffia. Anyone?

Nothing new...

[Eminence]

GSM phones with encryption have been available for years, only not known to the general public. I learned of them when I worked at an GSM operator and it turned out that the military was buying some so that generals could chat securely over GSM (which was cheaper for the army than to build & maintain their own mobile network). These units are basically normal GSM phones with hardware based voice encryption added.

How to drive away my car

[peete]

My car key throw to lose, howing to start my car?