Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Company Makes Inconspicuous Secure Cellphone 328

dponce80 writes "With concerns over privacy at an all-time high, it's refreshing to hear that Swiss company VectroTel is making a secure mobile phone. The X8 encrypts secure calls (the unit is also able to make regular calls) with a virtually unbreakable 128-bit key, itself generated through a Diffie-Hellman exchange. While transmission does get somewhat delayed, communication is secure."
This discussion has been archived. No new comments can be posted.

Company Makes Inconspicuous Secure Cellphone

Comments Filter:
  • by kneeslasher ( 878676 ) on Tuesday May 23, 2006 @04:40AM (#15385559) Homepage
    Does this mean that Government agencies cannot listen to our oh-so-important phone calls? Typical. Millions if not billions of our tax money wasted if this technology becomes widely adopted.
    • Millions if not billions of our tax money wasted if this technology becomes widely adopted.
      Which is of course better than both having spent all the money _and_ then getting harmed (spied on) by it.
    • by ghoul ( 157158 ) on Tuesday May 23, 2006 @05:42AM (#15385771)
      Verizon Guy: Can you hear me now?
      NSA analyst: No
      • Verizon Guy: Can you hear me now?
        NSA analyst: No

        * Which in NSA speak means, yes... most definitely. We've got a satellites, crypto breaking computers you've never even dreamed of, listening devices, and backdoors in the hardware. The hardest thing for us NSA analysts to do is to decide which source we want to listen from. Of course we're not going to tell YOU any of this. So No, can't hear you... keep on talkin'.
        • I'm curious as to why a foreign manufacturer would build backdoors in their hardware.
          • I can think of a few reasons:
              * They don't realize they're there (either in components or sabotage)
              * The company is really a front/puppet of the NSA
              * Blackmail or extortion
          • Foreign countries have governments, too. Governments which in many cases can compel industry to install backdoors into their hardware with far less fanfare than the U.S. government would cause by doing something similar.

            Another Swiss manufacturer of encryption equipment, Crypto AG, has a less-than-stellar history in this regard.

            I Googled them and this was the first link that I found: Crypto AG: The NSA's Trojan Whore? [mediafilter.org]. (Site may be down, I used the Google cache.) A little tinfoil-hattish, but I don't think
        • Which is why the truly paranoid still insist on one-time pads -- an encryption key as long as the message itself. When an OTP is used properly, there is no way to distinguish between ATTACKTHEBRIDGEATNOON, DEFENDTHEFORTATSUNSET or even MYDAUGHTERHASTHEPILES. They are all equally plausible. An attacker will not even get so much as a toe-hold, unless the pad is re-used for another message as long as the first. And you aren't that stupid :)

          The main disadvantage of OTPs, and the reason why everyoe is not
          • I should just point out that if you're not using a true randomly-generated pad for encryption and decryption, then it really isn't a one-time pad. At that point it becomes a type of book cipher, because the "key" is really which CD (or book) to use to decrypt with, and the correct starting position (offset or page number).

            While using a commercial CD might seem to offer a high-level of security, it's a substantially reduced keyspace from using 600MB of random bits.
            • Yes, indeed. Although, as long as no portion of the keystream is reused, the book cipher and OTP are effectively equivalent. Even knowing which CD was used, there are between 27 and 28 bits of space for the offset -- so a three or four character message encrypted using a known CD would be provably undecipherable! And it's not at all unreasonable for a person to own several hundred CDs, adding another 8-10 bits of space; so a message of four or five characters would be provably undecipherable. As long as
        • Now its obviously impossible to say what the NSA's capabilities really are, but there are encryption technologies which I'm sure could at least tax the NSA's ability a little bit (probably quite a lot). Now if there were just a handful of these cell phones being used, the NSA could (probably) handle that and decrypt them. However, if they became widely used (millions in use) I'd think it'd be too much for the NSA even with fairly weak encryption. They'd have to only bother trying to decrypt those that RE
          • by pyite ( 140350 ) on Tuesday May 23, 2006 @11:18AM (#15387222)
            Now if there were just a handful of these cell phones being used, the NSA could (probably) handle that and decrypt them.

            It's unlikely they could. Assuming the key exchange works properly, and assuming they're using a known good algorithm (such as Rjindael aka AES), the NSA has no shot. Assume they use AES. Default is 128 bits and 10 rounds. Then the following little blurb from Apple's website applies:

            AES gives you 3.4 x 10^38 possible 128-bit keys. In comparison, the Digital Encryption Standard (DES) keys are a mere 56 bits long, which means there are approximately 7.2 x 10^16 possible DES keys. Thus, there are on the order of 10^21 times more possible AES 128-bit keys than DES 56-bit keys. Assuming that one could build a machine that could recover a DES key in a second, it would take that machine approximately 149 trillion years to crack a 128-bit AES key.

            (To put that into perspective, the universe is believed to be less than 20 billion years old.)

            Now, that assumes you can crack a DES key in a second. The fastest successful crack by Deep Crack [wikipedia.org] was just shy of 24 hours, or, 86400 seconds.

        • by ArsenneLupin ( 766289 ) on Tuesday May 23, 2006 @09:10AM (#15386402)
          Which in NSA speak means, yes... most definitely.


          If he truly hadn't heard the Verizon guy, he wouldn't have answered anything at all, hehe.

    • Well, unless we get to examine the source code, we have no way to know how secure the thing really is. And if it's using Diffie-Hellmann key exchange, then all MI5 or GCHQ or whoever's listening have to do is mount a classic MITM attack.
  • by Freaky Spook ( 811861 ) on Tuesday May 23, 2006 @04:42AM (#15385565)
    Except anyone who uses one would probably be labelled a terrorist.
    • by Opportunist ( 166417 ) on Tuesday May 23, 2006 @04:55AM (#15385609)
      So label me.

      I'm willing to defend my freedom to death. If necessary, against my government.

      And I bet, the US founding fathers would be proud of me.
    • Precisely. It's the same problem as routinely using PGP for emails - while third parties may not be able to browse your email content, it pretty much guarantees that [i]all[/i] your Internet traffic, at the very least, gets more scrutiny. I know of a real example of this involving (funnily enough) Swiss missionaries in Africa - they weren't doing anything illegal, but a bit of encryption was enough to convince the local security forces otherwise. For most people, getting lost in the crowd is the best optio
      • For most people, getting lost in the crowd is the best option

        But this doesn't help, say, non-US businesses competing with large US corporations who are (rightly) worried they might be targeted for espionage by dodgy govenment agencies for economic/political reasons. (I'm sure the US isn't the only country which does this either...)
      • it pretty much guarantees that all your Internet traffic, at the very least, gets more scrutiny.

        To avoid that problem, check-out 'steganography'. You hide your messages inside a binary such as a JPEG file. The changes are minute, and the JPEG not only looks normal, but unless the interceptors know the keys and software used, there isn't really any way to detect whether there is hidden content or not. No extra scrutiny.

        Note: if you use kiddie-porn as your JPEG, the encrypted content will be the least o

  • by foundme ( 897346 ) on Tuesday May 23, 2006 @04:42AM (#15385566) Homepage
    I think it's asking to be broken, and I bet it will be.
    • Vanilla Diffie-Hellman is susceptible to man in the middle attacks because it provides no authentication.
      The only way to have true security is to cache the public key of the other party on first call (a la ssh), or better, to have the phones exchange keys through IR when they are placed one next to the other.
  • Useless (Score:4, Funny)

    by cerberusss ( 660701 ) on Tuesday May 23, 2006 @04:43AM (#15385571) Homepage Journal
    While transmission does get somewhat delayed, communication is secure.

    This is of course useless for phone sex.

    Me: "So, what are you wearing?"
    Gf: "..."
    Me: "What are you wea*"
    Gf: "A hot small negli*"
    Me: "Sorry, please continue"
    Gf: "A hot small neglige and nothing else"
    Me: "*grunt* and then?"
    Gf: "I didn't hear you. What did you say after then?"
    Me: "Uh nothing, I was just asking, what do*"
    Gf: "Is this thing on? Oh wait now I hear you. Can you repeat?"
    Et cetera.

    • That sounds like my Skype calls, but without the benefits of encryption. :/

      (And, er, I'm talking about the broken-up audio, not the conversation topic.)
      • Skype claims to use 256-bit AES to encrypt your call. I say "claims" since there's no proof that they do. The code is closed, so you can't check for yourself. For all you know, it's a direct line to TIA or whatever.
    • Re:Useless (Score:2, Funny)

      by Anonymous Coward

      GF calls.

      GF: Hi, could you..
      BF: Wait! Read the hash to me on the screen.
      GF: but..
      BF: someone might be doing a man-in-the-middle attack. just read the hash.
      GF: *sigh* [reads long string of numbers]
      BF: 8? did you say 8? not A?
      GF: No. AAY! Like APPLE.
      BF: Oh, phew.
      GF: *sigh*
      GF: now, could you pick up some milk?
      BF: okay.
      GF: *sigh* bye.
  • unbreakable? (Score:4, Interesting)

    by legallyillegal ( 889865 ) <legallyillegal@@@gmail...com> on Tuesday May 23, 2006 @04:45AM (#15385579) Homepage
    virtually unbreakable 128-bit key,

    isn't WEP also 128 bit?

  • by oostevo ( 736441 ) on Tuesday May 23, 2006 @04:48AM (#15385586) Homepage
    This may sound like an asinine question, I know, but I don't have much experience with cell phones at all.

    Since this cellphone is made in Switzerland, a country that presumably has differing cell phone communication standards than the US does, is it possible to buy and use this cellphone in the US with a normal US carrier? Or would we have to wait and hope for a company to build something similar for the US?

    Thanks, and sorry for the ignorance.

    • Probably a moot point, I imagine the US gov wouldn't be too keen to have these available to the general public.
    • is it possible to buy and use this cellphone in the US with a normal US carrier?

      I think so, at least one of their phones [vectrotel.ch]. That one uses the three bands 900 MHz, 1800 MHz and 1900 MHz. The former two is used in europe (during a call the phones switches frequency bands depending on which one gives the best connection, or something similar), while the latter is used in USA (among other places, I think). That indicates that it is possible to use it in the states too.

      • by ajs318 ( 655362 ) <[ku.oc.dohshtrae] [ta] [2pser_ds]> on Tuesday May 23, 2006 @06:08AM (#15385818)
        Not quite. The 900 and 1800MHz bands are used by different service providers. In the UK, 900MHz is used by Vodafone and O2, and 1800MHz is used by Orange and T-Mobile. Before the advent of the venerable Nokia 3210, most phones were single-band and were built using two PCBs: one for the main processor, audio circuitry, keypad and display, and one for the RF stuff {which would be made in 900 and 1800 versions and the phone assembled accordingly}. The 3210 used a single PCB capable of doing both RF bands. The cost saving associated with the single-board design {no expensive multiway connectors, and a better process hit rate} outweighed the cost of the extra components.

        A phone connected to a base station will always us one or the other band. But within each band there are several channels; the phone and base station automatically select the best channel continuously throughout a call {if another subscriber disconnects and the channel they were using is better, your conversation will switch to that channel}. The whole process is kept seamless because both phone and base station change at the same time, between data packets.
        • The 900 and 1800MHz bands are used by different service providers.

          In Denmark several providers have both 900MHz and 1800MHz in service. 900MHz is used to provide coverage in sparsely-populated areas, and 1800MHz is used to provide capacity in dense areas.

        • Most modern Motorolas can do multiple bands (either tri-band or quad-band depending on the market)
        • Vodafone and O2 use both 900MHz and 1800MHz (and 2100MHz for UMTS). Generally 900MHz was used for the older installations in Europe and Asia, but newer operators and newer cells from the established operators tend to use 1800MHz.
  • by marsvin ( 84268 ) on Tuesday May 23, 2006 @04:55AM (#15385610)
    DH is a way to exchange an encryption key over a public network, but it doesn't tell you who you are talking to. GSM calls are never point to point, so there is always a "man in the middle".

    I'm not saying it's necessarily snake oil, but the lack of any details certainly doesn't inspire any confidence.
    • by Anonymous Coward
      There are several known ways of defeating this for DH key agreement. The simplest is to display a hash on both ends. Talk to each other. If you recognize the voice on the other end and the hashes match, you're golden. Dead simple, low tech, and reliable. Also, tough to fool.
    • Do you really think it's a problem? First, you can recognize your peer's voice. As for the man in the middle, for realtime, voice conversation, the delay would be too big to go undetected.

      • First, you can recognize your peer's voice. As for the man in the middle, for real time, voice conversation, the delay would be too big to go undetected.

        Funny guy.
        Just in case you were serious, a MIM attack against this phone would tap in the data path with 0 delay, there is no need for an actual "man" in the middle. Eve makes the key agreement with both Alice and Bob (different keys), and then decrypts and re-encrypts the data stream on the fly.
      • by ajs318 ( 655362 ) <[ku.oc.dohshtrae] [ta] [2pser_ds]> on Tuesday May 23, 2006 @06:26AM (#15385854)
        This is how it's supposed to work: Alice calls Bob. Bob answers. Alice generates a key pair and sends one of the keys to Bob, keeping the inverse. Bob also generates a key pair and sends one to Alice, keeping the inverse. Alice encrypts everything she sends against the key she received from Bob. Bob decrypts it using the inverse key he generated. Bob sends everything to Alice encrypted against the key Alice sent him. She has the inverse key and can decrypt everything Bob sends.

        All clear now? Well, this is how it might work in practice, with a malicious interloper we'll call Mallory:

        Alice tries to call Bob. Mallory intercepts the call, pretending to be Bob; gets the key Alice sends, and in return sends her a key {which Alice thinks is from Bob}. A fraction of a split second later Mallory places a call to Bob, pretending to be Alice, and sends Bob a key. Bob thinks Mallory's key is really Alice's key and sends a key to "Alice". Whatever Alice says is encrypted against the key sent to her by Mallory, who -- having the opposite key -- can decrypt it, re-encrypt it against the key which Bob has, and send it on to Bob. Mallory has a nice, fast computer that can do decryption and re-encryption in real time; in reality, it only has to be twice as fast as the processor in either of their telephones. Whatever Bob says is encrypted against a key sent to him by Mallory, who can decrypt it and re-encrypt it against Alice's key. Mallory has both sides of the conversation, in the clear, and neither Alice nor Bob are any the wiser.
    • it doesn't tell you who you are talking to. GSM calls are never point to point, so there is always a "man in the middle".

      ah, but this point [philzimmermann.com] was made well with Zimmerman's Zfone [philzimmermann.com] - you do the authentication yourself by having a conversation with the person on the other end and determining if he is the person he claims he is. Relying on complex certificate authorities and key management schemes makes most secure communications systems unfeasable - the old usability vs. security paradox.

      Additional securit

  • Man in the middle (Score:5, Interesting)

    by nfarrell ( 127850 ) on Tuesday May 23, 2006 @04:57AM (#15385619)
    Just in case you didn't RTFA, the phone displays a hash on the display. As long as you read this one to whoever you're talking to, you more-or-less foil a man-in-the-middle attack.

    I'm more worried about the proprietry algorithm for the encryption, and how it's implemented. Any conspiracy theorists will still think there's a back door for the government (or swiss secret service?) to listen in.

    Anyone with anything really important to say would use GPG on an MP3 and maybe a lashing of stenography on top.
    • It makes no difference which crypto is used, how many bits in the key, whether it's triple encoded into some exotic format or who knows what.

      Anyone who wants to know what you are saying badly enough will simply bug the handset and capture the voice going in and the sound coming out. Ye olde analogue hole.

      This sort of bugging has already been done with existing mobile phones so this new variant of handset is unlikely to present any challenge at all.
    • The Swiss army has invested a lot in this technology in recent years... :)
  • by fe105 ( 146603 ) on Tuesday May 23, 2006 @05:09AM (#15385660)
    Cryptophone is a company that has been making phones like this for some time already.

    They employ some of the smartest crypto people, use well-known algorithms and publish their sources so you can check them yourself.
  • Some points... (Score:5, Informative)

    by Kaptain_Korolev ( 848551 ) on Tuesday May 23, 2006 @05:13AM (#15385674)
    Reading the comments made me cringe, so here goes....

    Some points;

    - 128 bit keys are probably good enough, depending on the nature of the conversation. Diffiehellman generates a per-session master secret. To this you would then apply a KDF ( Key Derivation Function ) in order to produce your session key for use with your symmetric cipher, most likely AES or 3DES, maybe even TwoFish. A new master secret is generated every time you make a call, hence the session key changes per call, this is UNLIKE your WEP key, which is constant or one value selected from a set. The consequence of this is that although it is practical to break an 128 bit symmetric key, it is NOT practical to do so in the time interval in which the call is taking place. Hence the encryption applied is strong enough for protecting calls in the short term, although if someone captured the call they could possibly decrypt it at a later date.

    - GSM does feature limited cryptography. Unfortunately, and rather amusingly this encrypting is only carried out on radio traffic. Once the data reaches the base station / cell, it is sent in the clear around the cable cellular netork's backbone infrastructure.

    • The consequence of this is that although it is practical to break an 128 bit symmetric key, it is NOT practical to do so in the time interval in which the call is taking place. Hence the encryption applied is strong enough for protecting calls in the short term, although if someone captured the call they could possibly decrypt it at a later date.

      If only a few people are using this, the low volume of encrypted calls makes capture and offline analysis feasable. Only when encrypted calls are the norm will th

  • by rf0 ( 159958 ) <rghf@fsck.me.uk> on Tuesday May 23, 2006 @05:24AM (#15385713) Homepage
    This is all great but can you trust the person sitting next to you on the bus? The stranger behind you? How many of us have eve's dropped on other peoples conversations?
    • To true:

      About 5 years ago, I was walking back to the station having been at an IT conference and exhibition in Manchester (UK) and learned from the guy ahead of me (who was on his phone and talking to a colleague beside hin too) that a major UK system reseller was about to go bust. Teh two ahead of me were discussing whether it would be worth making a bid for the liquidated company.

      Mind you, I also once sat opposite a lawyer on a train who had case notes and witness statements spread across the table - inte
    • If you go out on a field and check clearly for hidden microphones etc, there's no need to worry about others eavesdropping. But, you know... The real problem is I'm not sure I trust myself.
    • How many of us have eve's dropped on other peoples conversations?

      I wouldn't call it eavesdropping, exactly. It's more like forgetting to bring earplugs with you. Some of the people on my bus talk loud enough for the whole bus to hear, and they talk to absolute strangers about the most personal stuff.

      That's just to the person sitting beside them. When they're on their cellphone, they literally shout so the person on the other end can hear them. (Well, that other person is pretty far away, right?)

  • by danceswithtrees ( 968154 ) on Tuesday May 23, 2006 @05:28AM (#15385725)
    Does it work with a foil hat?
  • Sectra Tiger (Score:5, Informative)

    by martingunnarsson ( 590268 ) <martin&snarl-up,com> on Tuesday May 23, 2006 @06:13AM (#15385831) Homepage
    A Swedsh company called Sectra has made secure cellphones for years. Their latest model is the only cellphone certified to the security level NATO SECRET by NATO.

    http://www.army-technology.com/contractors/navigat ion/sectra/ [army-technology.com]
  • Regular-use crypto (Score:4, Insightful)

    by Shadows ( 121287 ) on Tuesday May 23, 2006 @06:22AM (#15385845) Homepage
    This seems like a neat little gizmo but I doubt I'll be able to convince my girlfriend, father, sister, friends, etc. to buy one too -- so the encryption feature would actually do something. As nice as the idea is, you still need two of these phones for it to work.

    There's a parallel problem with GPG or the like. Since very few people have or want to use it, sending unencrypted e-mail is the only way to communicate with most of the world.

    This phone is worse than that, though, since I can download GPG/cyrpto-software-of-your-choice and even install it for someone and show them how to use it -- but I'd have to persuade them to spend money on new hardware (and then convince them to actually use it with the crypto on!) in order to use the features of this phone.

    Apathy/Laziness: 1
    Discerning Citizens: 0
  • Even if what you are saying over the phone is 100% secure (No matter ig it is scrabled or you just say a series of numbers)
    a terrosist won't be able to use it. Because the first important thing is not what is being said, but to whome you are using.

    As cellphones are easy to listen in on to, this is already a good use of the average business man and CEO who is afraid of industrial espionage.

    Unfortunatly these are the same people who won't use gpg on their email, because it is too difficult to use.

  • How else could he make all those long cellphone calls to his fellow conspirators in which he openly admits to involvement in terrorist activities without somebody at NSA going, "Jeez, is that who I think it is?"

    Too bad it didn't protect him against his wife's secretary using a $30 digital recorder from Radio Shack to tape a conversation incriminating him in the assassination of a former president, but then, *everybody* was having a bad day.

  • How about backdoors (Score:5, Interesting)

    by Aceticon ( 140883 ) on Tuesday May 23, 2006 @08:21AM (#15386178)
    I vaguelly remember some investigatory documentary on Discovery or some other such channel where they were investigating how information on a bid by an European company for the rights to explore an oilfield somewhere in Asia had been intercepted by NSA and provided to the competing US companies.

    The interesting (not to mention relevant) detail here is that they (the Europeans) where using a supposedly safe mobile phone (made by a Swiss company i believe) which turned out to have a backdoor that allowed NSA to decrypt the calls.

    Why should we expect these guys to be any more honest than those other ones where (assuming they're actually not the same ones)?

    As i see it, the best way to make sure you have a backdoor free safe phone is to have a generic open-mobile solution, a bit like a mini-PC but for a mobile phone, with an open communications API that allows development and deployment on such a mobile of software which provides the safe communications.

    As long as the encryption layer is implemented by the provider and cannot be checked by any independent 3rd party, there is no guarantee whatsoever that it ain't filled with backdoors/weaknesses put there on purpose to allow the sig-int agencies (of one or more countries) to be able to spy on calls made via those mobile phones.
    • You've hit on one of the two important points that make this product useless.

      1: Never trust proprietary code which you can't audit.
      2: The device must be common.

      Sounds like a perfect fit for some B-flat handset and an open development environment.
      Sort of like Nokia meets OpenBSD.

      Someone wake me up when this happens; I'd be glad to contribute.
  • This is silly. The phone can employ all the secure tricks it wants, 128, 256, 1024 bit keys, exotic custom stuff, etc. Makes no difference.

    If somebody wants to know what you are saying, they just bug the handset. They have to really want to listen pretty badly and come up with a way to get the phone long enough to mod it, but it can be done, has been done, and been used against assorted targets around the world.

    As long as people have to speak into the phone and hear sound from the earpiece, there will
    • If somebody wants to know what you are saying, they just bug the handset.

      I think the point many are trying to make is that if the authorities have a good enough reason to want to see what someone is up to, then they should be able to find out, after getting a warrant, etc, but what many are unhappy about is the thought that everyone is constantly monitored regardless of whether or not there is any evidence to suspect wrongdoing.

      This being the case, cell phones that encrypt would hopefully stop the gener

  • How much faster do current generation Cell Phone CPU's have to be to do this without a delay and seamlessly. If this was an option that the phone could negotiate transparently AND IF (big if) they made some good looking phones (omg pink ponies) they may have a chance of gaining larger market share but beyond a significant percentage of people using these they wouldnt help with the blanket surveillance problem (none of the people you talk to would be using it)
  • by ambrosen ( 176977 ) on Tuesday May 23, 2006 @10:00AM (#15386709) Homepage
    Really? I'm not aware of any particular events that are going on at the moment that would make people especially worrried about privacy.
  • virtually unbreakable 128-bit key

    for now... quantum computing promises the ability to break these virtually unbreakable keys while i'm getting a cup of coffee. if it can be made, it can be broken. it's a universal truth. if we can't break it now, we'll be able to break it later - and you better believe the NSA will be able to break it before you know they can.

  • My understanding of how cell phones work:
    a) Alice calls Bob
    + results in a SS7 data message sent accross the PSN (publicly switched network - aka. legacy phone excahnges) to establish a ring on Bob's set.
    + If they're both cell phone users, then there is additional routing accross each users' cellphone networks.
    b) Bob answers the call and talks with Alice
    + Cell phones often use u-law [wikipedia.org] for voice/data compression. The PSN transmit

Were there fewer fools, knaves would starve. - Anonymous