Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Cellphones Privacy

CryptoPhone Sales Jump To 100,000+, Even at $3500 68

An anonymous reader writes "Since Edward Snowden started making NSA files public last year, GSMK has seen a jump in sales. There are more than 100,000 CryptoPhones in use today. How secure they really are will be determined in the future. But I'm sure that some government agencies, not just in the U.S., are very interested in getting a list of users." For the price the company's charging for a modified Galaxy S3, it had better be as secure as they claim; otherwise, the free and open source RedPhone from Moxie Marlinspike's Whisper Systems seems like something to think about first.
This discussion has been archived. No new comments can be posted.

CryptoPhone Sales Jump To 100,000+, Even at $3500

Comments Filter:
  • Pull the other one... A phone has more than one chip in it.

    • by AmiMoJo ( 196126 ) *

      Are you aware that not every chip in a phone has full access to everything and can be used for spying?

      • by fustakrakich ( 1673220 ) on Saturday April 05, 2014 @01:12PM (#46671029) Journal

        I how you are aware that it doesn't matter. Back doors are simply mandated into the service, possibly, or probably, by secret law, or it is declared illegal for use. Read the contract. Unless it specifically says the company will never, under any circumstances comply with a government order to open up its communications, then the service should not be considered secure. And even then, you still have to trust them. That is living a fantasy in today's world.

        • by AmiMoJo ( 196126 ) *

          Um... Are you replying to the right person?

      • hope... not how... hope

        Thank you in advanced

  • $3500 is a lot to spend on software
    • Re:'Modified' (Score:4, Interesting)

      by fuzzyfuzzyfungus ( 1223518 ) on Saturday April 05, 2014 @12:53PM (#46670895) Journal

      $3500 is a lot to spend on software

      $350 million (not counting the cost of the S3s or whatever is included in the '2 years of service') to harden one of the mobile tracking and advertising OSes into something actually secure probably isn't wildly out of the ballpark (and probably far less than a proper actually-verified-with-proofs-and-stuff Secure System OS of that complexity).

      On the other hand, I would be shocked, shocked to hear that their security claims are...inflated... and there's a good deal of profit margin in there.

      • And why is this a better idea than simply building a simple secure phone?
        • Probably so that people can use the Android compatibility to load it up with privacy compromising shit. Real answer? I have no reason to think that it is, except possibly for the outfit undertaking it, who can take advantage of the fact that getting phones that are ready to run basically any Android you want, off the shelf, in quantities starting at one, is cheap and easy, while other approaches are likely to be at very least more difficult (the state of graphics drivers, say, for non-Android graphics syste
          • If I were to design a secure communicator, I'd personally start with Forth on some nice 32b MCU. But that's just me, I'm weird.
            • Do 32bit micros have enough punch for handling a TLS-ed SIP call or the like these days? I must admit I have only the vaguest sense of their capabilities, though they would otherwise be perfectly capable of handling audio in/out, enough screen, keypad, serial link to cell modem (at least some of which still rock a very, very, extended Hayes command set, after all this time...)
  • by Gerald ( 9696 ) on Saturday April 05, 2014 @12:33PM (#46670775) Homepage

    ...Blackphone [blackphone.ch]?

    • by Tanaka ( 37812 )

      Ha ha... the Blackphone is a company with a US presence. How do we know this phone hasn't already been NSA 'approved'?

      • by Anonymous Coward

        How do you know the cryptophone hasn't? Unless they're 100% open source hardware and software, there's no way to know how secure they are.

      • /shrug/ How do you claim to know anything at all?

      • by Gerald ( 9696 )

        How do we know this phone hasn't already been NSA 'approved'?

        We don't, at least not with 100% certainty. I would think this applies to products from companies based outside the U.S. as well [nytimes.com]. Foreign intelligence is the NSA's primary mission, after all.

        However, given that Blackphone was founded by a team from Silent Circle and Geeksphone chances are pretty good that the product works as advertised.

      • If the export requires an export license, then you can be sure that: a) The NSA will modify it before it gets to the user or b) It is so bad that the NSA can't be bothered to modify it.

    • Slashdot seems to be asleep when it comes to new security products, especially when its a Phil Zimmerman venture and the phone only costs about what an iPhone does.

  • by Opportunist ( 166417 ) on Saturday April 05, 2014 @12:36PM (#46670795)

    Then rest assured that governments know how to get into them. Else we'd have seen some kind of harebrained reason why these phones can no longer be bought and used.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Then rest assured that governments know how to get into them. Else we'd have seen some kind of harebrained reason why these phones can no longer be bought and used.

      They just need to track who communicates with whom. The content is not relevant.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Then rest assured that governments know how to get into them. Else we'd have seen some kind of harebrained reason why these phones can no longer be bought and used.

      I don't quite follow the reasoning going from sentence 1 to conclusion at 2. Germany is not really cowboy land. The very reason it is based in Germany is because of the privacy laws there. It's actually illegal for them to build in a backdoor. Merkel should buy one :)

      When the cryptophone was at its first version, the first thing they did was to organise a hackaton for hacker friends to try to find bugs. At that time everyone could just download the software themselves, and it still is available for revie

  • At least it's not from a US company. There is another phone like this, and it's from a US based company. And I'm thinking... yeah right, NSA honey trap.

    We need secure software. We cant trust hardware at all, unless it's for a single purpose, with a verifiable protocol. The Bitcoin community are coming up with some great solutions, which will help.

    • At least it's not from a US company. There is another phone like this, and it's from a US based company. And I'm thinking... yeah right, NSA honey trap.

      We need secure software. We cant trust hardware at all, unless it's for a single purpose, with a verifiable protocol. The Bitcoin community are coming up with some great solutions, which will help.

      It's an obvious strategy for a Honey Trap. What's not so obvious is whose Honey Trap it might be. Maybe it's the NSA, but it could just as easily be Russia's SVR or Israel's Mossad or China's MSS.

    • You deal realize that the GSM crypto was intentionality weakened at the request of EU intelligence services. The NSA had no role in making it weak.

    • by Anonymous Coward

      How do you know the German company isn't a honeytrap?

  • by Anonymous Coward

    I've said it before on the topic and I'll say it again. One word: Honeypot.

    I laugh hysterically at people who fork over thousands of dollars to admit they have something to hide and lead the watchers right to them.

  • It would be naïve to think that with all of the massive crytographic resources at their disposal, the NSA can't hack into this phone's communications at the push of a button.

  • With something like RedPhone is that there are multiple CPUs on the phone -- in particular, the base-band is a full ARM chip with complete access to all ram on the device. And the software running there is almost never under the users control. So it doesn't matter how good red-phone is -- if it ever leaks *any* plaintext or key bits out to ram, or across any wires outside the cpu it's running on, the baseband chip and the software running on it can wiretap you. And even if those things never leak off the ma

    • The use of dual port memory shows just how deeply the NSA has penetrated into the industry ... lets open a huge security hole and put a huge amount of unnecessary load on the widest/fastest bus in the phone and lets tell them we need to do this for performance ... when fucking wlan can easily be put over one relatively slow LVDS pair let alone 4g.

    • by jonwil ( 467024 )

      There ARE phones out there that dont give the baseband processor and other hidden CPUs access to the main RAM. The Neo900 for example doesn't give the cellular radio module ANY access to the main ARM CPU or its RAM. In fact, design of Neo900 means that only the Linux software running on the main ARM CPU can touch the main RAM. And there is no reason you cant run 100% FOSS stack on that CPU.

      So if your stuff is encrypted by software on the main CPU, any backdoors in the baseband or SIM or whatever have no way

  • by Max_W ( 812974 ) on Saturday April 05, 2014 @02:44PM (#46671667)
    Go to the stadium in shorts and t-shirt, freshly washed (and dried indoors). Wear new style running shoes with very thin sole, as recommended in Scott Jurek's "Eat and run".

    Talk while walking via woods or a park, among trees.

    Not phone, no watch, no camera, no heavy clothing.

    And speak quietly anyway. Still it does not guarantee privacy.

    All other talk or messaging are public. It is a new brave world where there are no secrets.
    • That's why if you want to do any serious terrorist plotting or organised crime, you do what the KGB has started doing, and that is going back to pen and paper (and typewriters). If it's not electronic, it can't be easily tapped or hacked.
      • by Anonymous Coward

        If you want to succeed at any serious stuff you work alone. Any conspirator is a potential exploit mechanism no matter the comms channel. And if you absolutely have to have a conspirator (and accept the risk of compromise) you'd better make sure it's someone you don't have to communicate with remotely - like a brother. I'm looking at you, Tsarnaev...

    • Among trees? You obviously have never read 1984.

    • Go to the stadium in shorts and t-shirt, freshly washed (and dried indoors).

      Bad Idea:

      [...] All the operator has to do is pinpoint a spot on the court or field using the screen, and the Audioscope works out how far that spot is from each of the mics, corrects for delay and then synchronizes the audio from all 315 of them. The result is a microphone that can pick out the pop of a bubblegum bubble in the middle of a basketball game..."

      http://hardware.slashdot.org/s... [slashdot.org]

  • At $3500 a pop, I expect it's the NSA (or another 3-4 letter agency) who've bought most of these phones.
  • by Anonymous Coward

    While the vast majority of people do not use cryptography on all their communications those who do will be noticed and put under greater scrutiny therefore in being proactive they have made themselves a target protected only by the assumption that the technology they are employing does not contained flaws know to those who wish to monitor them, a very foolish assumption.

    Showden el al have done the NSA (and similar organisations in every other government) a favour by motivating targets to "break cover" while

  • Isn't there a software stack for encrypted comm?

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...