Encrypted Cell Phone Hits the Market

notshannon writes "Reuters reports about a new cell phone which automatically encrypts communications. Of course, the matching handset will decrypt the message. Security doesn't come cheap, around $4000 per pair, but it's probably as reliable as anyone in these parts could wish. Favorite quote: 'We allow everyone to check the security for themselves, because we're the only ones who publish the source code,' said Rop Gonggrijp at Amsterdam-based NAH6. Amusingly, the article cites government.nl and not nsa.gov as the world's most prolific phone tapper."

More information

[DerOle]

see this page for further information (in English).

Pictures of the phone....

[OctaneZ]

can be found at CryptoPhone's Picture Page

looks like one of those phone/PDA's in one.

Their concerns about Windows (from the FAQ)

[burgburgburg]

From their FAQ

I noticed that your CryptoPhone is based on Windows CE / PocketPC. Isn't this a security risk?

The current version of the CryptoPhone runs on top of a heavily modified and stripped down Microsoft PocketPC2002 ROM. The reason is that we wanted an affordable and well researched platform that offered sufficient performance for the speech encoding and crypto functions.A Pocket PC based system was chosen as the first platform for CryptoPhone because it was the only sufficiently fast device allowed us to do software integrity protection in ROM and the stripping of unnecessary functions.

The only commercially available alternative at the time of the necessary development decision was Symbian. Symbian is even more closed source (Windows CE is open source for developers in most parts) and was available only on a more expensive hardware platform. There was (and still is) no viable mass-market Embedded Linux based hardware with sufficient performance, stability, hardware integration and availability on the market at decision time, so we were not able to pursue this alternative.

We are aware that there are risks associated with using any Windows platform and we have taken a number of measures to mitigate these risks as best we could. We removed applications, communication stacks and system parts that are unnecessary for the CryptoPhone operation and which may cause potential security problems. You should not install third party software on the CryptoPhone to prevent software based attacks on the firmware integrity. The firmware update mechanism is cryptographically secured.

Re:Props to NAH6...

[gnu-generation-one]

"for doing a PGP extension to Mailman."

PGPi itself always had the PGPFone module, which can either encrypt a telephone line (your modem dials their modem) or handle internet calls (useful for people whose families are abroad)

Download it here, including source-code.

Encryption

[Detritus]

Encryption isn't illegal, except for a few limited cases, like amateur radio. The government is more subtle than that. If you are doing something that needs a FCC license, type acceptance or other government paperwork, your paperwork will be approved much more quickly if you have a "cooperative attitude".

Re:Responsibility

[Brandybuck]

it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.

Some quotes from Phil Zimmerman, author of PGP (emphasis mine):

Its personal. Its private. And its no ones business but yours. You may be planning a political campaign, discussing your taxes, or having a secret romance. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don't want your private electronic mail (email) or confidential documents read by anyone else. Theres nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.

If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email?

OT: The FSB is only half of the former KGB

[burgburgburg]

As discussed here, the KGB was split into two organizations: the domestic security service, the Federalnaya Sluzba Bezopastnosti (Federal Security Bureau or FSB) and the civilian intelligence service, Sluzba Vneshnei Razvedka (SVR).

Re:How will you verify keys?

[GoofyBoy]

>you can still accept it on the basis of maintaining your privacy

Not really. You will still be vulnerable to man-in-the-middle attacks.

1. Some one calls you.
2. Evil person intercepts it. Decodes it, reads plain text. Encodes it with his own key.
3. You recieve message encoded from Evil person. You decode it, read it, encode it with your own key. You send it to who you recieved it from, Evil person.
4. see step 2.

As you can see Evil person can read everything you are transmitting and recieving, not much privacy. Although I'm not 100% sure that this would apply here.

Re:Gotta start somewhere

[Anml4ixoye]

No, not quite true. The strongest encryptions are not based on no one knowing the algorithims - in fact most cryptographers do not regard an algorithim as secure unless it has been exposed. The strength lies in the keys generated.

For example, the RSA algorithim is available. But currently most people do not have the computing power necessary to decipher the keys to the transmission.

PGPFone.

[caluml]

You can download PGPFone for free or do what I did involving cat'ing dsp through the stdin of gpg, and into netcat, and the reverse at the other end. Can't remember the exact switches - man gpg, and man nc.

Re:Responsibility

[wfberg]

I am a little concerned, though, that this kind of technology might fall into the wrong hands. For instance, have the manufacturers considered the applications for which terrorists might use these? I hardly think that the NAH6 would like to see their products used to slaughter innocent Americans, or even Amsterdaminians. Encryption is certainly a worthwhile tool, but I think it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.

Real criminals have had access to, say, laptops connected to gsm phones that run speakfreely or simply any voip product over-ssh/ipsec/pptp/whatever for years..

Most importantly though, this cryptophone does nothing to conceal traffic data; i.e. "who's calling who". This information is not much use in corporate espionage, but worth its weight in gold in criminal investigations (and much easier to sort through than voice calls).

Re:Wow! They invented GSM!

[skandalfo]

The GSM mobile telephony system (used everywhere but except in USA and colonies, may God protect their industries from competition), does indeed support cryptography since its very design.

Not only that, but also a pseudo-random frequency hopping feature is also included in the scheme, so that recording a conversation from the radio waves in order to perform a later brute-force attack on it could be made impossible.

There are, however, several problems when coming down to reality in the application of the GSM standard:

• The encryption mechanism isn't an end-to-end one; that is, it secures the handset to base-station link only, and for the rest of the communication path the voice/data travels in plain. The mechanism protects the user from radio eavesdropping only. GSM network land links and equipment must be secured by the operator. When having to tap a phone number, law enforcement organizations have to get the support of the operator, too, but probably insiders would be able to eavesdrop as much as they like.
• Actually ciphering or frequency-hopping are optional features, and I think they're not used by most of the operators in Europe because of technical/cost, legal or political reasons. I know my GSM operator doesn't use them, at least at some cells. I know of cases where the available key-length has been artificially reduced because of political/legal concerns.

So, in a real world where the operator could be trusted and there weren't political restrictions about it, GSM could give the user privacy, but the fact is that it doesn't.

If the devices in the article provide end-to-end, user-controlled crytography, then they have their value indeed.

Some details

Dutch tv covered the story (wmp version there for those who care for an some questions answered by Rop Gonggrijp). Only thing it mentioned is that people have to tell each other a "fingeprint" after establishing a connection (Which might imply it could be done over the encrypted phonecall which would make a mitm attack possible for those who can generate a familair voice reading numbers in time). Mitm attacks on the radio side of a gsm call are possible and well understood, afterall base stations are not authenticated in any way. Anyway, just check the specs now (AES256 and Twofish,4096 bit Diffie-Hellman key exchange with SHA256 hash function,Readout-hash based key authentication, 56 bit effective key length, encryption key is destroyed as soon as the call ends). Or just get the source later. The readout sounds great if you can arange a "secret" meet, otherise key signing might be needed.

Ofcourse those who watch netwerk (the dutch tv show that made all the fuss) more often know that it could not be bothered to verify this "First crypto phone" claim by, say, asking google which reveals profesional stuff based on normal gsm`s instead of this big/exspensive pda hack (Just as the GSM spec is professionally developed) and even homebrew projects free of the same susspicion that surrounds the normal gsm crypto which ends at that base station and is no use for those afraid of telcos involved in snooping. Many are required to by goverments who dont feel like having to have people go around capturing calls on the radio end with the limited range of gsm sets.

Re:Available in U.S.?

From the site

Coming soon: GSMK CryptoPhone 100 US

• ensuring your voice's privacy
• same featureset and codebase as normal GSMK CryptoPhone 100
• works in any GSM 1900 network that provides data call facilities

Can be Pre-Ordered already

But if you ask google nicely you might even find something cheaper.

Keep Secrets Secret

[Pan+T.+Hose]

No, not quite true. The strongest encryptions are not based on no one knowing the algorithims - in fact most cryptographers do not regard an algorithim as secure unless it has been exposed. The strength lies in the keys generated.

Actually, the algorithm might be secret, but in that case it has to be:

1. kept secret
2. easy to replace in case it is no longer secret

So in other words, if you have a secret algorithm you have to handle it just like the keys, i.e. distribution of such an algorithm as part of software package is absolutely unacceptable.

One could argue that a public algorithm plus the key is in fact a secret algorithm. That's true. But keeping the keys secret and easily replaceable is all one needs to do to make this algorithm+key combination secret, if the algorithm itself is designed competently, like AES or Twofish.

Just keep secrets secret---that's a no.1 rule of cryptology.