Slashdot Mirror
80% of Cell Phone Encryption Solutions Insecure
An anonymous reader writes "Mobile Magazine writes about a blogger named Notrax who has tested 15 methods of secure encryption for mobile phones; out of those he found only 3 could not be cracked at some level. '12 of them were "worthless." It's easy to take the software at face value when it "tells you" that the call is secured. But how does someone actually go about being sure that it is secured? Notrax did some digging and discovered he could break in to almost all of them in under 30 minutes.'" (Above link is to a slightly older description of Notrax's approach; then, it was 9 out of 10 products that were worthless, instead of 12 out of 15.)
News flash: if someone installs a trojan on your phone, then encrypting your call is insecure.
No sh*t. Don't let people install trojans on your phone.
It's so efficient, not even my recipient can make out what I mean.
The Missile from France went down my pants, so I need you to dance and prance
"Are you breaking up with me?"
This tactic requires you to install software on the target's phone without their knowledge. That doesn't render the encryption faulty, it's just stealing the voice signal before it gets encrypted. I like this part from the vendor's web site: "$PRODUCT_NAME for iPhone is professional grade spy phone software that takes minutes to install on a jailbroken iPhone, and instantly starts sending data to a secure web account where you can log in and view records..."
This guy didn't break any encryption. He admitted up front he couldn't, except for some vague handwavy stuff about distributed brute force key attacks. Instead, he installed a trojan on the phone that records the phone conversation. He didn't even write the trojan. The awesome software he couldn't crack (the "20%") were "secure" because it was either different hardware his cool program didn't work for, or some older gear the program didn't run on. Phew! I'll make sure to buy those now that I know they're air tight.
Came for a cool story about breaking over the air phone encryption but all I got was a script kiddie installing software and making grand pronouncements to get pageviews.
Absolutely correct.
I happen to know that there are simple software/hardware hacks/backdoors on 98% of phones in existence. All of these are built in by the manufacturers at our behest - 'our' being NSA, MI6, CIA, ASIO and DSD of Australia.
Don't trust any technology or hardware that you don't have complete and unhindered access to. I'm telling you now, I've seen records pulled up on people for things that the above mentioned agencies should never have had access to - things regular plebs wouldn't have believed possible to monitor. Those fellows will get records down to every time you've gone to the toilet - its that scary.
Corollary: any encryption technology that you need to rely on should be open source and well-understood. The hardware you use it on should be completely open and you should understand how things work on that hardware. Even better if you have compiled that code yourself.
Oh fuck off.
I suppose you wrote the compiler too?
I suppose to used an electron microscope and scanned every fucking bit of your CPU and memory and such?
If you want to be fucking paranoid, be paranoid all the way.
Don't use paranoia FUD to push your FOSS agenda.
While it's true that there's shit they can do, it's also true that there's NOTHING you can do about it. FOSS cloak or not.
V fcrnx va ebg 13. Gbgny frphevgl.
My mother's a frphevgl, you insensitive khdfsji!
I just posted the following comment on this asshole's website:
Your article is totally misleading.
You say that you managed to prove those products insecure.
Well, YOU DIDN'T. The intention of all the products you mentioned is to provide encryption
to protect you from someone intercepting your phone call. You didn't test any of this.
You just directly accessed the mic on the cellphone. Well, off course you'll get the audio!!
A little analogous situation to better explain what you did:
I will prove that this high security reinforced door is totally insecure. I'll get in the house through
the window. Oh No! It worked, I'm inside the house and I didn't even touch the door! Those doors
are Insecure!
That's exactly what you did. Those systems encrypt your voice. Your call is secure from interception.
If you knew anything about security, you would know this: Physical access is total access.
You had PHYSICAL access to the phone. Well, off course you where able to "crack" it. Guess what?
You could have manually connected the mic cables to an mp3 recorder for all I cared.
It's like saying "I am going to prove that this OpenBSD-based firewall is insecure, but connecting
to the machines behind the firewall with this directly with this ethernet crossover cable".
So, are you really that naive, or you have financial interests in some phone crypto technology?
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Honest men can be found everywhere.
Honest politicians? SETI is still working on that one.
They wont waste time hacking your phone. They have a legal intercept box in the server room. No need for back doors on the phone.
If anyone knows what I'm putting on my pizza, I'm FUCKED.
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
Yeah, I've seen that too, but I can't remember the name of the movie.
greed@All_Evils:~#
Okay, you're paranoid. And delusional.
The most important fact is that no one actually gives a shit about your phone calls so even if they could listen to every word any time they wanted to, it still wouldn't matter. The sooner you realize you aren't that special, the sooner your paranoia will go away.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager