Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypted Cell Phone Hits the Market

Posted by michael on from the tony-soprano dept.

notshannon writes "Reuters reports about a new cell phone which automatically encrypts communications. Of course, the matching handset will decrypt the message. Security doesn't come cheap, around $4000 per pair, but it's probably as reliable as anyone in these parts could wish. Favorite quote: 'We allow everyone to check the security for themselves, because we're the only ones who publish the source code,' said Rop Gonggrijp at Amsterdam-based NAH6. Amusingly, the article cites government.nl and not nsa.gov as the world's most prolific phone tapper."

9 of 266 comments (clear)

  1. More information by DerOle · · Score: 5, Informative

    see this page for further information (in English).

  2. Their concerns about Windows (from the FAQ) by burgburgburg · · Score: 4, Informative
    From their FAQ

    I noticed that your CryptoPhone is based on Windows CE / PocketPC. Isn't this a security risk?

    The current version of the CryptoPhone runs on top of a heavily modified and stripped down Microsoft PocketPC2002 ROM. The reason is that we wanted an affordable and well researched platform that offered sufficient performance for the speech encoding and crypto functions.A Pocket PC based system was chosen as the first platform for CryptoPhone because it was the only sufficiently fast device allowed us to do software integrity protection in ROM and the stripping of unnecessary functions.

    The only commercially available alternative at the time of the necessary development decision was Symbian. Symbian is even more closed source (Windows CE is open source for developers in most parts) and was available only on a more expensive hardware platform. There was (and still is) no viable mass-market Embedded Linux based hardware with sufficient performance, stability, hardware integration and availability on the market at decision time, so we were not able to pursue this alternative.

    We are aware that there are risks associated with using any Windows platform and we have taken a number of measures to mitigate these risks as best we could. We removed applications, communication stacks and system parts that are unnecessary for the CryptoPhone operation and which may cause potential security problems. You should not install third party software on the CryptoPhone to prevent software based attacks on the firmware integrity. The firmware update mechanism is cryptographically secured.

  3. Re:Props to NAH6... by gnu-generation-one · · Score: 4, Informative

    "for doing a PGP extension to Mailman."

    PGPi itself always had the PGPFone module, which can either encrypt a telephone line (your modem dials their modem) or handle internet calls (useful for people whose families are abroad)

    Download it here, including source-code.

  4. Encryption by Detritus · · Score: 3, Informative

    Encryption isn't illegal, except for a few limited cases, like amateur radio. The government is more subtle than that. If you are doing something that needs a FCC license, type acceptance or other government paperwork, your paperwork will be approved much more quickly if you have a "cooperative attitude".

    --
    Mea navis aericumbens anguillis abundat
  5. Re:Responsibility by Brandybuck · · Score: 4, Informative
    it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.

    Some quotes from Phil Zimmerman, author of PGP (emphasis mine):

    Its personal. Its private. And its no ones business but yours. You may be planning a political campaign, discussing your taxes, or having a secret romance. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don't want your private electronic mail (email) or confidential documents read by anyone else. Theres nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.


    If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email?
    --
    Don't blame me, I didn't vote for either of them!
  6. OT: The FSB is only half of the former KGB by burgburgburg · · Score: 3, Informative
    As discussed here, the KGB was split into two organizations: the domestic security service, the Federalnaya Sluzba Bezopastnosti (Federal Security Bureau or FSB) and the civilian intelligence service, Sluzba Vneshnei Razvedka (SVR).

  7. Re:Gotta start somewhere by Anml4ixoye · · Score: 3, Informative

    No, not quite true. The strongest encryptions are not based on no one knowing the algorithims - in fact most cryptographers do not regard an algorithim as secure unless it has been exposed. The strength lies in the keys generated.

    For example, the RSA algorithim is available. But currently most people do not have the computing power necessary to decipher the keys to the transmission.

    --
    Random Musings
  8. Re:Responsibility by wfberg · · Score: 3, Informative


    I am a little concerned, though, that this kind of technology might fall into the wrong hands. For instance, have the manufacturers considered the applications for which terrorists might use these? I hardly think that the NAH6 would like to see their products used to slaughter innocent Americans, or even Amsterdaminians. Encryption is certainly a worthwhile tool, but I think it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.

    Real criminals have had access to, say, laptops connected to gsm phones that run speakfreely or simply any voip product over-ssh/ipsec/pptp/whatever for years..

    Most importantly though, this cryptophone does nothing to conceal traffic data; i.e. "who's calling who". This information is not much use in corporate espionage, but worth its weight in gold in criminal investigations (and much easier to sort through than voice calls).

    --
    SCO employee? Check out the bounty
  9. Re:Wow! They invented GSM! by skandalfo · · Score: 3, Informative
    The GSM mobile telephony system (used everywhere but except in USA and colonies, may God protect their industries from competition), does indeed support cryptography since its very design.

    Not only that, but also a pseudo-random frequency hopping feature is also included in the scheme, so that recording a conversation from the radio waves in order to perform a later brute-force attack on it could be made impossible.

    There are, however, several problems when coming down to reality in the application of the GSM standard:

    • The encryption mechanism isn't an end-to-end one; that is, it secures the handset to base-station link only, and for the rest of the communication path the voice/data travels in plain. The mechanism protects the user from radio eavesdropping only. GSM network land links and equipment must be secured by the operator. When having to tap a phone number, law enforcement organizations have to get the support of the operator, too, but probably insiders would be able to eavesdrop as much as they like.
    • Actually ciphering or frequency-hopping are optional features, and I think they're not used by most of the operators in Europe because of technical/cost, legal or political reasons. I know my GSM operator doesn't use them, at least at some cells. I know of cases where the available key-length has been artificially reduced because of political/legal concerns.

    So, in a real world where the operator could be trusted and there weren't political restrictions about it, GSM could give the user privacy, but the fact is that it doesn't.

    If the devices in the article provide end-to-end, user-controlled crytography, then they have their value indeed.