Slashdot Mirror

← Back to Stories (view on slashdot.org)

80% of Cell Phone Encryption Solutions Insecure

Posted by timothy on from the nsa-working-on-the-rest dept.

An anonymous reader writes "Mobile Magazine writes about a blogger named Notrax who has tested 15 methods of secure encryption for mobile phones; out of those he found only 3 could not be cracked at some level. '12 of them were "worthless." It's easy to take the software at face value when it "tells you" that the call is secured. But how does someone actually go about being sure that it is secured? Notrax did some digging and discovered he could break in to almost all of them in under 30 minutes.'" (Above link is to a slightly older description of Notrax's approach; then, it was 9 out of 10 products that were worthless, instead of 12 out of 15.)

2 of 158 comments (clear)

  1. So? by BitZtream · · Score: 0, Troll

    Okay, so with the right technology in the hands of the hacker, my cell phone has the same security as the old POTS line running into my house.

    Pardon me if I don't freak out about it. For years all I've needed was a handset and a knife and I could listen in on peoples phone calls. This is still harder than that.

    Sorry if I'm not concerned about something thats not ever been a problem for me or anyone I've ever known even though it has been trivial to do.

    Yes yes, its wireless and its easier to hide, but guess what, once again I have to point out ... NO ONE GIVES A SHIT ABOUT WHAT YOU DO, YOU AREN'T THAT SPECIAL.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  2. Re:Backdoors != news by sexconker · · Score: 0, Troll

    By being able to read source code, but not have an electron microscope, you force the bad guys to use more expensive and laborious obscurity.

    I'm for raising the bar on them---maybe they're not omnipotent.

    Hint: The "bad guys" already design and manufacturer the hardware itself.

    Security doesn't revolve around who is good or bad, it revolves around who is known to be good - everyone else should be considered bad by default.

    There is in fact NOTHING you can do about it. They own the hardware. No software scheme will get around that. The simple fact is that everything is decrypted at some point, they have no reason to attack your software implementation other than sheer convenience.