Celebrities turn to encryption to keep phones private (New Scientist)
Celebrities turn to encryption to keep phones private
GSMK – Berlin
One such technology hails from GSMK, based in Berlin, Germany. Its CryptoPhones are commercial smartphones that use military-grade encryption algorithms to ensure that calls, texts and voicemails – when passing between people with similar secure devices – are all but unhackable. These cost around €2000 per handset. But now a rival has entered the fray with a much cheaper approach.
Silent Circle of Washington DC launched its real-time call encryption app Silent Phone for the iPhone in October, and next week it releases a version for Android. CEO Mike Janke, a former security expert with the US Navy Seals, claims demand for the service, which costs £13 per month, has taken him by surprise: “A-list Hollywood celebrities, special forces operatives, diplomats from nine nations, and a clutch of Fortune 100 companies have signed up to use our service in our first 40 days,” he says.
For firms worried that their industrial secrets could be stolen, securing transmissions by phone is paramount. To do this, GSMK – which has 10,000 smartphones in use – replaces Windows, Linux or Android operating systems with its own, more secure operating system. Both GSMK and Silent Circle use “end-to-end” encryption that takes place in the phone, so there’s no hackable server that carries out the encryption.
When a call is made, two code words appear on the phone’s screen that both parties have to speak out loud. If they match, they know they are safe to proceed.
Both Silent Circle and GSMK doubly encrypt their messages using two encryption methods, including one called AES256, so even if one scheme is broken there’s still the other to deal with. “It’s a very paranoid design,” says GSMK founder Bjoern Rupp.
But Janke concedes that, as Silent Phone is app-based, it is vulnerable to attack from other, malicious apps that could pilfer voice and text data before it is encrypted. While Silent Phone’s securely received texts can self-delete a set time after they have been read, they can be saved as a phonecam’s screenshot. GSMK’s operating system prevents screenshot-taking by default, says Rupp.
It’s not all about cash: both GSMK and Silent Circle donate phones to human rights groups that need to be able to make secure calls. It’s all encouraging stuff, says Eric King of London pressure group Privacy International. But he adds that the onus should be on phone networks to do more to prevent interception. “Phone hacking would not have happened if networks had generated a random PIN for voicemail accounts in the same way a bank does.”