How the Greek cellphone network was tapped.

[John Ioannidis]

silvio wrote:

> Aren't run-of-the-mill cellphones these days powerful enough to use
> available software like OpenSSL to encrypt voice/datastreams?
> Again...what are the options for end-to-end cell encryption right now?

Mobile phones have had spare cycles for doing strong crypto for a very 
long time. There are two classes of reasons why this is not happening 
and is (unfortunately) never going to happen:

1. Practically no users ask for it, so the handset vendors prefer to 
use development resources to build even more flashy features, rather 
than allocate resources to developing E2E security. No user would ever 
brag about how secure their phone is, but they would brag about how they 
can play video games or take pictures or whatever, or how small it is.

2. E2E crypto on mobiles would require cross-vendor support, which would 
mean that it would have to go into the standard.  Unfortunately, 
standards in the mobile world are heavily influenced by governmnets, and 
the four horsemen of the apocalypse (drug dealers, paedophiles, spies, 
and terrorists) are still being used by government types to nix any 
attempts at crypto they can't break or intercept.

Unfortunately, it's not so easy to roll your own on top of a 3G-enabled 
smartphone. The "broadband" channel does not have the tight jitter and 
throughput guarantees that voice needs, and some providers (Verizon in 
the USA for example) consider running voice traffic over their 
"broadband" network a violation of the usage agreement (no need to blame 
the government for that, their own greed is adequate explanation). 
There are lots of other technical and human-factors issues that have 
been covered to great extent in this and other fora.

/ji

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com