80% of Cell Phone Encryption Solutions Insecure

An anonymous reader writes "Mobile Magazine writes about a blogger named Notrax who has tested 15 methods of secure encryption for mobile phones; out of those he found only 3 could not be cracked at some level. '12 of them were "worthless." It's easy to take the software at face value when it "tells you" that the call is secured. But how does someone actually go about being sure that it is secured? Notrax did some digging and discovered he could break in to almost all of them in under 30 minutes.'" (Above link is to a slightly older description of Notrax's approach; then, it was 9 out of 10 products that were worthless, instead of 12 out of 15.)

Don't let people install trojans??

[hAckz0r]

When dealing with somebody that knows what they are doing, and any major brand smart phone, it takes less than 15 seconds to r00t your phone and start to upload custom software. No 'trojan' required. All that is needed is to know your phones IP address at any point that you are online transferring data (e.g email, web, photo transfers, etc). It only takes 15 seconds, just once, and your phone no longer belongs to you. Security on the current cell phone hardware and OS's are just an after thought.

Even a novice with a little cash can purchase software, and if given physical access for 10 minutes, will own your phone. They will have access to all the data stored on it, your photos, your CC numbers, email, phone logs, and possibly even know where you are if you have a built in GPS on the phone. I have seen where the contents of the phone are compressed into an alternate stream of data in an MPEG4 video file and off loaded across the carrier network. If you think someone around you might be untrustworthy you might want to check your itemized billing records if you can get your hands on them. You may see data network usage you don't remember using. You may also notice your battery running low fairly quickly, or your phone getting warm when not in use. All these can be a clue.