the CryptoParty handbook - Version: 2013-08-21 - Back to Index
Phone calls made over the normal telecommunications system have some forms of protection from third party interception, i.e. GSM mobile phones calls are encrypted. GSM calls are not encrypted end-to-end however and telephone providers are increasingly forced to give governments and law enforement organisations access to your calls. In addition to this the encryption used in GSM has been cracked and now anyone with enough interest and capital can buy the equipment to intercept calls. A GSM Interceptor (http://en.intercept.ws/catalog/2087.html is an off the shelf device to record mobile phone conversations when in the vicinity of the call. Centralised or proprietary systems like Skype also encrypt calls but have built in backdoors for secret services and governments and are at the behest of their owner (in Skype’s case Microsoft).
A solution to this problem is to make encrypted calls using Voice over IP (VoIP) through an Internet connection. Both WiFi or mobile data networks can be used: cracking the GSM or Wireless password will not mean that your call can be intercepted.
As regards platforms, Android has a wider range of open source VoIP software, largely because Apple’s AppStore licensing model prohibits distribution of software released under the General Public License (approximately 60% of all open source software released). The GPL is very popular in the security and networking community.
At the time of writing iPhone users only have proprietary options available for purchase, like Groundwire http://www.acrobits.cz/11/acrobits-groundwire-for-iphone. Warning: as it is not open, the security of Groundwire cannot be assured!
Android users head over to the section Call Encryption to get started making secure VoIP calls.
SMS are short messages sent between mobile phones. The text is sent without encryption and can be read and stored by mobile phone providers and other parties with access to the network infrastructure to which you’re connected. To protect your messages from interception you have to use a chat protocol over your data connection. Thankfully this is not at all difficult. Many Instant Messaging providers use the Extensible Messaging and Presence Protocol (XMPP) that allows users to use various clients to send and receive messages and exchange message with other providers.
Although XMPP uses TLS/SSL (see glossary entry TLS/SSL) encryption to prevent 3rd party interception, your provider can still read your messages and hand them over to other entities. Off-the-Record (OTR) Messaging however allows you encrypt your messages. The messages you send do not have digital signatures that can be verified by a third party, consequently the identity of their author is repudiable afterwards. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured of the integrity of the messages - what s/he sees is authentic and unmodified.
See the section Instant Messaging Encryption
the CryptoParty handbook - Version: 2013-08-21 - Back to Index