-
Website
http://www.mobileindustryreview.com/ -
Original page
http://www.smstextnews.com/2008/05/cellcrypt_is_truphone_for_james_bond.html -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
All Comments
Squidgygate?
The only reason modern mobile works *at all* is that it's already encrypted - by one of the heaviest algorithims known to mankind.
With up to 6-way soft handoff at once, your call is simultaneously going over many different radio code channels, using different codes, to different cellsites. Oh, along with the hundreds of other simultaneous calls. 3G mobile is - literally - way more complicated than rocket science.
Adding yet more encryption to an already encrypted service is a solution looking for a problem (and, er, a pile of cash too.)
If I wanted to know what you were talking about, i'd just video you and find a lipreader to interpret. Or bug you. Or use one of them bionic ear thingys.
Next.
/m
http://radar.oreilly.com/archives/2008/04/crack...
http://www.blackhat.com/presentations/bh-dc-08/...
Having said that, if the Police or Security Service get a warrant (or not in the US) they can tap your call at the exchange. End-to-End encryption is useful in that scenario.
Where do I sign? ;-)
Note the business is run by a salesman. Surprise.
...Anyway, how long has it taken for this to eventuate? GSM has been around for 15 years, and they are only just making it (apparently) within the grasp of a moderately well-heeled, tech-savvy criminal to break, assuming it all works perfectly (note that if you are moving at the time, frequency hopping and cell handoff will require a re-lock onto your call etc etc etc).
Within a few years most calls will be on 3G / LTE, which has far tougher levels of encryption and synchronisation required just to work in the first place.
I'm not loosing any sleep over this one. If The Man wants to get you, he just slips something into your Sushi, or pushes your wheelchair off the cruiseliner, or arranges some Paparazzi to...er...oh, never mind. it's getting all a bit The Express around here ;-)
It's going to need some serious inspection by the powers that be (CESG in the UK, NIST in the US) to allow any kind of government / law enforcement sensitive information to be discussed over it and being internet-based won't help any... Look at RIM's huge list and imagine the investment that took! http://na.blackberry.com/eng/ataglance/security...
I am one of the founders of the company. The focus of Cellcrypt is to provide end-to-end security for packet switched voice (VOIP) as opposed to using unsecured circuit switched voice, the mobile client being only one of the products we are developing. The assumption is that your corporate traffic outside your perimeter is already secured but voice calls are not and we are closing this gap.
For personal use I would compare it to http/https, where most of your traffic is in clear and you are not terribly concerned about it, but when you use your online banking you have an expectation that the transaction will be encrypted end-to-end.
We are not just trying to secure the current infrastructure but provide the tools to have secure calls where it will all have migrated to a fully IP world.
Hope this gives more clarity.
Rodolfo
So, for a mobile-to-mobile call, you agree that the air interface is encrypted. That leaves the horrifically insecure bit in between, consisting of, er, the MNO's Node B-RNC-MSC and interconnection circuits. Which, because they are required to be used for legal intercept, have to meet some pretty darn tasty security standards.
Why, just last week I attached a pair of dogclips to the Voda-O2 link and listened in to a few cabinet ministers bagging some Scottish bloke.
If you can show me a feasible way to hack a mobile-to-mobile 3G call (without being the NSA or MI6) I'll buy you lunch. Anywhere.
As for mobile-to-landline calls, yup, you could easily dig up someone's front yard, clip onto the wires and listen away. But that's not your product AFAIK.
No government worth its comsec salt will touch this. There are sooooo many potential gaps in the implimentation it's not funny. Truly secure comms is done over TEMPEST-certified gear, using cyphers that go a tad beyond what's on offer here.
Oh, and 3G VoIP has zero QoS. Good luck there convincing corporates to adopt en mass. How many CEO's use Fring eh?
Likely purchaser: An uber-paranoid CTO with James Bond delusions and visions of his secretary swooning over his encrypted E61 (not even an E61i).
(Sorry to be all negative, but 10yrs 2G/3G RF engineering + 5yrs military RF/cypher engineering = sceptical Mike42)
01101000 01100001 01100011 01101011 00100000 01101101 01100101 00101100 00100000 01100010 01100001 01100010 01111001 00100001
But otherwise Mike42 is spot on.
There may be some places in the world where access to the points of interconnection may be less controlled, but wouldn't any normal VOIP system prevent this anyway?
and military listening posts around the world, Mike...
They'll all be Twittering about it on Spyku. Maybe pop over to GCHQ's FB page....
I would not trust it.