Cryptophone locks out snoopers

Ian Grigg iang at systemics.com
Tue Nov 25 14:19:48 EST 2003


(link is very slow:)
http://theregister.co.uk/content/68/34096.html


Cryptophone locks out snoopers 
By electricnews.net
Posted: 20/11/2003 at 10:16 GMT


A German firm has launched a GSM mobile phone that
promises strong end-to-end encryption on calls,
preventing the possibility of anybody listening in. 

If you think that you'll soon be seeing this on the shelves
of your local mobile phone shop though, think again. For
a start, the Cryptophone sells for EUR1,799 per handset,
which puts it out of the reach of most buyers. Second,
the phone's maker, Berlin-based GSMK, say the phone
will not be sold off the shelf because of the measures
needed to ensure that the product received by the
customer is untampered with and secure. Buyers must
buy the phone direct from GSMK. 

According to GSMK, the new phone is designed to
counteract known measures used to intercept mobile
phone calls. While GSM networks are far more secure
than their analogue predecessors, there are ways and
means to circumvent security measures. 

The encryption in GSM is only used to protect the call
while it is in the air between the GSM base station and
the phone. During its entire route through the telephone
network, which may include other wireless links, the call
is not protected by encryption. Encryption on the GSM
network can also be broken. The equipment needed to do
this is extremely expensive and is said to be only
available to law enforcement agencies, but it has be
known to fall into the hands of criminal organisations. 

The Cryptophone is a very familiar-looking device, since
it is based around the same HTC smartphone that O2
used as its original XDA platform. The phone runs on a
heavily modified version of Microsoft Pocket PC 2002. 

GSMK says it is the only manufacturer of such devices
that has its source code publicly available for review. It
says this will prove that there are no back-doors in the
software, thus allaying the fears of the
security-conscious. Publication of the source code
doesn't compromise the phone's security, according to
GSMK. The Cryptophone is engineered in such a way
that the encryption key is only stored in the phone for the
duration of the call and securely erased immediately
afterwards. 

One drawback of the device is that it requires the
recipient of calls to also use a Cryptophone to ensure
security. GSMK does sell the device in pairs, but also
offers a free software download that allows any PC with
a modem to be used as a Cryptophone. 

GSMK says that the Cryptophone comples with German
and EU export law. This means the device can be sold
freely within the EU and a number of other states such
as the US, Japan and Australia. It cannot be sold to
customers within Afghanistan, Syria, Iraq, Iran, Libya
and North Korea. A number of other states are subject
to tight export controls and a special licence will have to
be obtained. 

© ElectricNews.Net

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list