Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypted Cell Phone Hits the Market

Posted by michael on from the tony-soprano dept.

notshannon writes "Reuters reports about a new cell phone which automatically encrypts communications. Of course, the matching handset will decrypt the message. Security doesn't come cheap, around $4000 per pair, but it's probably as reliable as anyone in these parts could wish. Favorite quote: 'We allow everyone to check the security for themselves, because we're the only ones who publish the source code,' said Rop Gonggrijp at Amsterdam-based NAH6. Amusingly, the article cites government.nl and not nsa.gov as the world's most prolific phone tapper."

15 of 266 comments (clear)

  1. Do what I do... by Anonymous Coward · · Score: 4, Funny

    Rather than pay $4K to encrypt your phone calls, do what I do: don't have anything worth saying

  2. can you hear me now? by Anonymous Coward · · Score: 5, Funny

    that will become " ? nac uoy reah em won"

  3. nah by Dreadlord · · Score: 4, Funny

    real /.ers don't use expensive encryption phones, they do the math themselves, and then encrypt signals by waving a magnet near the phone.

    --
    The IT section color scheme sucks.
  4. Limited Use? by BadCable · · Score: 4, Insightful

    Doesn't this seem of limited use?

    I mean if it only encrypts for other cellphones of it's type on it's network the usability is rather limited.

    You might as well use encrypted walkie talkies, it's not too different when you think about it.

    --
    Google Toolbar is SPYWARE!
  5. Why not sooner? by Orien · · Score: 4, Insightful

    Personally, I am flat-out amazed that this kind of thing hasn't taken off much sooner. There is a public outcry right now about "Privacy" and all kind of laws are being enacted to ensure consumer protection of personal information. So why isn't there a much higher demand from consumers for "Privacy" when it comes to data transmission and data storage? It's not like it's hard from a technology standpoint. Encrypted communications have been around since long before cellular phones. We just need more people asking for it to see this kind of thing standard in phones, bluetooth, 802.11, etc.

    --

    SCO.com uses Linux

  6. More information by DerOle · · Score: 5, Informative

    see this page for further information (in English).

  7. Available in U.S.? by exhilaration · · Score: 4, Interesting

    Are these available in the U.S.? The last time encrypted cell phones made the news there were no plans of selling them in the U.S.

    1. Re:Available in U.S.? by Realistic_Dragon · · Score: 4, Funny

      Are these available in the U.S.? The last time encrypted cell phones made the news there were no plans of selling them in the U.S.

      Amazon.com

      People who brought these also purchased:
      900Mhz GSM network to run them on. $1,000,000.

      --
      Beep beep.
  8. The Microsoft-based XDA handheld computer phone by burgburgburg · · Score: 4, Funny
    The Microsoft-based XDA handheld computer phone made by Taiwan's High Tech Computer is selling for 3,499 euros ($4,121) per two handsets.

    Well, since Bill IS focusing so strongly on security, I feel comfortable relaying most personal, intimate, potentially volatile information over these phones.

    I also wear my Social Security number on a t-shirt, yell out the numbers of my PIN at ATMs and throw my credit cards at little children as if they were candy.

  9. I think the most prolific phone tapper is... by melted · · Score: 4, Interesting

    FSB, formerly known as KGB. On numerous occasions they've ordered the Russian phone companies to turn off even the weak GSM encryption and wiretapped whoever they wanted. They also release "proslushki" (wiretaps) of some politicians talking on the phone on some "independent" web sites almost weekly. BTW, in Russia they don't need the warrant issued by a court to do this. Basically every god damn cop can wiretap whoever he wants if he has the gear. Too bad the use of cryptography (except for the government-approved algorithms) is not allowed in Russia.

  10. no by SweetAndSourJesus · · Score: 5, Funny

    real slashdotters don't have anyone to call in the first place

    --

    --
    the strongest word is still the word "free"
  11. Their concerns about Windows (from the FAQ) by burgburgburg · · Score: 4, Informative
    From their FAQ

    I noticed that your CryptoPhone is based on Windows CE / PocketPC. Isn't this a security risk?

    The current version of the CryptoPhone runs on top of a heavily modified and stripped down Microsoft PocketPC2002 ROM. The reason is that we wanted an affordable and well researched platform that offered sufficient performance for the speech encoding and crypto functions.A Pocket PC based system was chosen as the first platform for CryptoPhone because it was the only sufficiently fast device allowed us to do software integrity protection in ROM and the stripping of unnecessary functions.

    The only commercially available alternative at the time of the necessary development decision was Symbian. Symbian is even more closed source (Windows CE is open source for developers in most parts) and was available only on a more expensive hardware platform. There was (and still is) no viable mass-market Embedded Linux based hardware with sufficient performance, stability, hardware integration and availability on the market at decision time, so we were not able to pursue this alternative.

    We are aware that there are risks associated with using any Windows platform and we have taken a number of measures to mitigate these risks as best we could. We removed applications, communication stacks and system parts that are unnecessary for the CryptoPhone operation and which may cause potential security problems. You should not install third party software on the CryptoPhone to prevent software based attacks on the firmware integrity. The firmware update mechanism is cryptographically secured.

  12. Re:Props to NAH6... by gnu-generation-one · · Score: 4, Informative

    "for doing a PGP extension to Mailman."

    PGPi itself always had the PGPFone module, which can either encrypt a telephone line (your modem dials their modem) or handle internet calls (useful for people whose families are abroad)

    Download it here, including source-code.

  13. How will you verify keys? by whois · · Score: 5, Insightful

    Nobody verifys keys for webpages, email or ssh right now. How many times have you seen "HOST KEY HAS CHANGED" or "host key not found" and typed "yes" anyway?

    The good news is that if people really understood crypto, key exchange would be easy. You meet in person, establish a bluetooth link, swap public keys and verify fingerprints.

    The bad news is that nobody will do this, or the phone won't support it (article didn't say how key exchange happens)

    So when Joe calls and it says "incoming encrypted call" are you going to answer it because you know and like Joe, even though you've never exchanged keys with him?

    Key exchange can't be done through a trusted third party (except the company you work for) because there is no trusted third party. Even if you trust Bob, and he trusts Mary, you don't know where their dirty phones have been.

    If your work is the trusted third party, they'll probably hold copies of your private keys so calls can be monitored later if needed. (Hopefully the phone ethier allows you to generate a new key whenever you want, or doesn't allow exporting of it's private key. Hopefully both)

    Don't get me wrong, I want one. Real bad, but not $4k bad, not to test out someones (probably flawed) cryptosystem.

    Even if they understand crypto and got it right, the user still has to understand it to make it all work.

    If I had about 10 of these I'd give one to each of my friends and make sure they only accept encrypted calls from known keys. I'd also make the screen light up in red or green or something to show it's an encrypted call.

    Then we could talk about Joe behind his back, with no chance of interception from governments.

    So yeah, anyone got a real use for these?

  14. Re:Responsibility by Brandybuck · · Score: 4, Informative
    it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.

    Some quotes from Phil Zimmerman, author of PGP (emphasis mine):

    Its personal. Its private. And its no ones business but yours. You may be planning a political campaign, discussing your taxes, or having a secret romance. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don't want your private electronic mail (email) or confidential documents read by anyone else. Theres nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.


    If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email?
    --
    Don't blame me, I didn't vote for either of them!