DISQUS

DISQUS Hello! Mobile Industry Review is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

Mobile Industry Review

Daily news and opinion for 250,000 industry executives and mobile fanatics
Jump to original thread »
Author

Cellcrypt is Truphone for James Bond

Started by Ewan · 1 year ago

I caught a piece in today’s Guardian about Cellcrypt. Now, before you do anything and assuming you haven’t come across the company before, what do you think they do?

Encrypt your mobile calls? Aye. You’re right!

I immediately started thinking of special black-boxes taped to mobile handsets, but no, that’s not their service at [...] ... Continue reading »

17 comments

  • Mike42

    1 year ago

    Hmmmm....when was the last time you read a story about someone's mobile being evesdropped on?

    Squidgygate?

    The only reason modern mobile works *at all* is that it's already encrypted - by one of the heaviest algorithims known to mankind.

    With up to 6-way soft handoff at once, your call is simultaneously going over many different radio code channels, using different codes, to different cellsites. Oh, along with the hundreds of other simultaneous calls. 3G mobile is - literally - way more complicated than rocket science.

    Adding yet more encryption to an already encrypted service is a solution looking for a problem (and, er, a pile of cash too.)

    If I wanted to know what you were talking about, i'd just video you and find a lipreader to interpret. Or bug you. Or use one of them bionic ear thingys.

    Next.

    /m
    reply
  • Ewan

    1 year ago

    Excellent perspective Mike
    reply
  • TerenceEden

    1 year ago

    It probably is easier to eavesdrop on someone, but GSM is far from uncrackable
    http://radar.oreilly.com/archives/2008/04/crack...
    http://www.blackhat.com/presentations/bh-dc-08/...

    Having said that, if the Police or Security Service get a warrant (or not in the US) they can tap your call at the exchange. End-to-End encryption is useful in that scenario.
    reply
  • Mike42

    1 year ago

    Hmmm....so their business model is: please give us money to develop a service we can only sell to those wishing to avoid the legitimate, court-order backed attentions of the police or security services.

    Where do I sign? ;-)

    Note the business is run by a salesman. Surprise.

    ...Anyway, how long has it taken for this to eventuate? GSM has been around for 15 years, and they are only just making it (apparently) within the grasp of a moderately well-heeled, tech-savvy criminal to break, assuming it all works perfectly (note that if you are moving at the time, frequency hopping and cell handoff will require a re-lock onto your call etc etc etc).

    Within a few years most calls will be on 3G / LTE, which has far tougher levels of encryption and synchronisation required just to work in the first place.

    I'm not loosing any sleep over this one. If The Man wants to get you, he just slips something into your Sushi, or pushes your wheelchair off the cruiseliner, or arranges some Paparazzi to...er...oh, never mind. it's getting all a bit The Express around here ;-)
    reply
  • Ewan

    1 year ago

    Heh have you got any Princess Di rumours as well, Mike?
    reply
  • Mike42

    1 year ago

    The crash happened when Dodi tried to wrestle the chauffer's RAZR away from him...
    reply
  • Rodolfo Rosini

    1 year ago

    3G/LTE only encrypts the radio traffic (i.e. between handset and base station) and nothing else
    reply
  • Ben Smith

    1 year ago

    Agreed - the only value I can see here would be caller authentication where by the certificate exchange gives confidence over who is calling / being called (as long as you trust control of physical access to the devices by other means such as tokens / PIN codes).

    It's going to need some serious inspection by the powers that be (CESG in the UK, NIST in the US) to allow any kind of government / law enforcement sensitive information to be discussed over it and being internet-based won't help any... Look at RIM's huge list and imagine the investment that took! http://na.blackberry.com/eng/ataglance/security...
    reply
  • None

    1 year ago

    reply
  • Rodolfo Rosini

    1 year ago

    Hi,

    I am one of the founders of the company. The focus of Cellcrypt is to provide end-to-end security for packet switched voice (VOIP) as opposed to using unsecured circuit switched voice, the mobile client being only one of the products we are developing. The assumption is that your corporate traffic outside your perimeter is already secured but voice calls are not and we are closing this gap.

    For personal use I would compare it to http/https, where most of your traffic is in clear and you are not terribly concerned about it, but when you use your online banking you have an expectation that the transaction will be encrypted end-to-end.

    We are not just trying to secure the current infrastructure but provide the tools to have secure calls where it will all have migrated to a fully IP world.

    Hope this gives more clarity.

    Rodolfo
    reply
  • Ewan

    1 year ago

    Thanks for taking the time to contribute, Rodolfo!
    reply
  • Mike42

    1 year ago

    Hmmm...'Unsecured circuit-switched voice'.

    So, for a mobile-to-mobile call, you agree that the air interface is encrypted. That leaves the horrifically insecure bit in between, consisting of, er, the MNO's Node B-RNC-MSC and interconnection circuits. Which, because they are required to be used for legal intercept, have to meet some pretty darn tasty security standards.

    Why, just last week I attached a pair of dogclips to the Voda-O2 link and listened in to a few cabinet ministers bagging some Scottish bloke.

    If you can show me a feasible way to hack a mobile-to-mobile 3G call (without being the NSA or MI6) I'll buy you lunch. Anywhere.

    As for mobile-to-landline calls, yup, you could easily dig up someone's front yard, clip onto the wires and listen away. But that's not your product AFAIK.

    No government worth its comsec salt will touch this. There are sooooo many potential gaps in the implimentation it's not funny. Truly secure comms is done over TEMPEST-certified gear, using cyphers that go a tad beyond what's on offer here.

    Oh, and 3G VoIP has zero QoS. Good luck there convincing corporates to adopt en mass. How many CEO's use Fring eh?

    Likely purchaser: An uber-paranoid CTO with James Bond delusions and visions of his secretary swooning over his encrypted E61 (not even an E61i).

    (Sorry to be all negative, but 10yrs 2G/3G RF engineering + 5yrs military RF/cypher engineering = sceptical Mike42)


    01101000 01100001 01100011 01101011 00100000 01101101 01100101 00101100 00100000 01100010 01100001 01100010 01111001 00100001
    reply
  • Ben Smith

    1 year ago

    <pedant>It's GCHQ that do SIGINT (http://en.wikipedia.org/wiki/Sigint) not MI6</pedant>

    But otherwise Mike42 is spot on.

    There may be some places in the world where access to the points of interconnection may be less controlled, but wouldn't any normal VOIP system prevent this anyway?
    reply
  • Ewan

    1 year ago

    Goodness knows how many alarms your post has triggered at various Government
    and military listening posts around the world, Mike...
    reply
  • Mike42

    1 year ago

    James Whatley (or is that Bond...) will be first against the wall when the mobile espionage revolution comes. Anyone that connected is plainly up to no good.

    They'll all be Twittering about it on Spyku. Maybe pop over to GCHQ's FB page....
    reply
  • Coco

    11 months ago

    It says "while ... it gains security clearance from the UK and US authorities". You can bet Cellcrypt won't get this clearance until they have agreed to installa special backdoor for the NSA to eavesdrop on our calls.
    I would not trust it.
    reply
  • Coco

    11 months ago

    Why not simply use Truphone with an https connection ?
    reply

Add New Comment

Returning? Login