Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cell Phone Encryption?

Cliff posted more than 11 years ago | from the keeping-prying-ears-out-of-your-conversations dept.

Encryption 42

Black Diamond asks: "I know I'm not up to speed on cell phone encryption, but I was wondering, are there any cell phones that let you handle the encryption from your end of things? Something along the lines of a phone you hook up to your computer to input specific encryption keys for specific contacts, as well as a private key for yourself. Is such a thing plausible, or should you trust the standard encryption that comes on some cell phones nowadays?"

cancel ×

42 comments

Sorry! There are no comments related to the filter you selected.

Similar to PGPfone... (3, Informative)

Chasing Amy (450778) | more than 11 years ago | (#5743086)

This isn't exactly what you're asking about, but the closest thing I can think of offhand would be PGPfone--a product abandoned years ago for encrypting voice communications much as PGP encrypts text.

There are both binaries and source code available here: http://www.pgpi.org/products/pgpfone/

Windows and Mac only, and it's a very crude app... It would be nice for someone to develop something more robust and with better features.

Re:Similar to PGPfone... (1, Informative)

Anonymous Coward | more than 11 years ago | (#5746577)

See also Speak Freely (active project,
for Unix + PC) and Nautilus secure
phone. All free & Free.

PGPfone can do modem-to-modem.
Put them on your pocket PC
and cable that to your regular
cell phone.

Problem is the other end needs the
same setup.

legal phone tapping (2)

martin (1336) | more than 11 years ago | (#5743126)

This would prevent law enforcement agencies tapping the signal.

There has to be way of 'wire tapping' any comms system according to various laws around the world so the 'good guys' can listen to the 'bad guys' (court orders etc needed).

The has been alot of stuff on the UK on this (cf ukcrypto list), the cryptos used and how it was weakened to enable 'legal' phone tapping to occur.

Re:legal phone tapping (3, Interesting)

shakah (78118) | more than 11 years ago | (#5743306)

This would prevent law enforcement agencies tapping the signal.
Strictly speaking, LEA's could still "tap", encryption would just make it more difficult to make sense of the captured voice stream (in the case of a voice intercept, that is). And even with "user encryption", you could still service "pen register" and "trap and trace" warrants (basically timestamped records of who called who).

Furthermore, though I can't find the reference now, I remember reading that carriers are permitted to offer "unreversible" encryption on their networks (i.e. if they are able to decrypt the communication they have to do it when faced with an appropriate warrant, but if they can't they are still in compliance with CALEA).

GSM phones encrypt anyway (2, Informative)

wowbagger (69688) | more than 11 years ago | (#5743279)

GSM (and PCS) phones encrypt the traffic anyway (at least they do outside the USA).

That is one of the big advantages of digital cellular modes over older, analog cellular modes - the ease of adding encryption.

However, if you want to throw another layer on top of this, it gets more difficult - since digital phones take the audio signal and vocode it, you cannot just scramble your voice and feed it in - the vocoder won't know what to do with it and won't encode it properly. You would have to inject your signal after the vocoder but before the Viterbi/Trellis coding.

Re:GSM phones encrypt anyway (1, Informative)

Anonymous Coward | more than 11 years ago | (#5743346)

> GSM (and PCS) phones encrypt the traffic anyway (at least they do outside the USA).

No they don't. The GSM protocol supports the capability, but it isn't necessarily turned on. At least one of the UK operators does not use it.

The algorithms are also dated, and it has been demonstrated that can be readily compromised, in real time, using off the shelf hardware available today.

BB

Re:GSM phones encrypt anyway - NOT (4, Interesting)

Splork (13498) | more than 11 years ago | (#5743512)

No they don't.

(a) Both GSM and CDMA encryption are flawed and can be broken.

(b) It doesn't matter if the encryption is bad, all GSM phones listen for a single bit from the tower they're communicating with that tells it if it should encrypt or not. It is trivial for anyone with the resources to eavesdrop on a digital phone call to setup their own fake tower to tell your phone to turn encryption off.

(c) so what if mobile phones encrypt, phone lines that they connect to don't.

never trust commercial "encryption" to be anything more than the magic decoder ring from your cerial box wrapped in a DMCA wrapper calling anyone that points out that its made of cheap injection molded plastic an information terrorist.

Re:GSM phones encrypt anyway - NOT (4, Informative)

wowbagger (69688) | more than 11 years ago | (#5743580)

It is trivial for anybody with the resources to build a faster than light drive, too - for some definitions of "with the resources".

It would depend upon whom this guy wishes to protect his conversations against - J. Random Carbonunit or Special Agent TLA.

If the former, than the encryption used in GSM is enough - few people have the gear to modulate and demodulate a GSM signal with proper time slotting, time of flight correction, etc. Making a GSM signal is HARD - I build gear that does it.

If the latter, then they won't screw around picking the signal off the air - they will throw a CALEA intercept on his phone when it hits the PTSN. Then the only thing that can protect him would be VERY strong encryption seperate from the phone - which as I said in my first posting is difficult due to the nature of digital phones.

Lastly, if he is trying to protect himself from Special Agent TLA, encrypting his signal like this won't help - it will just raise a big red flag saying "Look At Me! I Am Hiding SomeThing!". He would be far better served making an innocuous word code and using that.

...with the resources... (2, Informative)

OwnerOfWhinyCat (654476) | more than 11 years ago | (#5744349)

I've used some of the gear you build and I can't see how this is trivial by any measure.

Unless you enjoy designing custom analog/digital hardware, there is just no way you're going to override the single byte in a stream that selects clear encoding, and then just listen to a clear channel conversation. The "man in the middle" attack is your only hope for using off the shelf toys. You'll need proper amps., a sharply directional antenna, and GSM phone-test-set that will exchange two-way pcm data with sufficient programability to allow you to emulate the mark's usual carrier signature, and a GSM test phone that outputs it's received PCM data in digital format so you don't have to go analog to digital again (which would sound atrocious given the kinds of compression involved).

Assume you could get these things, expand their capabilities and get them to communicate smoothly, you still wouldn't get the right caller ID unless you intercepted the challenge going to your test phone SIM from the carrier and repeated it to the mark's phone so you could be seen as having his IMSI. That would be yet another awesome hack to your credit.

And then of course you'd have to follow conspicuously closely to keep the mark from stepping behind something that blocked your signal (extra power won't help much in the microwave band).

Until we all start using it, encrypting your voice signal would certainly just shout "I'm hiding something."

If you want one of these conversations from your GSM phone, I'd go somewhere where they had GPRS or another GSM enabled data access method and send seriously encrypted VOIP traffic. If you want stealth, pick a location where you can get multiple GPRS timeslots (some phones support up to 128k bits) and package your voice in an encrypted stream like SSH. No one would think it unusual for a computer geek to ssh into his server from the field. The fact that one of your socket connections was a VOIP stream wouldn't be externally detectable.

Re:...with the resources... (1)

wowbagger (69688) | more than 11 years ago | (#5744619)

I was not saying it was trivial - the person to whom I was responding said it was.

I was saying quite the contrary - it WASN'T trivial.

Re:...with the resources... (1)

OwnerOfWhinyCat (654476) | more than 11 years ago | (#5746190)

Yes. I got it.

Sorry about the lack of clarity. I needed to make better use of the <Ironic Tone></Ironic Tone> tags. Though the speed of light hard drive analogy seemed accurate, I wanted to outline some of the hurdles involved to illustrate the point that this is not a cellular FM radio using frequency inversion or something else for which a cool black box and a scanner will make for trivial snooping. This is $20k+ worth of toys and a significant engineering investment.

Re:GSM phones encrypt anyway - NOT (0)

Anonymous Coward | more than 11 years ago | (#5746583)

> If the latter, then they won't screw around picking the signal off the air - they will throw a CALEA intercept on his phone when it hits the PTSN.

This is why the encryption needs to be end-to-end, all the way from your terminal to the callee's terminal. Otherwise it's about as useless as "VPNs" that connect you to unencrypted corporate networks.

How do you define trivial? (1)

duffbeer703 (177751) | more than 11 years ago | (#5743733)

Ok, so I want to easedrop on you and i have alot of resources. I'm going to put up some renegade cell phone tower that will overpower the legit tower and provide service to thousands of people... and I'll do this all over an area or city?

It would be easier to follow you with a parabolic microphone.

My recommendation to you is to tighten your tinfoil hat.

Re:GSM phones encrypt anyway - NOT (0)

Anonymous Coward | more than 11 years ago | (#5743788)

(Posted anonymously as I work in this area).

As far as I know, none of the UK mobile companies encrypt over the air anyhow (if you have engineer mode enabled on your phone you can easily prove this).

Even if they did, it matters not how easily the crypto can be broken, as the voice data is only encrypted up to the base station anyhow. The network operator taps the call after it's decoded and while it passes through the network 'in the clear'.

As a previous poster pointed out, legal requirements mean that the operator has to do this.

Re:GSM phones encrypt anyway - NOT (1)

charstar (64963) | more than 11 years ago | (#5744302)


never trust commercial "encryption" to be anything more than the magic decoder ring from your cerial box wrapped in a DMCA wrapper calling anyone that points out that its made of cheap injection molded plastic an information terrorist.


beautifully worded! *applause*

Re:GSM phones encrypt anyway - NOT (1)

BalkanBoy (201243) | more than 11 years ago | (#5745368)

(a) Both GSM and CDMA encryption are flawed and can be broken.

I'm not sure which CDMA encryption you are talking about, but using a phone like this [qualcomm.com] would make breaking its encryption a hard feat to accomplish.

Re:GSM phones encrypt anyway (1)

kousik (149219) | more than 11 years ago | (#5744258)


> GSM (and PCS) phones encrypt the traffic anyway

Of course, but the encryption is in between your handset and the BTS (the base station). Then the traffic is in clear, until they are again aired by another BTS (or, if they reach another phone line which doesn't encrypt, it is in plain all the way).

So the phone company, if they wished, or bribed, or forced by legal authorities, can tap your call. And moreover, GSM uses A5/1 encryption which is broken anyway.

What is actually needed is peer to peer encryption. Authentication is not necessary. Leave the correct number to call to the phone company. All you need is privacy, which can be done by a simple key management protocol per session (like exchanging DH pair) and a fast robust symmetric algorithm (like AES).

my 2 paisa,
Kousik

data encryption?? (2, Informative)

stonebeat.org (562495) | more than 11 years ago | (#5743290)

i m not sure, what you are trying to ask, but that is not going to stop me from answering your question. :)

Are you asking about encrypting the data stored on your fone? or encrypting the data transfer between your fone and your service provider?

If it is a Pocket PC /Palm OS based cell phone, then there are some encryption apps out there that can help you. Here are some links:
http://www.pointsec.com/core/default.asp
http://www.softwinter.com/sentry_ce.html
http://w ww.f-secure.com/wireless/pocketpc/pocketpc -fc.shtml

However good encryption/decryption take up lots of CPU power, so I dont know how feasible it is to ecrypt all the data on your cell phone.

Some thoughts from a ham (1)

n1ywb (555767) | more than 11 years ago | (#5743365)

If my memory serves me correctly, CDMA is a form of spread-spectrum modulation. It's fairly resistant to evesdropping by your average crook, although there's no doubt that big brother can tune in if he wants. Hell he doesn't even necessarily need to receive your signal, he could have the phone company tap it at the cell site. I don't know much about other types of cell phones.

One thing you could do, if you can use your cell phone as a modem (I think most digital phones can do this at fairly high speed) then you can just iphone or something similar but tunnel the stream through an encryption layer. It would probably be better to apply encryption within the codec, and use some type of encryption that is highly tolerant of dropped packets, thus enabling you to use UDP streams.

I guess I don't know of anything like this off the top of my head.

Re:Some thoughts from a ham (3, Informative)

nbvb (32836) | more than 11 years ago | (#5743501)

Correct, CDMA is spread-spectrum and the encryption is relatively difficult to crack.

Nobody's been able to demonstrate real-time listening capabilities (yet).

But it is a well-known fact that the law enforcement guys have taps at the cellular switches, so they just plug into the call before it goes to hardwire -- they don't even bother trying to listen out of the air, and why should they? It's a lot easier to listen at the switch .........

Now, as for GSM, its encryption is definitely crackable in realtime... In fact, there have been industrial espionage problems across the English channel because of this .... go look it up :)

Re:Some thoughts from a ham (1)

wishus (174405) | more than 11 years ago | (#5744151)

Correct, CDMA is spread-spectrum and the encryption is relatively difficult to crack. Nobody's been able to demonstrate real-time listening capabilities (yet).

Where do you get this stuff? CDMA is 2G tech to allow multiple subscribers to share a frequency. Rather than multiplexing by timeslots (TDMA), each mobile subscriber transmits a code so the tower can distinguish between different calls on that frequency.

It has nothing to do with security. It is one solution to the problem of having more subscribers in a cell than frequencies for them to talk on.

Re:Some thoughts from a ham (1)

Profane Motherfucker (564659) | more than 11 years ago | (#5744417)

It might not overty be related to security, but it adds to the overall security of the connection. It's scattered over a huge swath of frequency, along with hundreds or thousands of other calls. All of this arrives at the base station, and the system there determines which pieces and in what order make up each particular conversation.

And I don't know what the fuck you're talking about, but CDMA has nothing to do with either 2G 2.5G or 3G. Those have to do with data capabilities. That is all. Would you also say that TCP/IP is an old protocol for AOL 5.0?

There's not "more frequencies for them to talk on." There's channels. And in CDMA, everyone shares the channel.

Re:Some thoughts from a ham (3, Insightful)

ForestGrump (644805) | more than 11 years ago | (#5743699)

As for using your phone as a modem, it can seem workable.

With today's bleeding edge technology: I was just looking at the sprint wireless site, and found this pdf on one of the laptop modem cards.
http://www1.sprintpcs.com/media/Assets/Equ ipment/H andsets/pdf/yisocf2031.pdf
It claims to have a total baud of 230.4 bps
recieve at 153.6 and sent at 76.8
Although this is the maximum baud, and the speed is changeable.
(so theortically you get, but in reality...)
These plans start at $100/mo with 300 MB data, or $120 with unlimited data.

From my personal expierence: Simply, data was too expensive for me- 7 dollars a month charge, 7 cents a minute- and I suffered for two weeks without internet while waiting for the DSL modem to ship. However, I did look into it before.

I currenetly use Cingular (Pac Bell) Wireless.
The phone manufacturer claims they are able to acheive 56k speeds, but Cingular claims 9.6kps due to network conditions (and time slots avialable).

I'm, pretty sure Sprint (or any other carrier) would limit your max speeds- just like dsl/cable modem providers do. So although the claim is 230k/s, your not really gonna get that kind of thruput.

So, unless your super paainoid (mafia) and have cash to burn (mafia), go for it!

I'm going to stick to my $35/mo basic calling plan.

73s
KG6....
(feeling parinoid)

Re:Some thoughts from a ham (1)

Blaine Hilton (626259) | more than 11 years ago | (#5745330)

This is what I would suggest too. However one must remember the KISS principle (Keep it Simple Stupid) meaning that if you really want it secure using a cell phone is probably not the best way to go about it!

Re:Some thoughts from a ham (1)

afidel (530433) | more than 11 years ago | (#5746717)

Actually something like a PGPSoftphone running over the data channel wouldn't be a bad deal, especially if you could get a SIM card for your GSM phone(like in europe, no info needed). Anonynimity, movable location and strong encryption. It would be hard to beat for non-interceptable communications.

Re:Some thoughts from a ham (0)

Anonymous Coward | more than 11 years ago | (#5746130)

Another ham-esque method that immediately comes to mind is that some modulation types such as PSK31 use such a narrow bandwidth that there's a good chance of intelligibly inserting them into the phone's audio. From there on, of course you'll need an encryption algorithm and a data-integrity checksum, but you could get an encrypted short digital message between two people with only PSK31 software and cables between the headset ports on the phones and the spkr/mic jacks on the computer. In the case of PSK31, you may even be able to talk over it and still pull the data stream out with some reliability (or maybe not).

Naturally this completely wastes the nicer data capabilities of 1xRTT and GSM/GPRS by concentrating on the audio band, but it's Just A Thought.

Low-tech method (4, Funny)

extra88 (1003) | more than 11 years ago | (#5743739)

I just do a Darth Vader imitation and speak in Pig Latin. Since I started doing this I haven't been hassled by The Man once!

Siemens S35i (1)

psyconaut (228947) | more than 11 years ago | (#5744113)

You can buy a modified version of the S35i that does station-to-station strong encrption. Do a Google on "Siemens TopSec".

-psy

Re:Siemens S35i (0)

Anonymous Coward | more than 11 years ago | (#5746309)

"When the soft key key "Crypto " is pressed, the two phones and the receiving phone automatically select a new 128 bit encryption. Some 1038 possible codes are possible. With termination of the call, the code is deleted immediately. The code change is apart from the key length an important safety factor"

Hmmmm 1038 codes.... My Palm pilot should be able to crack that in seconds....

Gotta love format losses.... (1)

Spamalamadingdong (323207) | more than 11 years ago | (#5760992)

... and clueless marketroids who don't know the difference between 1038 and ten-to-the-38th-power.

It is possible, and it is real (5, Informative)

kousik (149219) | more than 11 years ago | (#5744209)

But not in the form you say. There exist chips which will do a Diffie-Hellman exchange to set up a secret key, and then do AES encryption on the whole conversation. Comes as a Sony-Ericsson accessory.

Of course, lack of standard make these chips non-interoperable (not encryption/decryption but key management). Once it becomes popular standards need to emerge.

cheap answer (2, Funny)

Enrico Pulatzo (536675) | more than 11 years ago | (#5745141)

just learn Navajo. Works for some [navy.mil] people.

Re:cheap answer (1)

valkraider (611225) | more than 11 years ago | (#5747427)

As long as he is in the USA, simply speaking in a non english language is secure...

Re:cheap answer (0, Flamebait)

Morgon (27979) | more than 11 years ago | (#5751641)

I am not sure about all that now..

"Press 2 if you'd like to eavesdrop in Spanish"

The US has become this unnecessarily multi-lingual culture. We waste more space, trees, metal (for signs), and TIME translating from the language these people SHOULD learn before moving to the US. As elitist as it may sound, English still IS the Universal language, and I'd be quite happy if I didn't waste 10 seconds of non-time listening to telephone instructions in Spanish when I call my bank.

So I think they could find a way to figure out what you're saying, no matter what language.
Plus, didn't AT&T (or someone) develop some prototype real-time translator? I wonder whatever happened to that thing..

--Morgon

Flamebait? (1)

Morgon (27979) | more than 11 years ago | (#5753966)

How is this flamebait.. This is a perfectly valid opinion, and valid response to someone else's post.

Just like half of Slashdot User's sigs say, Instead of being lazy and modding me down, post an intelligent response.

Sectra Tiger (1)

frehe (6916) | more than 11 years ago | (#5745544)

Take a look at the Tiger [sectra.se] GSM phone from Sectra [sectra.se] .

Secure CDMA Phone (1, Informative)

Anonymous Coward | more than 11 years ago | (#5746520)

Check out the Qualcomm QSec-800 for a CDMA equivalent of the Siemens TopSec, although you might have to work for the government to get one for now anyway.

Motorola (3, Informative)

kruczkowski (160872) | more than 11 years ago | (#5746923)

I know that Motorola just released an addon to a off-the-slef phone that adds comsec.

From what I understand, phones with this devices are aproved by NSA for secret transmittions.

Doing a google seach I came up with this:

http://www.cellular.co.za/phones/generaldynamics /g eneral_dynamics_sectera_secure.htm

R+S does encryption, but also IMSI catcher (1)

DollyTheSheep (576243) | more than 11 years ago | (#5750745)

Rhode+Schwarz [rohde-schwarz.com] offers GSM mobiles with encryption and PCMCIA cards for GSM mobiles. Ironically, it manufactures also so-called IMSI catchers, which allows secret services and other "authorities" to intercept any GSM mobile.

By the way, GSM is encrypted by default, but the providers can switch that off at any time without notification

Try contacting this company (1)

Opusnbill7 (442087) | more than 11 years ago | (#5755307)

This company used to, and still does (I think) make good encryption add-ons for cell phones and radios. Don't know much about how to purchase them or what quals. you have to have to buy, but you certainly should give them a call to ask.

Try this company (1)

Opusnbill7 (442087) | more than 11 years ago | (#5755322)

This company used to (and still does I think) make encryption devices for cell phones and radios. I'm sure they'd be happy to tell you how to buy their products. :)
http://www.transcrypt.com/

practically speaking... (1)

Unominous Coward (651680) | more than 11 years ago | (#5758507)

...the only way to do it would be to manage it via a computer-like device connected to your phone and then use GPRS or somesuch to send the data through your mobile phone.

What about the other end, you say?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?