Slashdot Mirror

← Back to Stories (view on slashdot.org)

80% of Cell Phone Encryption Solutions Insecure

Posted by timothy on from the nsa-working-on-the-rest dept.

An anonymous reader writes "Mobile Magazine writes about a blogger named Notrax who has tested 15 methods of secure encryption for mobile phones; out of those he found only 3 could not be cracked at some level. '12 of them were "worthless." It's easy to take the software at face value when it "tells you" that the call is secured. But how does someone actually go about being sure that it is secured? Notrax did some digging and discovered he could break in to almost all of them in under 30 minutes.'" (Above link is to a slightly older description of Notrax's approach; then, it was 9 out of 10 products that were worthless, instead of 12 out of 15.)

2 of 158 comments (clear)

  1. Re:Backdoors != news by Anonymous Coward · · Score: 4, Interesting

    Absolutely correct.

    I happen to know that there are simple software/hardware hacks/backdoors on 98% of phones in existence. All of these are built in by the manufacturers at our behest - 'our' being NSA, MI6, CIA, ASIO and DSD of Australia.

    Don't trust any technology or hardware that you don't have complete and unhindered access to. I'm telling you now, I've seen records pulled up on people for things that the above mentioned agencies should never have had access to - things regular plebs wouldn't have believed possible to monitor. Those fellows will get records down to every time you've gone to the toilet - its that scary.

  2. WORST. ARTICLE. EVER by GNUALMAFUERTE · · Score: 3, Interesting

    I just posted the following comment on this asshole's website:

    Your article is totally misleading.

    You say that you managed to prove those products insecure.

    Well, YOU DIDN'T. The intention of all the products you mentioned is to provide encryption
    to protect you from someone intercepting your phone call. You didn't test any of this.
    You just directly accessed the mic on the cellphone. Well, off course you'll get the audio!!

    A little analogous situation to better explain what you did:

    I will prove that this high security reinforced door is totally insecure. I'll get in the house through
    the window. Oh No! It worked, I'm inside the house and I didn't even touch the door! Those doors
    are Insecure!

    That's exactly what you did. Those systems encrypt your voice. Your call is secure from interception.
    If you knew anything about security, you would know this: Physical access is total access.

    You had PHYSICAL access to the phone. Well, off course you where able to "crack" it. Guess what?
    You could have manually connected the mic cables to an mp3 recorder for all I cared.

    It's like saying "I am going to prove that this OpenBSD-based firewall is insecure, but connecting
    to the machines behind the firewall with this directly with this ethernet crossover cable".

    So, are you really that naive, or you have financial interests in some phone crypto technology?

    --
    WTF am I doing replying to an AC at 5 A.M on a Friday night?