 |
|
||||
|
|
|||
|
|
|||
|
|
|||
 |
|
|
|
No. The CryptoPhone is engineered in a such way that the crypto key is only stored in the phone for the duration of the call and securely erased immediately afterwards. If you do not believe this, please (have someone you trust) check the source code. But what about clever criminals or terrorists? We do not sell CryptoPhones to countries and organizations that are on the current official lists of terrorists, terrorism supporters and / or other evildoers, in accordance with German and EU export regulations. Orders that are suspect will in doubt be delayed for clarification with the German export control authorities. We also refuse to ship our products into zones of war and armed conflict. Clever criminals and/or terrorists do not like to use mobile phones anyway. The phone's signal will reveal the location of the user while it is turned on. Most people know by now that the GSM phone registers its location with the network all the time, and that this information is stored 'forever'. In other words, even years later it can by determined where a user was on a specific day. This location data plus the call data information (who calls whom) is often enough for law enforcement to target additional surveillance measures on a suspect. And of course there is a whole range of measures a police/intelligence agency can use, once they have people in their sight. Also, a number of more dramatic events in the past years - including targeted assassination of suspected terrorists by radio signal seeking rockets, explosives hidden in handsets and location finding on mobile phones for sniper kills and arrests - have made mobile phone use among terrorists and organized criminals increasingly unpopular. What are the security limitations of the CryptoPhone? The CryptoPhone was designed to offer the highest level of security possible while still remaining affordable. Certain military-grade phones were designed to also protect against more exotic threats such as eavesdroppers that bring expensive equipment in close proximity to you to listen to very faint radio signals emitted by those parts of your phone that aren't supposed to be transmitting. The CryptoPhone, like all other secure phones primarily designed for the civilian market, does not protect against such an attack. By basing our solution on a commercially available GSM phone, we can keep the price down, but can not provide military-grade tempest security. On the other hand our policy of publishing the source code offers maximum protection from a major threat that no other phone protects against: secret cooperation between phone manufacturers and major intelligence agencies. Simply put: we publish the internal workings, and people review these internals. So if we put in any backdoors or someone puts them in without our knowledge, they would be found. The primary design goal of the CryptoPhone is to protect against eavesdroppers who listen to the call at any point while it travels the networks. It will protect you against people listening in on the air and on the phone network, but it will probably not offer sufficient protection against a major national intelligence agency that considers you a high-profile target and employs all the resources and technical means available to them. We are pretty optimistic about the strength of our crypto even against a determined code-breaking effort, but historically intelligence agencies have resorted to a range of different and very creative attack schemes if they failed to break a cryptosystem using brute force or mathematics. If you have reason to fear that you are a high-profile target of a well-funded intelligence agency, you may have many other means of interception pointed towards you. Directional microphones, sophisticated room bugs placed during high-tech break-ins, human agents etc., etc. In such situations the CryptoPhone may still add some security if used wisely (see the manual for details), but you should be aware that the agency interested in you will probably also try to subvert the integrity of the CryptoPhone. The CryptoPhone is meant to protect you against people listening in into your calls on the telephone network, not against people who go actively following you around all day with a van full of antennas and top secret equipment. The CryptoPhone GSM can not protect against the determination of your IMSI, the interception of SMS or the recording of called / calling numbers. If someone steals/finds my phone, can they then decrypt calls I made in the past? No. Upon initiating a call, the CryptoPhone will set up a secure connection between two phones. During this setup, the phones agree on a very long and secure 'session code', that is only used for that specific call. At call ending, all parameters are wiped from memory, and there is no way anyone can reconstruct the code used or the content of the call(s). The very moment you end a call, your phone is clean again. However, you should keep in mind that loosing your phone might compromise other data like your adressbook and call history. Also, if you happen to lose your phone and get it back later, carefully consider the possibility that someone compromised the integrity of your phone while it was out of your control, so later calls could be intercepted. The same applies when you have a defective CryptoPhone repaired at a normal mobile phone service repair center. We strongly recommend you keep the CryptoPhone with you at all times to prevent anyone from tampering with it. |
 |
 |
SECURITY QUESTIONS