Company Makes Inconspicuous Secure Cellphone

dponce80 writes "With concerns over privacy at an all-time high, it's refreshing to hear that Swiss company VectroTel is making a secure mobile phone. The X8 encrypts secure calls (the unit is also able to make regular calls) with a virtually unbreakable 128-bit key, itself generated through a Diffie-Hellman exchange. While transmission does get somewhat delayed, communication is secure."

This sounds like a really good idea

[Freaky+Spook]

Except anyone who uses one would probably be labelled a terrorist.

Re:This sounds like a really good idea

[Opportunist]

So label me.

I'm willing to defend my freedom to death. If necessary, against my government.

And I bet, the US founding fathers would be proud of me.

Re:This sounds like a really good idea

[BkBen7]

[blockquote]"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God! I know not what course others may take; but as for me, give me liberty or give me death!"[/blockquote]

Re:This sounds like a really good idea

Nice words. But only words. They don't fill the stomach or pay the bills. Check out the real world from time to time.

Virtually unbreakable?

[foundme]

I think it's asking to be broken, and I bet it will be.

Re:Virtually unbreakable?

If the NSA really wanted to listen in on a phone call with a 128-bit Diffie-Hellman keysize, there is no doubt that they would eventually be able to do the finite field arithmetic necessary to break the encryption. But for most people, that's not the point of encrypting cell phone calls. Sure, there may be people out there who need close to 100% assurance that nobody can listen to their phone calls--namely, people who are transmitting information that is actually quite sensitive, and people who have some reason to believe that that government is specifically listening out for their calls. However, for the rest of us, 128-bit Diffie-Hellman with no man-in-the-middle protection is sufficient.

Think about it--while it is feasible for the NSA to attack a select number encrypted conversations, it would be computationally infeasible for them to continue a large-scale spying operation if every person in the country used even very weak encryption on their telephone calls. These NSA programs we hear about work because almost the entire telecommunications infrastructure in the world is completely unsecure. This is pretty easy to understand with a simple analogy. Pretend you're a thief going into the men's locker room at your local gym and that you have 25 minutes to steal as much stuff as you can--if all of the lockers in there are unlocked, you can probably manage to steal the contents of about 50 wallets. However, if everybody was smart enough to lock their stuff up (even with the cheapest lock they could buy), the thief would probably only have enough time to break into a couple lockers. Of course, this assumes that the NSA does not only keep a database of who is calling who in the US, but also an automated system for filtering out calls that are of particular interest to the US government (voice recognition, keyword recognition, or geographic indicators such as calling friends/relatives abroad)--a system which may or may not exist. But with the way things are going in this country, I think it's safe to say that if the program does not exist, the government would like it to. My personal opinion is that I would hate to see the US turn into an Orwellian police state simply because our laziness/apathy/trust made it a very easy task to accomplish. Encrypting your IMs (www.cypherpunks.ca/otr/), emails (http://www.gnupg.org/), and VOIP calls (http://www.philzimmermann.com/EN/zfone/index.html ) is already very easy. If it becomes easy to encrypt your cellphone conversations as well, I think that's reason to celebrate.

Feasibility for US Market?

[oostevo]

This may sound like an asinine question, I know, but I don't have much experience with cell phones at all.

Since this cellphone is made in Switzerland, a country that presumably has differing cell phone communication standards than the US does, is it possible to buy and use this cellphone in the US with a normal US carrier? Or would we have to wait and hope for a company to build something similar for the US?

Thanks, and sorry for the ignorance.

What about authentication?

[marsvin]

DH is a way to exchange an encryption key over a public network, but it doesn't tell you who you are talking to. GSM calls are never point to point, so there is always a "man in the middle".

I'm not saying it's necessarily snake oil, but the lack of any details certainly doesn't inspire any confidence.

Re:What about authentication?

There are several known ways of defeating this for DH key agreement. The simplest is to display a hash on both ends. Talk to each other. If you recognize the voice on the other end and the hashes match, you're golden. Dead simple, low tech, and reliable. Also, tough to fool.

Re:need to ask Bruce on this one..

[Havenwar]

Uhm... you should realize the pin code is on the phone, securing access to the crypto functions of that specific phone... if you want to listen in without being a part of the conversation you will still have to break the session key.

Its a good as your surroundings

[rf0]

This is all great but can you trust the person sitting next to you on the bus? The stranger behind you? How many of us have eve's dropped on other peoples conversations?

Re:What does this mean for eavesdropping?

"Millions if not billions of our tax money wasted if this technology becomes widely adopted."

You're looking at it the wrong way. Millions if not billions of our tax money that doesn't have to be wasted spying on innocent people chatting with their friends.

Sorry, but your surveillance apologism really demands that reply. You don't make innocent civilians safer by placing them under surveillance. You make them less safe. Stop wasting our time, money, and freedom when you should instead be spying on actual criminals, you know, getting a warrant based on probable cause and investigating to ascertain guilt. That is, if you're really interested in catching guilty parties and not just subjugating everyone under your militaristic future fantasy.

Re:Are people really this paranoid?

To paraphrase the saying, "it's not paranoia if you're actually being watched."

The reason to encrypt is not to make it impossible for investigators to hear you -- because, as you said, they can bug you in some other way. The reason is to make it impractical to do widespread monitoring of innocent people. When all calls are encrypted, investigators have to do a little actual work to bug a call, so it's impossible to instantly tap all the innocent callers as they'd like.

And if you've been following current events at all, you'll notice that a large portion of America isn't nearly as "paranoid" as it should be.

Regular-use crypto

[Shadows]

This seems like a neat little gizmo but I doubt I'll be able to convince my girlfriend, father, sister, friends, etc. to buy one too -- so the encryption feature would actually do something. As nice as the idea is, you still need two of these phones for it to work.

There's a parallel problem with GPG or the like. Since very few people have or want to use it, sending unencrypted e-mail is the only way to communicate with most of the world.

This phone is worse than that, though, since I can download GPG/cyrpto-software-of-your-choice and even install it for someone and show them how to use it -- but I'd have to persuade them to spend money on new hardware (and then convince them to actually use it with the crypto on!) in order to use the features of this phone.

Apathy/Laziness: 1
Discerning Citizens: 0

Re:What does this mean for eavesdropping?

[kneeslasher]

I think the above post should be taken in the spirit it was written: as a good joke suitable for chuckles all round. Would that I had mod points to mod it funny. Possibly we should petition /. to create a new type of modifier: ironic, but I fear its subtlety would be lost upon the majority.

Just in case the parent was not tongue in cheek:

Is it only myself for whom liberty from large entities (like the Goverment) is worth purchasing with a risk? Didn't many brave souls die for this in the past and continue to do so? Isn't that the bargain: liberty (and eternal vigilance), or the illusion of security?

Nice

[hummassa]

Not only you are Anonymous, but these were spoken like a true Coward!!!!

Re:What does this mean for eavesdropping?

[advocate_one]

Somehow I fail to feel harmed if someone hears my conversations.

would you be happy then if the "government" listened in on your phonecalls with your lawyer? or your tax attorney? or your doctor? or your psychiatrist? or your stockbroker? or your mistress? or your wife? or your election campaign manager? or any of a myriad of things you would rather not get out into public or potentially be used against you?

Re:Can you hear me now??

[ArsenneLupin]

Which in NSA speak means, yes... most definitely.

Obviously.

If he truly hadn't heard the Verizon guy, he wouldn't have answered anything at all, hehe.

Re:What does this mean for eavesdropping?

[drewsome]

given that the government has become essentially a division of Corporations R Us, think about how you might feel if the government sold the conversation you had with an oncologist to your HMO.

Freedom requires sacrifice. Better a hundred 9/11 than fascism and intrusion. And I say that being born and bred a New Yorker who grew up in the shadows of the WTC, supported the first Gulf War, and votes on the issues, not a straight party line.

Re:What does this mean for eavesdropping?

[99BottlesOfBeerInMyF]

In other words, live a good clean life, ignore outside influences, pay your taxes on time and you will have little to worry about; Like me :)

In other words, be completely boring, never upset the status quo, never fail to kow-tow to any government officials you meet (just in case) and be insignificant enough to escape notice and you're fine. Yeah, great plan. You'd do just fine as a serf in medieval europe too.

Who cares if the lord can fuck you in the ass whenever they want, so long as you are ugly and unimportant they won't bother.

Re:Can you hear me now??

[pyite]

Now if there were just a handful of these cell phones being used, the NSA could (probably) handle that and decrypt them.

It's unlikely they could. Assuming the key exchange works properly, and assuming they're using a known good algorithm (such as Rjindael aka AES), the NSA has no shot. Assume they use AES. Default is 128 bits and 10 rounds. Then the following little blurb from Apple's website applies:

AES gives you 3.4 x 10^38 possible 128-bit keys. In comparison, the Digital Encryption Standard (DES) keys are a mere 56 bits long, which means there are approximately 7.2 x 10^16 possible DES keys. Thus, there are on the order of 10^21 times more possible AES 128-bit keys than DES 56-bit keys. Assuming that one could build a machine that could recover a DES key in a second, it would take that machine approximately 149 trillion years to crack a 128-bit AES key.

(To put that into perspective, the universe is believed to be less than 20 billion years old.)


Now, that assumes you can crack a DES key in a second. The fastest successful crack by Deep Crack was just shy of 24 hours, or, 86400 seconds.

Re:What does this mean for eavesdropping?

[TheSkyIsPurple]

So, let's say you're chatting with a friend, and he mentions how bad he things random wiretapping is.
That gets flagged as a potential terrorist conversation.
Since he's talking to you at the time, you both get investigated.
They find out that that one weird cousion of yours recently travelled to Italy, and by concidence a known terrorist contact was also in Italy.
You now look like the perfect cover, and warrant a REAL investigation... ie, asking your neighbors and employer questions.
Since they've been asked, and "they wouldn't be asking if there wasn't something to worry about", you are now suspected by your neighbors.
So, they've talked to you boss as well, who recalls that you were late coming back from lunch awhile back. (You're wife's prenatal checkup ran a little long) That story checks with the gov't, but they, naturally, never call your boss back to tell him.. so he's now a little suspicious.

You can't guarantee none of this could ever happen. (And you know the old byline... with the government, any possible abuse is a guaranteed abuse at some point. Do you want to be THAT guy?)
However, if they didn't pick up on the original conversation, that completely removes the most probable vector for something like this happening.