Friday, February 21, 2014

First NSA-proof phone already on the market


Believe it or not, the first NSA-proof phone is on the market for years, and it is called Secfone, not Blackphone. It was not available for public for a long time - only for governments and military organizations -, but as of 2013 it can be ordered from BeSure Europe LLP. It was announced at Mobile World Congress (MWC) Barcelona in 2013.

This is the only solution that we have enough information about to claim it to be NSA-proof or rather eavesdrop-proof.

How can Secfone protect mobile conversations?

Secfone is the only solution on the market that implements triple-level protection. Triple-level protection means the protection of communication, encryption keys and smartphone. Leaving any level out makes the encryption solution vulnerable and easy to tap. For example encryption software on iPhone and BlackBerry smartphones can not protect the smartphone itself, since these smartphones have proprietary operating systems. We had no information how these operating systems work until Snowden released the NSA documents. These documents prove that iPhone and BlackBerry has a backdoor. The backdoor called DROPOUTJEEP, and provides direct access to the smartphone's microphone and camera. This makes these smartphones a personal bug.

Protection of communication - Level 1

Secfone protects the communication with unique implementation of assymetric encryption. Using non-standard implementation is inevitable. Standards define the methods of cracking - they provide enough information to crack the keys. Encryption cracking software and hardware appliances are designed and optimized to crack standard encryptions.

Read the implementation (patent description only for experts!)

Protection of encryption keys - Level 2

Encryption keys can not be protected on any smartphone, especially not with encryption software. Keys can be protected only in a special hardware, called Trusted Platform Modul or cryptochip. This hardware is designed to generate, manage and use encryption keys. It is unreadable by design, and there is no known method for getting the encryption keys out of it.

Protection of smartphone - Level 3

The solution have to protect the smartphone itself too. It means that no software can access the smartphone's microphone and camera during calls. Secfone monitors the microphone during the calls, detects the malicious software that tries to access it, and handles the situation.

Takeaway

NSA-proof phone will never come from US or any other world-power. Think it over...

Please click Google+ below, or share this post on Facebook, Twitter or any other social media. Thank you!

Wednesday, February 19, 2014

5 questions your boss will ask you on encrypted mobile communication


Companies working with valuable technologies and information have to protect their ideas from the beginning. Employees work on valuable ideas for a while before the idea becomes a product or a service. Meanwhile they communicate with each other through mobile communication too. It is essential to protect the information in transit. If you work a company like that, and you do not use high security level mobile communication solution, than be prepared to brief your boss on encrypted mobile communication. You will have to make the brief, sooner or later…

1st Question: What encryption software should we use?
Answer: Encryption software provide very limited security level. One of the most fundamental features of a secure mobile encryption solution is to protect the encryption keys, because once the key is compromised, the communication is leaked. Software reside on smartphones non-protected storage and run on smartphones non-protected processor. These parts of the smartphones are not designed to protect any information. There is no way to protect the keys on any smartphone.

2nd Question: Is there a mobile encryption solution that can effectively protect the encryption keys?
Answer: Yes, there are some solutions on the market. Only special hardware, designed for generating, storing, managing and using encryption keys can protect the keys. These hardware are not readable by design and hack-proof. Often referred to as cryptochip or trusted platform modul. They are sensitive by design, so any attempt to read out the information from them damages the hardware and destroys all the information it stores, including the encryption keys.

3rd Question: Which TPM or cryptochip based solution should we choose?
Answer: TPM or cryptochip is just the bottom line. For the highest level of security the solution has to implement the protection of the communication, the encryption keys and the smartphone too. If let’s say the smartphone is not protected, than the communication can be eavesdropped directly through the microphone before any encryption takes place. Known backdoor called DROPOUTJEEP exists on all iPhone and BlackBerry smartphones. It is totally useless to use any mobile encryption solution on these smartphones.

4th Question: What kind of encrypted mobile solution should we use?
Answer: We should use a cryptochip based solution with triple-level protection. The solution has to protect the communication, the encryption keys and the smartphone. It has to run on a smartphone and operating system which has no known backdoors. 

5th Question: How much does the most secure solution costs? Is it expensive?
Answer: Surprisingly not the highest level of security is the most expensive. The most expensive software solution, Crypttalk costs 250 euro/month with all the defects mentioned. Yet we can reach the highest level of security at a reasonable price of 55 euro/month. A one-time fee of 300 euro applies that includes the price of a unique cryptochip. We do not have to buy new smartphones, we just have to insert the cryptocard into the micro SD card slot of our smartphones. The solution is called Secfone.

If you liked this post please Google+ it or share it on Facebook, Twitter or any social media you prefer. Thank you!