Encrypt Your GSM Conversations
This software from Voylent Software encrypts on the fly your phone conversation. It forbids anyone to overhear it or intercept it. There is the same issue for landline. Maybe they should port their software there too?
Question: their website do not specify the encryption algorithm used. Is it a strong one? Breakable? We know GSM conversation interception is really hard to achieve (because of frequency hopping) but really easy at the carrier center as landline. How strong is the encryption? Is it legal to use in France or anywhere else?
On a marketing side, if you use it, all your friends have to use it too if you want to have a secure talk.
One last issue: this software is political. GSM encryption is weak and phone interception is easy because of political and security issues. It is really a good idea. The old issue between security and privacy might be solved by the market. I am not sure it is the best solution for both sides.
Via Boing Boing
June 22nd, 2006 at 4:36 pm
See also SecureGSM
http://www.securegsm.com
June 22nd, 2006 at 7:02 pm
hmmmm….security whitepaper on their site talks about using Twofish and AES (in case one algorithm is broken). Similar approach is adopted by www.cryptophone.de Software only approach isn’t necessarily a good idea…who knows how insecure the underlying OS or platform is?
Plenty of other offerings in this realm out there, including www.gme.ie
June 22nd, 2006 at 7:27 pm
Why do you think pure software encryption isn’t a good approach? On the performance side I completely agree but I don’t see why it is insecure. It depends how they build their code and how they implemented their algorithm.
Being able to get a secure transmission is a good idea. One weakness in the algo: how would they get/exchange key with AES?
I’m pretty sure the system can be cryptanalyzed around this. Especially since the carrier have access to all communication.
Another point: the carrier can simply cut a secure line and this can be detected pretty easily.
June 22nd, 2006 at 8:00 pm
This is a ROT-26 encrypted text.
Well soory for the bad joke but I really think there’s nothing such as good encryption for common people. States will always take the means to break them, and as ecomonics become more and more a state matter (which is the paradoxal side of capitalism globalization), there’s no way the market will give anything more than toys for James Bond fans…
The point of all this : there’s no such thing as security, it’s just a state of mind and the best security is to assume your weakness/exposure.
Enough with deep one-liners - I’m out.
June 22nd, 2006 at 8:09 pm
True and false at the same time. It is assumed the NSA is more advanced than scientific cryptographic community.
Doesn’t mean we cannot protect our privacy. In a way it is our job to do so.
June 23rd, 2006 at 9:29 am
I have no fundamental complaint against software only encryption.
What I would worry about is all the other software running on a PDA type device, not least of all the OS (Symbian, WinCE I assume?). Placing strong encryption (which AES or Twofish is) on the voice transmission is fine, all it does is move the weakest point in the system to another place. I would be wary of throwing a piece of software unto a PDA and assuming it was a secure system. There’s a lot more to cryptography/security than just strong encryption of the the transmitted information.
Have a look at cryptophone.de, they disable a lot of the PDA/OS functionality (e-mail, internet, IM etc.) to prevent those areas being exploited. - Having said that cryptophone.de then go and offer a windows client for using their cryptophone! So there I am, spending major money on a secure phone and talking to someone with the software on a windows PC! Again an advesary will always look for the weakest point….if one participant is using a windows PC for the call then that’s where they would probably attack.