Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Encryption Handhelds Hardware

Encrypted Cell Phone Hits the Market 266

notshannon writes "Reuters reports about a new cell phone which automatically encrypts communications. Of course, the matching handset will decrypt the message. Security doesn't come cheap, around $4000 per pair, but it's probably as reliable as anyone in these parts could wish. Favorite quote: 'We allow everyone to check the security for themselves, because we're the only ones who publish the source code,' said Rop Gonggrijp at Amsterdam-based NAH6. Amusingly, the article cites government.nl and not nsa.gov as the world's most prolific phone tapper."
This discussion has been archived. No new comments can be posted.

Encrypted Cell Phone Hits the Market

Comments Filter:
  • by Anonymous Coward on Wednesday November 19, 2003 @02:25PM (#7512926)
    Rather than pay $4K to encrypt your phone calls, do what I do: don't have anything worth saying
    • Rather than pay $4K to encrypt your phone calls

      I have a better idea: let's attack the decryptor's business model. Talk, talk, talk (especially if you've got those free evenings and weekends). They'll have so much to listen to, they won't be able to sort out anything from the noise.

      Even better, use your time to call up spammers who are dumb enough to put 1-800 numbers in their mailings and chat them up for hours.
      • The "decryptors" don't have a "business model", they have a task to complete.

        I would say that Project ECHELON [aclu.org] is doing a pretty good job of filtering information. The entire purpose behind the project is to collect as much data as possible and filter through it using advanced AI systems. I don't think a few extra phone calls are going to bother them.
  • It really doesn't matter if they are $4000... so where the original motorola brick phones. Hopefully these will give other companies ideas on how to make them better/faster/cheaper.
  • by Fux the Penguin ( 724045 ) on Wednesday November 19, 2003 @02:26PM (#7512935) Journal
    Wow, $4,000 per pair? That seems awfully high, but I'd imagine there are many legitimate uses of such technology, that may interest people to shell out that much cash. For instance, credit card authorization, police communication, and drug trafficking come to mind. I work for the second-largest supplier of solid-gold cell phones and pagers, which are often used by celebrities and collectively engaged urban businessmen, and I could certainly see where many of our clients would have use for this kind of device.

    I am a little concerned, though, that this kind of technology might fall into the wrong hands. For instance, have the manufacturers considered the applications for which terrorists might use these? I hardly think that the NAH6 would like to see their products used to slaughter innocent Americans, or even Amsterdaminians. Encryption is certainly a worthwhile tool, but I think it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.

    Perhaps I would be more supportive of NAH6 if they were to provide a backdoor for the NSA [nsa.gov], FBI [fbi.gov], CBS [cbs.com] and the ALF [alf.org]. These organizations, then, could catch evil-doers in the act before they can inflict massive damage to our American way of life. Truly, the only way to secure our liberty is government supervision of the most invasive sort.
    • The price will eventually go down, give it time. But as for tapping, it does create a problem for the agencies that would want to listen in. They of course would not publish if there is a back door, and maybe all you need to listen is the software running on the listening device? That information would be highly secretive.

      I find it funny that the Netherlands tap more phones a year. I wonder if that is true or just because half of what agencies do over here is classified. There no oversight of how ma
    • Get real.

      Look.. law enforcement snoops on phones because they can, not because from day 1 it was required by law to let them. Yes, there are rules in the US and elsewhre that require companies to make it easier for law enforcement to snoop.. but still.

      Just because some form of communication exists does NOT mean you need to make it's contents available to the government upon request.
      You have the RIGHT to encrypt your communications, and keep them private, as do terrorists.

      I think maybe you are a troll, th
      • Get real.

        [Long, cogent answer to "what about terrorists" and assertion of the right to encrypt communications deleted.]

        I think maybe you are a troll, though.


        As I read it, the part about terrorists was obviously a subtle satire. Note the links to the four agencies he proposes should have a back door to let them tap phones and stage preemptive strikes (spoofing the original article's linking to, rather than naming, the NSA and the Netherlands government). The four agencies are:

        - NSA: The National Sec
    • Re:Responsibility (Score:5, Informative)

      by Brandybuck ( 704397 ) on Wednesday November 19, 2003 @03:15PM (#7513475) Homepage Journal
      it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.

      Some quotes from Phil Zimmerman, author of PGP (emphasis mine):

      Its personal. Its private.
      And its no ones business but yours. You may be planning a political campaign, discussing your taxes, or having a secret romance. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don't want your private electronic mail (email) or confidential documents read by anyone else. Theres nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.


      If you really are a law-abiding citizen with nothing to hide, then
      why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email?
    • I am a little concerned, though, that this kind of technology might fall into the wrong hands. For instance, have the manufacturers considered the applications for which terrorists might use these? I hardly think that the NAH6 would like to see their products used to slaughter innocent Americans...

      ..and the really bad thing? It took me way to long to figure out you were joking, I've been hearing far to much of that line of arguement for real lately. *sigh*

      Al.
    • For instance, have the manufacturers considered the applications for which terrorists might use these?

      Terrorists tend to use more secure methods, like meeting out in the middle of nowhere and talking face to face.

    • Re:Responsibility (Score:4, Informative)

      by wfberg ( 24378 ) on Wednesday November 19, 2003 @04:53PM (#7514556)

      I am a little concerned, though, that this kind of technology might fall into the wrong hands. For instance, have the manufacturers considered the applications for which terrorists might use these? I hardly think that the NAH6 would like to see their products used to slaughter innocent Americans, or even Amsterdaminians. Encryption is certainly a worthwhile tool, but I think it's far more likely to be exploited by the wicked than the virtuous, as it's the bad guys who've got something to hind.


      Real criminals have had access to, say, laptops connected to gsm phones that run speakfreely [speakfreely.org] or simply any voip product over-ssh/ipsec/pptp/whatever for years..

      Most importantly though, this cryptophone does nothing to conceal traffic data; i.e. "who's calling who". This information is not much use in corporate espionage, but worth its weight in gold in criminal investigations (and much easier to sort through than voice calls).
  • Props to NAH6... (Score:4, Interesting)

    by tcopeland ( 32225 ) * <tom@NoSPaM.thomasleecopeland.com> on Wednesday November 19, 2003 @02:26PM (#7512937) Homepage
    ....for doing a PGP extension [nah6.com] to Mailman [gnu.org].

    The patch file [nah6.com] alone is 56 KB... looks like they put in some effort on that one. Pretty cool.
  • by Anonymous Coward on Wednesday November 19, 2003 @02:26PM (#7512940)
    that will become " ? nac uoy reah em won"
    • is it just me, or couldn't this type of thing be done using current devices with an update to the unit'ss firmware. I mean, certainly if my Toshiba CMD-9500 has the horsepower to play the latest Eminem song as a ring tone then it can do some basic encryption of my text messages and voice conversations. I'm not talking about 1024bit NSA level security, I mean just enough to keep that kid with a frequency scanner from hearing my girlfriend talk dirty to me. Just a thought.
      • I was under the impression that if your phone is on a digital network then communication needs to at least be decoded, as it isn't a plain audio signal like a cordless POTS phone.
      • is it just me, or couldn't this type of thing be done using current devices with an update to the unit'ss firmware

        In GSM phones it's already being done in the tiny, tiny chipcard. But that encryption is only between handset and basestation (the main ISDN/POTS network is not encrypted), it's not particularly good (can be decrypted and tapped with a 100K machine - if not (much) cheaper), and of course the telco has the key (so, so does your government, among others).

        This is end-to-end using Diffie-Hellman
  • nah (Score:5, Funny)

    by Dreadlord ( 671979 ) on Wednesday November 19, 2003 @02:27PM (#7512945) Journal
    real /.ers don't use expensive encryption phones, they do the math themselves, and then encrypt signals by waving a magnet near the phone.
  • Limited Use? (Score:4, Insightful)

    by BadCable ( 721457 ) <kumareshb@yahoo.com> on Wednesday November 19, 2003 @02:27PM (#7512947) Journal
    Doesn't this seem of limited use?

    I mean if it only encrypts for other cellphones of it's type on it's network the usability is rather limited.

    You might as well use encrypted walkie talkies, it's not too different when you think about it.
    • Yeah, except for the whole goes across the [nation|world]-wide telephone network part.
    • Duuh.. perhaps your walkie talkie might not be able to reach quite as far as the global phone network ? At least without requiring a 20 metre tall antenna that would turn your ears bright pink when you made a call ?
    • You got to start somewhere. Odds are, the technology will advance to where you can connect to anyone, and then start encrypting the call assuming the other cell phone has some standard chip to do so.
      • Actually, we are there. GSM is encrypted and it does frequency-hopping. The only point where it is vulnerable is at the provider's site: and that's exactly where it is tapped :)
    • I don't think anyone with that in their signature should be allowed to get a +5 modded comment. Luckily I was able to close the window before more than top inch of the picture downloaded, but I almost had a great deal of embarrassed explaining to do to my wife...

      So, er... +1: tubgirl
      • What really doesn't make any sense to me is why, in a picture like that, is the vagina blurred out? Did the person who took the photo think it would be inappropriate to show it?
    • With a $4000 pricetag, something like this is only in the reach of drug dealers, terrorists, and other hardcore criminals.

      Dont let this prevent you from sleeping at night!

  • How's it work? (Score:3, Interesting)

    by calebtucker ( 691882 ) on Wednesday November 19, 2003 @02:27PM (#7512953) Journal
    So.. you buy a pair at a time and these phones can only talk to each other securely? Or is there some way to exhange keys?
    • The slashdot blurb makes it sound like private key encryption, but a quick look at the article and site suggest that it is actually public key encryption. Which makes sense in my opinion. Why would I only ever want to call one other phone (with the exception of a RED phone, heh)? I simply want to send my public key, receive his, and then chat on a secure line with whomever I choose.
  • Anyway, seriously, while I see the issue about cryptography preventing terrorists being phone tapped, i'm less than enthusiastic about them being able to tap just anyone.

    For that matter the ability of any kid with the right equipment to pick phone conversations out of the air, like that record that got released a few years back...
    • Funny, these not being available at the time didn't help catch the last batch...

      Nothing prevents people from meeting in parks or isolated areas and planning out a crime in private. If you send out a coded message it doesn't matter if it's encrypted or unencrypted, no one but your target party is going to understand what you're talking about.

      Outlawing crypto will not prevent crimes from taking place and it will not help law enforcement stop those crimes. It will just stop the use of cryptographic methods

  • by kavau ( 554682 ) on Wednesday November 19, 2003 @02:28PM (#7512964) Homepage
    Write to your congressman immediately, demanding that these phones become outlawed worldwide! They might be used by terrorists to plan attacks against Freedom and Civilization! Or, worse than that, they may be used for illegal file trading! A Good Citizen (TM) has nothing to hide, and will have no need for Evil (TM) tools like this.

    Oh yes, I'm being sarcastic...

  • Why not sooner? (Score:4, Insightful)

    by Orien ( 720204 ) on Wednesday November 19, 2003 @02:29PM (#7512970)
    Personally, I am flat-out amazed that this kind of thing hasn't taken off much sooner. There is a public outcry right now about "Privacy" and all kind of laws are being enacted to ensure consumer protection of personal information. So why isn't there a much higher demand from consumers for "Privacy" when it comes to data transmission and data storage? It's not like it's hard from a technology standpoint. Encrypted communications have been around since long before cellular phones. We just need more people asking for it to see this kind of thing standard in phones, bluetooth, 802.11, etc.
    • public outcry for privacy?
      what country are you living in?
      i look around my daily life and see most people having little concern with 'privacy', aside from something like id-theft. even then they just want 0 liability, not elimination of things that make id theft easy. get a capital one no hassel card!
    • The problem might lie in that digital cell communications are already encrypted by the telecoms themselves. The technoproles may not know that equals t-mobile can hear their conversations or they're content knowing that the kid down the street can't listen in to their calls.

      Not to mention, some people really just believe in unrestricted government wiretapping the "Ive got nothing to hide" attitude or are too apathetic to care.
  • More information (Score:5, Informative)

    by DerOle ( 520081 ) on Wednesday November 19, 2003 @02:29PM (#7512972) Homepage
    see this page [cryptophone.de] for further information (in English).
  • Available in U.S.? (Score:5, Interesting)

    by exhilaration ( 587191 ) on Wednesday November 19, 2003 @02:30PM (#7512988)
    Are these available in the U.S.? The last time encrypted cell phones made the news [usatoday.com] there were no plans of selling them in the U.S.
  • by burgburgburg ( 574866 ) <splisken06.email@com> on Wednesday November 19, 2003 @02:32PM (#7513011)
    The Microsoft-based XDA handheld computer phone made by Taiwan's High Tech Computer is selling for 3,499 euros ($4,121) per two handsets.

    Well, since Bill IS focusing so strongly on security, I feel comfortable relaying most personal, intimate, potentially volatile information over these phones.

    I also wear my Social Security number on a t-shirt, yell out the numbers of my PIN at ATMs and throw my credit cards at little children as if they were candy.

  • by sulli ( 195030 ) * on Wednesday November 19, 2003 @02:33PM (#7513020) Journal
    give me a break. [www.gov.cn]
  • NSA vs. the Dutch (Score:3, Interesting)

    by flabbergast ( 620919 ) on Wednesday November 19, 2003 @02:34PM (#7513035)
    " Security specialists in the Netherlands said the device could threaten criminal investigation by the Dutch police, which is one of the world's most active phone tappers, listening in to 12,000 phone numbers every year."

    The article states "one of the world's most active phone tappers" not "the world's most active phone tappers". The US had fairly stringent policies against phone tapping citizens (ie the police and FBI, not the NSA). I'm sure the NSA is not giving out statistics on how many wiretaps it does a year, but the NSA is (supposedly) forbidden from investigating within the US.

    Does anyone else find it weird that its collectively called "the Dutch police?" Are they referring to all local law officials or some national law enforcement agency? Just curious...
    • Re:NSA vs. the Dutch (Score:3, Interesting)

      by jefeweiss ( 628594 )

      They get around the prohibition on spying on citizens by hiring other governments, such as the Brits and Australians to do it for them. That's the big reason we gave them access to Eschelon to begin with.

      And Eschelon isn't used for anti-terrorism nearly as much as it is used for economic, and industrial espionage. So the target market for these phones might be trade commissions, corporations, and other groups that have business secrets the US government might want to pass along to companies they are frie

      • by mesocyclone ( 80188 ) on Wednesday November 19, 2003 @07:18PM (#7515967) Homepage Journal
        And your sources for this are?

        I often hear claims about nefarious activity by NSA, but considering the level of security, I am rather dubious of these claims because it leads to the question of how people broke NSA security enough to find out about this stuff.

        If you want industrial espionage, check the French. Air France was discovered to have bugged every seat in first class on every flight for the French security agency. Why first class? Industrial espionage seems an obvious reason, although again, how would you know.

        The government doesn't have time to spy on ordinary citizens. Unless it is doing a criminal investigation or a national security (i.e. counter-intelligence/counter-terrorism) case, it isn't going to pay attention to you.

        If the rumored key phrase sniffers are out there, then they no doubt have listened to a few of mine and lots of other conversations, just to be annoyed at the waste of time.

        Oh, and NSA is allowed to operate inside the US. It is the agency responsible for communications security for the US military, and as such monitors US military communications in the US in addition to providing secure systems.

        Many years ago, when I was a radio operator in P-3 Orions, another radio operator in my squadron sent a false MAYDAY as if he were a ship (not aircraft) in distress. A few days later he was in the brig. Can you say "signature analysis" and "broadband recorders"? This was in the late '60s, btw, so you can imagine what sort of technology was used to be able to go back to an arbitrary frequency, pull out the false MAYDAY, and subject it to signal analysis.

        The same technique is almost certainly how the KAL-007 shootdown was recorded. Basically, at least in the past and no doubt now, NSA records and archives a whole lot of spectrum in a whole lot of places.
  • by OctaneZ ( 73357 ) <ben-slashdot2NO@SPAMuma.litech.org> on Wednesday November 19, 2003 @02:35PM (#7513041) Journal
    can be found at CryptoPhone's Picture Page [cryptophone.de]

    looks like one of those phone/PDA's in one.
  • by melted ( 227442 ) on Wednesday November 19, 2003 @02:35PM (#7513048) Homepage
    FSB, formerly known as KGB. On numerous occasions they've ordered the Russian phone companies to turn off even the weak GSM encryption and wiretapped whoever they wanted. They also release "proslushki" (wiretaps) of some politicians talking on the phone on some "independent" web sites almost weekly. BTW, in Russia they don't need the warrant issued by a court to do this. Basically every god damn cop can wiretap whoever he wants if he has the gear. Too bad the use of cryptography (except for the government-approved algorithms) is not allowed in Russia.
    • while I agree with the rest of what you say, this part:
      Too bad the use of cryptography (except for the government-approved algorithms) is not allowed in Russia.

      sounds like total BS to me. To the best of my knowledge, it has never been outlawed (in fact, I believe cryptography hasn't beed specifically addressed in any laws), and, even if it were, it is most certainly not enforced. And, as we know, a non-enforceable law is as good as no law at all.
      • You can only use GOST and several other government approved encryption schemes/algorithms. That's it. And if they catch you with this phone you'll be in prison. If they can't wiretap you using SORM (Sistema Operativno Rozysknikh Meropriyatii - Operative Investigation System) you're against them, and if you're against them, you're in trouble.
    • by burgburgburg ( 574866 ) <splisken06.email@com> on Wednesday November 19, 2003 @03:33PM (#7513672)
      As discussed here [janes.com], the KGB was split into two organizations: the domestic security service, the Federalnaya Sluzba Bezopastnosti (Federal Security Bureau or FSB) and the civilian intelligence service, Sluzba Vneshnei Razvedka (SVR).

  • Secure cellular phones have been available for years. They just don't sell them to the rabble. See this QUALCOMM web page [qualcomm.com] for an example.

    I'm waiting for VOIP to become ubiquitous. Then there will be no carrier or FCC type acceptance to stand in the way of encryption.

  • Uh oh (Score:3, Funny)

    by Gogl ( 125883 ) on Wednesday November 19, 2003 @02:39PM (#7513087) Journal
    I think we slashdotted the entire government of the Netherlands.
    • I think we slashdotted the entire government of the Netherlands.
      So that's what that smell of molten circuitry was. Go on, we won't miss 'em!
  • It wasn't clear to me if these phones were simply hardwired pairs, which would mean if you lost a phone that your security would be compromised.

    If each phone saved a cache of public keys from potential correspondents, and the user needed to key-in a private key to authenticate, then it would be more intersting.

    Lastly, there should be a stegospeech option where the encrypted channel overlays some uninteresting drivel conversation (you know, the kind of conversation that occupies 90% of cellphone bandwidth

  • by burgburgburg ( 574866 ) <splisken06.email@com> on Wednesday November 19, 2003 @02:44PM (#7513147)
    From their FAQ [cryptophone.de]

    I noticed that your CryptoPhone is based on Windows CE / PocketPC. Isn't this a security risk?

    The current version of the CryptoPhone runs on top of a heavily modified and stripped down Microsoft PocketPC2002 ROM. The reason is that we wanted an affordable and well researched platform that offered sufficient performance for the speech encoding and crypto functions.A Pocket PC based system was chosen as the first platform for CryptoPhone because it was the only sufficiently fast device allowed us to do software integrity protection in ROM and the stripping of unnecessary functions.

    The only commercially available alternative at the time of the necessary development decision was Symbian. Symbian is even more closed source (Windows CE is open source for developers in most parts) and was available only on a more expensive hardware platform. There was (and still is) no viable mass-market Embedded Linux based hardware with sufficient performance, stability, hardware integration and availability on the market at decision time, so we were not able to pursue this alternative.

    We are aware that there are risks associated with using any Windows platform and we have taken a number of measures to mitigate these risks as best we could. We removed applications, communication stacks and system parts that are unnecessary for the CryptoPhone operation and which may cause potential security problems. You should not install third party software on the CryptoPhone to prevent software based attacks on the firmware integrity. The firmware update mechanism is cryptographically secured.

    • Interesting. They are misusing the term "open source," though. Open source doesn't just mean you get to look at the source code, although that is valuable.

      By the open source definition [opensource.org], you can't have such a thing as "open source for developers." An open source license must not discriminate against fields of endeavor.

    • If it runs on Pocketpc, why can't they just make an app that will run on all softphones? Its trivial to intercept the mic and speaker calls and route them through an encryption/decryption routine. Hell, you could use bluetooth for it and just make a headset profile that handles the encryption/decryption. Then you could use your PDA as a handset for your bluetooth enabled phone, with encryption over the public network segment. The PAN would be encrypted as well.
  • *yawn* so what? (Score:3, Insightful)

    by Not_Wiggins ( 686627 ) on Wednesday November 19, 2003 @02:45PM (#7513159) Journal
    First, cell-phone encryption has AT LEAST been available (weak or otherwise) in GSM since 1990. Sure, it is crackable, but it takes hours to do... making it impractical for eavesdropping on a conversation in real-time.

    Ok... let's say you're not happy with the encryption. This product will have use in every part of the world *except* the US because, I believe, encrypted voice transmission is illegal. Heck, there have even been home cordless phones available for years that would encrypt only between the handset and the base station... and you're not allowed to have them in the US for that same restriction.

    So... either you're going to spend a lot of money to gain encrypted communication that you could more cheaply acquire with other technologies, or you won't be allowed to use it (in the US) without giving the government a backdoor to listen in. For $4K? Forget it.
    • Encryption (Score:4, Informative)

      by Detritus ( 11846 ) on Wednesday November 19, 2003 @03:13PM (#7513446) Homepage
      Encryption isn't illegal, except for a few limited cases, like amateur radio. The government is more subtle than that. If you are doing something that needs a FCC license, type acceptance or other government paperwork, your paperwork will be approved much more quickly if you have a "cooperative attitude".
    • Sure, it is crackable, but it takes hours to do... making it impractical for eavesdropping on a conversation in real-time.

      Actually, A5/1 and A5/2 (the GSM algorithms) can be cracked in real-time.
  • What about GSM? (Score:3, Insightful)

    by TwistedGreen ( 80055 ) on Wednesday November 19, 2003 @02:46PM (#7513181)
    Wasn't GSM supposed to be encrypted as well, but the algorithm was found to be extremely trivial to crack?

    How long until that happens with these technologies? I'd hope a long time, for $4000/pair.
  • Yeah, selling drugs has never been easier or more secure!
  • Cryptophone.de [cryptophone.de]

    It's actually a division of a privately held German company called GSMK.
  • Each month sees more and more Palm / PocketPC / Phones on the market. Why not just write an app for one of these that encrypts and decrypts and sends the stream as data or VoIP?
  • this is a market that will die quite fast quite soon(in few years) because then it's just a matter of getting the right software for the phone(heck, it already boils pretty much down to that).

  • by whois ( 27479 ) on Wednesday November 19, 2003 @03:05PM (#7513358) Homepage
    Nobody verifys keys for webpages, email or ssh right now. How many times have you seen "HOST KEY HAS CHANGED" or "host key not found" and typed "yes" anyway?

    The good news is that if people really understood crypto, key exchange would be easy. You meet in person, establish a bluetooth link, swap public keys and verify fingerprints.

    The bad news is that nobody will do this, or the phone won't support it (article didn't say how key exchange happens)

    So when Joe calls and it says "incoming encrypted call" are you going to answer it because you know and like Joe, even though you've never exchanged keys with him?

    Key exchange can't be done through a trusted third party (except the company you work for) because there is no trusted third party. Even if you trust Bob, and he trusts Mary, you don't know where their dirty phones have been.

    If your work is the trusted third party, they'll probably hold copies of your private keys so calls can be monitored later if needed. (Hopefully the phone ethier allows you to generate a new key whenever you want, or doesn't allow exporting of it's private key. Hopefully both)

    Don't get me wrong, I want one. Real bad, but not $4k bad, not to test out someones (probably flawed) cryptosystem.

    Even if they understand crypto and got it right, the user still has to understand it to make it all work.

    If I had about 10 of these I'd give one to each of my friends and make sure they only accept encrypted calls from known keys. I'd also make the screen light up in red or green or something to show it's an encrypted call.

    Then we could talk about Joe behind his back, with no chance of interception from governments.

    So yeah, anyone got a real use for these?
    • Nobody verifys keys for webpages, email or ssh right now. How many times have you seen "HOST KEY HAS CHANGED" or "host key not found" and typed "yes" anyway?

      Nobody? Maybe the people who don't care. I use SSH for a reason. I never thought that someone would try to do anything malicious until a week ago. A week ago, someone in my dorm tookover my i.p. and had a sshd running. I was connecting to it from another computer in the same building, and I got PuTTy's friendly warning about the host key changing. Wha
  • by MongooseCN ( 139203 ) on Wednesday November 19, 2003 @03:05PM (#7513360) Homepage
    Of course, the matching handset will decrypt the message.

    As opposed to those phones where the matching handset doesn't decrypt the message. Too bad the market for those isn't larger. I have quit a few algorithms that can encrypt voice into something that can never be decrypted.
  • yea... but they really mean drug dealers, terrorists, etc.
    Don't get me wrong, I think personal privacy is very
    important (for individuals as well as 'executives'), however
    I think this technology is just begging to be abused.

    just my 2 cents...
  • This technology has been around for years. Motorola, for example, has made phones with native encryption capabilities built in, and plug-on encryption modules for normal phones [motorola.com]. This goes back all the way to encryption modules for the original "brick" phones. While marketed towards the federal market, all but the highest (STU-III capable, I think the standard is) have been available to anyone who wants to buy them.
  • Steganography (Score:3, Interesting)

    by Cee ( 22717 ) on Wednesday November 19, 2003 @03:21PM (#7513535)
    Now imagine a steganography-capable cell phone! The wire-tapping people wouldn't even know the call is encrypted and just hear a totally different conversation.
    (And yes - if someone tries to patent this, this counts as prior art)
  • by freeze128 ( 544774 ) on Wednesday November 19, 2003 @03:24PM (#7513564)
    "I'm using the SCRAMBLER..."
  • Scene: A youngish, slightly geeky guy wandering with his cell phone. Enters from the right.

    guy: "can you hear me now?"
    phone: "!@$(U*HAa9810"
    guy: "... good?"
  • They're not necessary. As any Tom Clancy fan knows proper tradecraft can provide more than adequate privacy. So you can outlaw this for business folks but it won't stop Mr. Terrorist.

    Mr. Terrorist gets a cell phone with the number 555-222-2048. He knows it could be tapped. But one day he gets a call and the person says "Oh...I was looking for 555-222-2084." "Sorry, you have a wrong number." Of course that's a pre-arranged signal, with the 2084 being agreed upon in advance.

    Yes, encrypted cell phones c
  • by wcbarksdale ( 621327 ) on Wednesday November 19, 2003 @04:00PM (#7513950)
    HI HONEY. YEAH, I'M IN THE MOVIE THEATER NOW. OH, I'M FINE, THE HERPES HASN'T BEEN ACTING UP LATELY. YOU WANT ME TO PICK UP SOME CONDOMS ON THE WAY HOME? SURE THING. OK, SEE YOU THEN. HEY, IT'S A GOOD THING WE GOT THE ENCRYPTED CELL PHONE, WOULDN'T WANT ANYONE LISTENING IN.

    (lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance, lameness filter avoidance)

  • PGPFone. (Score:3, Informative)

    by caluml ( 551744 ) <slashdotNO@SPAMspamgoeshere.calum.org> on Wednesday November 19, 2003 @04:47PM (#7514495) Homepage
    You can download PGPFone for free [pgpi.org] or do what I did involving cat'ing dsp through the stdin of gpg, and into netcat, and the reverse at the other end. Can't remember the exact switches - man gpg, and man nc.
  • Looking over the site, I found this where I was expecting to download the source:

    "We are currently performing a internal round of reviews with a expert group of security researchers and cryptographers. Depending on the results of this review and the time it takes us to implement the relevant recommendations, our current plan is to have the Source available for Download"

    So it sounds like they plan to publish the source if no flaws are found, else they will not i.e. security though obscurity :(

    Incidentally
  • Swedish company Sectra [sectra.se] released their secure GSM phone named Tiger in October 1999. This phone was in use by the Swedish military before that, too. And you don't need some shoddy Windows implementation for the encryption.
  • Ok, so there's several questions about this.

    First, if you read their FAQ, they state embedded linux doesn't exist - yes it does, STFW.

    Second, yes - it's cool, but this has been available [spylife.com] for a while, at a comparable price.

    Blah.
  • Wouldn't this be trivial to implement? Imagine a very simple (closed) system consisting of cell phones on a standard digital network. You and a friend could decide to share a 'key' (which you manually type in to your phones, and associate with the other persons number). When you dial each other, your phones (recognizing which phone, by it's number, is on the other end), automatically applies some private-key non-expansive encryption algorithm to the compressed audio.

    I have no idea of the data format or
  • Gongrijp (Score:3, Interesting)

    by groomed ( 202061 ) on Wednesday November 19, 2003 @11:36PM (#7517469)
    Gongrijp knows what he's talking about. He was one of the founders of Hacktic magazine [hacktic.nl], a "magazine for techno-anarchists" that was published from 1989 till 1994. Hacktic publications included schematics for pay television descramblers, detailed expositions of operating system vulnerabilities, articles on "social engineering" (I think they might even have coined the phrase), and numerous topics on hacking the phone company ("phreaking") and war dialing.

    These guys have also organized some huge hacker conferences such as Hacking at the End of the Universe [well.com] in 1993 and Hacking In Progress [hip97.nl] in 1997 (I was there in '97). Later Hacktic professionalized and they became the first ISP in the Netherlands. Still later that turned into XS4ALL [xs4all.nl], probably the best ISP in the Netherlands.

    Through everything, Gongrijp ("Public Enemy #1") was a driving force. If he says the phone is secure, then that's a pretty damn strong endorsement.

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...