CryptoPhone Sales Jump To 100,000+, Even at $3500 68
An anonymous reader writes "Since Edward Snowden started making NSA files public last year, GSMK has seen a jump in sales. There are more than 100,000 CryptoPhones in use today. How secure they really are will be determined in the future. But I'm sure that some government agencies, not just in the U.S., are very interested in getting a list of users."
For the price the company's charging for a modified Galaxy S3, it had better be as secure as they claim; otherwise, the free and open source RedPhone from Moxie Marlinspike's Whisper Systems seems like something to think about first.
"Secure service"? (Score:1)
Pull the other one... A phone has more than one chip in it.
Re: (Score:2)
Are you aware that not every chip in a phone has full access to everything and can be used for spying?
Re:"Secure service"? (Score:4, Insightful)
I how you are aware that it doesn't matter. Back doors are simply mandated into the service, possibly, or probably, by secret law, or it is declared illegal for use. Read the contract. Unless it specifically says the company will never, under any circumstances comply with a government order to open up its communications, then the service should not be considered secure. And even then, you still have to trust them. That is living a fantasy in today's world.
Re: (Score:2)
Re: (Score:1)
I didn't know I needed to specify every little piece of the service, which, to me, encompasses the phone, software, the bank through which you pay the bill... Once anybody receives "the letter", all your communications are up for grabs. These guys are selling snake oil. Trust is not an option.
Re: (Score:2)
Um... Are you replying to the right person?
Re: (Score:1)
hope... not how... hope
Thank you in advanced
'Modified' (Score:1)
Re:'Modified' (Score:4, Interesting)
$3500 is a lot to spend on software
$350 million (not counting the cost of the S3s or whatever is included in the '2 years of service') to harden one of the mobile tracking and advertising OSes into something actually secure probably isn't wildly out of the ballpark (and probably far less than a proper actually-verified-with-proofs-and-stuff Secure System OS of that complexity).
On the other hand, I would be shocked, shocked to hear that their security claims are...inflated... and there's a good deal of profit margin in there.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
No mention of... (Score:3)
...Blackphone [blackphone.ch]?
Re: (Score:2)
Ha ha... the Blackphone is a company with a US presence. How do we know this phone hasn't already been NSA 'approved'?
Re: (Score:1)
How do you know the cryptophone hasn't? Unless they're 100% open source hardware and software, there's no way to know how secure they are.
Re: (Score:1)
Re: (Score:1)
/shrug/ How do you claim to know anything at all?
Re: (Score:2)
How do we know this phone hasn't already been NSA 'approved'?
We don't, at least not with 100% certainty. I would think this applies to products from companies based outside the U.S. as well [nytimes.com]. Foreign intelligence is the NSA's primary mission, after all.
However, given that Blackphone was founded by a team from Silent Circle and Geeksphone chances are pretty good that the product works as advertised.
Re: (Score:2)
If the export requires an export license, then you can be sure that: a) The NSA will modify it before it gets to the user or b) It is so bad that the NSA can't be bothered to modify it.
Noticed that also. (Score:2)
Slashdot seems to be asleep when it comes to new security products, especially when its a Phil Zimmerman venture and the phone only costs about what an iPhone does.
You can still buy one? (Score:4)
Then rest assured that governments know how to get into them. Else we'd have seen some kind of harebrained reason why these phones can no longer be bought and used.
Re: (Score:3, Insightful)
Then rest assured that governments know how to get into them. Else we'd have seen some kind of harebrained reason why these phones can no longer be bought and used.
They just need to track who communicates with whom. The content is not relevant.
Re: (Score:3, Informative)
Then rest assured that governments know how to get into them. Else we'd have seen some kind of harebrained reason why these phones can no longer be bought and used.
I don't quite follow the reasoning going from sentence 1 to conclusion at 2. Germany is not really cowboy land. The very reason it is based in Germany is because of the privacy laws there. It's actually illegal for them to build in a backdoor. Merkel should buy one :)
When the cryptophone was at its first version, the first thing they did was to organise a hackaton for hacker friends to try to find bugs. At that time everyone could just download the software themselves, and it still is available for revie
From Germany. (Score:2)
At least it's not from a US company. There is another phone like this, and it's from a US based company. And I'm thinking... yeah right, NSA honey trap.
We need secure software. We cant trust hardware at all, unless it's for a single purpose, with a verifiable protocol. The Bitcoin community are coming up with some great solutions, which will help.
Re: (Score:3)
At least it's not from a US company. There is another phone like this, and it's from a US based company. And I'm thinking... yeah right, NSA honey trap.
We need secure software. We cant trust hardware at all, unless it's for a single purpose, with a verifiable protocol. The Bitcoin community are coming up with some great solutions, which will help.
It's an obvious strategy for a Honey Trap. What's not so obvious is whose Honey Trap it might be. Maybe it's the NSA, but it could just as easily be Russia's SVR or Israel's Mossad or China's MSS.
Re: (Score:3)
You deal realize that the GSM crypto was intentionality weakened at the request of EU intelligence services. The NSA had no role in making it weak.
Re: (Score:1)
How do you know the German company isn't a honeytrap?
One word... (Score:1)
I've said it before on the topic and I'll say it again. One word: Honeypot.
I laugh hysterically at people who fork over thousands of dollars to admit they have something to hide and lead the watchers right to them.
Nowhere to hide (Score:2)
It would be naïve to think that with all of the massive crytographic resources at their disposal, the NSA can't hack into this phone's communications at the push of a button.
The problem... (Score:2)
With something like RedPhone is that there are multiple CPUs on the phone -- in particular, the base-band is a full ARM chip with complete access to all ram on the device. And the software running there is almost never under the users control. So it doesn't matter how good red-phone is -- if it ever leaks *any* plaintext or key bits out to ram, or across any wires outside the cpu it's running on, the baseband chip and the software running on it can wiretap you. And even if those things never leak off the ma
Re: (Score:2)
The use of dual port memory shows just how deeply the NSA has penetrated into the industry ... lets open a huge security hole and put a huge amount of unnecessary load on the widest/fastest bus in the phone and lets tell them we need to do this for performance ... when fucking wlan can easily be put over one relatively slow LVDS pair let alone 4g.
Re: (Score:3)
There ARE phones out there that dont give the baseband processor and other hidden CPUs access to the main RAM. The Neo900 for example doesn't give the cellular radio module ANY access to the main ARM CPU or its RAM. In fact, design of Neo900 means that only the Linux software running on the main ARM CPU can touch the main RAM. And there is no reason you cant run 100% FOSS stack on that CPU.
So if your stuff is encrypted by software on the main CPU, any backdoors in the baseband or SIM or whatever have no way
only really secure communication (Score:4, Insightful)
Talk while walking via woods or a park, among trees.
Not phone, no watch, no camera, no heavy clothing.
And speak quietly anyway. Still it does not guarantee privacy.
All other talk or messaging are public. It is a new brave world where there are no secrets.
Re: (Score:2)
Re: (Score:1)
If you want to succeed at any serious stuff you work alone. Any conspirator is a potential exploit mechanism no matter the comms channel. And if you absolutely have to have a conspirator (and accept the risk of compromise) you'd better make sure it's someone you don't have to communicate with remotely - like a brother. I'm looking at you, Tsarnaev...
Re: (Score:1)
Among trees? You obviously have never read 1984.
Re: (Score:2)
Bad Idea:
[...] All the operator has to do is pinpoint a spot on the court or field using the screen, and the Audioscope works out how far that spot is from each of the mics, corrects for delay and then synchronizes the audio from all 315 of them. The result is a microphone that can pick out the pop of a bubblegum bubble in the middle of a basketball game..."
http://hardware.slashdot.org/s... [slashdot.org]
The NSA probably know who most the users are... (Score:1)
Re: (Score:1)
3,500 is a nice number to trigger an IRS reporting requirement. What could possibly be better for your privacy?
Use crypto, become a suspect. (Score:1)
While the vast majority of people do not use cryptography on all their communications those who do will be noticed and put under greater scrutiny therefore in being proactive they have made themselves a target protected only by the assumption that the technology they are employing does not contained flaws know to those who wish to monitor them, a very foolish assumption.
Showden el al have done the NSA (and similar organisations in every other government) a favour by motivating targets to "break cover" while
Re: (Score:2)
Is there no stegonagraphy chat app using instagram yet? Obsessive selfie taking seems like a good cover.
Software stack for encrypted comm? (Score:2)
Isn't there a software stack for encrypted comm?