Comprehensive information protection for mobile phones. 2012 Results
What will be remembered for the past year for the largest manufacturers of mobile communications: Samsung, Apple, Google, Nokia, Sony, Rim, Motorola, smaller corporations? First of all, a huge problem associated with vulnerabilities in the information systems of mobile phones. Currently, 6 billion phones have been sold in the world (of which 1 billion are smartphones), and reliable information protection for them has not yet been created. The rapid demand for fashionable gadgets clearly outstripped the pace of their information protection, fierce rivalry for dividing the gigantic market and cheaper products was achieved primarily due to the level of security. Now this boomerang is back ...
The danger of hacker attacks threatening mobile users was noticeable even by such an example. In 2012, Ancort displayed its products at the four largest international exhibitions of electronic technologies in Las Vegas (USA), the World Mobile Congress in Barcelona (Spain), CEBIT in Hanover (Germany) and DSA in Kuala Lumpur (Malaysia) and everywhere the same picture was observed, the main slogan of past events was the information security of mobile phones.
Traditionally, our developments have attracted the attention of clients who make specific demands and represent a special layer among users: heads of state, major political figures, army representatives, bankers, businessmen, lawyers, famous artists, lawyers, in a word, all those for whom information security is presented especially important condition.
This year, we could not help but notice the huge interest on the part of specialists representing the leaders of the modern IT industry. Along with high-ranking statesmen from different countries, for example, only in Malaysia nine (!) Defense ministers of different countries visited our booth, Ankort was also visited by ... heads of corporations involved in the production of mobile phones. You will agree that even this fact alone leads to certain thoughts.
I also remembered the outgoing year for another unexpected event: the appearance on the market of a large number of new companies that introduced products related to information protection.
Various "Start-ups", clearly sensing the "trends of the time", hastened to show their developments in the field of security at major international exhibitions. They could be divided into two categories. One was made up of traditional software protection tools, and the other, more advanced ones, were hardware, in the military style.
It would seem that this is evidence that the situation is changing and developers around the world have finally “woken up” by starting to offer mobile protection solutions from hackers.
However, a more detailed analysis revealed an unexpected fact. Having studied the websites and brochures of newcomers to the information security market, it became clear that they mainly contain beautiful marketing communications, without any cryptographic specifics, at least about how keys are generated and where they are stored. But this is one of the most important factors.
Another fashionable direction for attracting customers was the numerous references to the phrase “army standard” in advertising. Some firms cited the fact that their products are certified according to military standards not only of the countries they represent, but of all NATO countries combined.
True, a more detailed study revealed that in reality only one of the elements was certified, for example, a power supply, and not the entire product as a whole, but it was not possible to understand this from advertising. In fact, for the sake of profit, the manufacturer of informational pseudo-protection went to the deliberate deception of customers.
It is clear that in these cases the calculation was exclusively for an inexperienced user who was faced with the problem of theft of personal or financial information, but who did not yet have experience with cryptographic systems.
Those who already had this experience, and above all, users of software, this year tried to pick up something more serious, in the form of hardware. True, even with an unexpectedly large number of offers from different countries, they, no matter how strange it turned out, either have our Stealthphone hardware encoder or a product of the German company Rode Schwartz. But more about that later ...
First, it is necessary to explain why the most sophisticated users have ceased to trust the information security software and have completely lost interest in them. This year there has even been some reappraisal of values. And, in all likelihood, a stable gradation has already been fixed forever, when only a hardware-based information protection tool can claim the title of a professional-level system.
Why, you ask? After all, the programs are very convenient and easy to use, they can be easily downloaded, they are relatively cheap, etc. All this is actually so, if you do not take into account that recently hackers have become so powerful computers and programs that it is relatively easy to immediately defeat any software protection installed on one or even several computers.
We give a fresh example. At the latest Password 12 security conference, researcher Jeremy Gosney demonstrated the look of the standard device that hackers use today to crack your passwords. In total, it represents 5 server cabinets equipped with 25 AMD Radeon graphics adapters, which can transfer up to 10 gigabits per second. A password cracking program is running on the device, capable of 348 billion hashes of NTLM passwords per second. This speed indicates that the encrypted LM Windows XP password will be cracked in 6 minutes. From which the conference participants made a logical conclusion: “a password that would have taken a million years to crack yesterday could today be cracked by noon” ...
You ask what unfortunate users do after they face a similar or even more sophisticated and powerful adversary?
Absolutely right! Using cryptographic hardware protection is the only way to successfully counter any, even the most powerful, hacker software.
But on this path, as it turned out, the owners of mobile technology, looking for peace and security in a stormy, violent and very dangerous electronic world, are waiting for unpleasant surprises.
A large number of the protection equipment presented at the largest international exhibitions, with the exception of, as we have already said, our company and the German Rode Schwartz offer “protection on CD”.
Our experts tested several samples of such products and found that the main encryption in them is a regular software tool, while external encryption serves only as a keystore ...
In fact, this is the same marketing move used by unscrupulous manufacturers to mislead users and hint to them that they allegedly dealing with hardware protection.
Talk about the seriousness of such systems is not worth it. They do not protect against viruses, do not protect against unauthorized inclusion of the microphone, and most importantly, they do not protect against dangerous information leaks via side channels. This happens because the phone’s microphone is located next to the transmit antenna. And the harmonics of the voice of a person talking through a microphone are superimposed on a signal that is broadcast through the antenna of a mobile phone along with an allegedly encrypted signal.
In other words, the superposition of the low-frequency voice signal recorded by the microphone on the high-frequency signal transmitted by the antenna is performed. And subsequently, with the help of not complicated digital signal processing, a low-frequency voice signal can be extracted from it. Therefore, in reality, the so-called “encrypted” conversation can be easily listened to with a conventional scanner, costing only a few hundred dollars, at a distance of up to five kilometers from the nearest GSM base station. Unfortunately, this time the calculation is made on the unpreparedness of users who do not know all the nuances.
As already noted, given all these circumstances, according to the unanimous opinion of experts who analyzed the trends of the year at the World Mobile Congress 2012 and CEBIT exhibitions, only two companies presented users with real hardware protection that meets the highest standards: Ancort and Rode Schwartz.
At another international exhibition, in Malaysia, the rival Ancort was the large cryptographic company Crypto AG, which introduced a secure telephone as its latest development. It is interesting that even this company could not resist the buzzwords in advertising its phone, ranking it as a full-fledged hardware protection tool. Although in reality I used only an “SD” card, and the phone itself only works with the outdated Symbian operating system.
It is worth recalling that several years ago it was Ancort that became the first company in the world to introduce the crypto smartphone - a special device with guaranteed cryptographic protection of voice information, caller authentication and SMS and email encryption.
And it makes no sense to compare our developments, since they relate to different levels of information protection for mobile phones. Each of them has its own advantages, and on the whole it adequately copes with the task - individual protection of the voice data of a particular user.
Today we are talking about modern, mass protection of information in mobile phones, which reduces user costs, including through the use of IP-telephony. It makes it impossible for hackers to decrypt and intercept not only conversations on a mobile phone, but also all types of data: voice communication over the Internet, SMS, MMS, e-mail, a database of social networks, etc.
And it is very pleasant that in this dispute between the two market leaders, international experts gave our products the first place. However, from the following comparative table of the technical capabilities of the two hardware products, readers will be able to independently conclude why in 2012 it was the Russian company Ancort that held the lead in the development and production of comprehensive information protection facilities.
Both devices consist of an encoder separate from the mobile phone and special software that is installed on the mobile phone. However, the outward similarity of the encoders in question is misleading, since their technical and cryptographic characteristics are different, and the range of capabilities they provide is unequal. The table below shows the technical and cryptographic characteristics of TopSec Mobile and Stealthphone Touch hardware encryptors:
Based on the data reflecting the technical and cryptographic characteristics of hardware encryptors, the following conclusions can be made in favor of Stealthphone Touch.
The functionality offered by Stealthphone Touch to ensure the confidentiality of information on a mobile phone is very large. Everyone using their mobile phone using the Stealthphone Touch can:
1. Encrypt voice, SMS, MMS, E-Mail;
2. Use the secure chat modes "cryptocurrency" and "cryptoconference";
3. Protect the microphone of your mobile phone from secretly taking information when the phone is in both call and standby mode;
4. Work with low-speed mobile Internet connections and transmit information in a secure form via 3G, 3,5G, EDGE, Wi-Fi and WiMAX communication channels;
5. Guaranteed to secure your data by transmitting encrypted information over a closed network and using the design features of the encoder (we are talking about the Stealthphone Touch keyboard, on which various access PIN codes are entered);
6. Ensure the security of the operating system of your phone (Android, IPhone, Symbian, BlackBerry);
7. Use the encoder in conjunction with any modern mobile phone, as well as a tablet or personal computer for sending email;
8. Connect via Bluetooth simultaneously up to 5 mobile devices;
9. Evaluate the high quality of voice transmission, the convenience of the user interface, the duration of the period of work without recharging, and the elegant, concise design of the encoder, developed using nano technology.
In modern conditions, the governments of many countries are moving towards creating integrated information security systems at the state level, combining the efforts of state bodies, representatives of business communities and public organizations. The reason for this is the high level of network activity of hackers: in 2012, 556 million people suffered from their actions, that is, a hacker attack was carried out every 18 seconds (2). Popular among users, high-tech mobile devices used to access the Internet and work with various applications are also at risk. Therefore, today it is very important not to make a mistake and choose the most cryptographically secure solution that is suitable in all respects to protect user information.
More on Stealthphone
Sources:
1. Manufacturer data www2.rohde-schwarz.com/file_18186/TopSec-Mobile-VoIP_bro_en.pdf
2. According to the Internet resource www.memoid.ru/node/Gromkie_prestupleniya_russkih_hakerov
The danger of hacker attacks threatening mobile users was noticeable even by such an example. In 2012, Ancort displayed its products at the four largest international exhibitions of electronic technologies in Las Vegas (USA), the World Mobile Congress in Barcelona (Spain), CEBIT in Hanover (Germany) and DSA in Kuala Lumpur (Malaysia) and everywhere the same picture was observed, the main slogan of past events was the information security of mobile phones.
Traditionally, our developments have attracted the attention of clients who make specific demands and represent a special layer among users: heads of state, major political figures, army representatives, bankers, businessmen, lawyers, famous artists, lawyers, in a word, all those for whom information security is presented especially important condition.
This year, we could not help but notice the huge interest on the part of specialists representing the leaders of the modern IT industry. Along with high-ranking statesmen from different countries, for example, only in Malaysia nine (!) Defense ministers of different countries visited our booth, Ankort was also visited by ... heads of corporations involved in the production of mobile phones. You will agree that even this fact alone leads to certain thoughts.
I also remembered the outgoing year for another unexpected event: the appearance on the market of a large number of new companies that introduced products related to information protection.
Various "Start-ups", clearly sensing the "trends of the time", hastened to show their developments in the field of security at major international exhibitions. They could be divided into two categories. One was made up of traditional software protection tools, and the other, more advanced ones, were hardware, in the military style.
It would seem that this is evidence that the situation is changing and developers around the world have finally “woken up” by starting to offer mobile protection solutions from hackers.
However, a more detailed analysis revealed an unexpected fact. Having studied the websites and brochures of newcomers to the information security market, it became clear that they mainly contain beautiful marketing communications, without any cryptographic specifics, at least about how keys are generated and where they are stored. But this is one of the most important factors.
Another fashionable direction for attracting customers was the numerous references to the phrase “army standard” in advertising. Some firms cited the fact that their products are certified according to military standards not only of the countries they represent, but of all NATO countries combined.
True, a more detailed study revealed that in reality only one of the elements was certified, for example, a power supply, and not the entire product as a whole, but it was not possible to understand this from advertising. In fact, for the sake of profit, the manufacturer of informational pseudo-protection went to the deliberate deception of customers.
It is clear that in these cases the calculation was exclusively for an inexperienced user who was faced with the problem of theft of personal or financial information, but who did not yet have experience with cryptographic systems.
Those who already had this experience, and above all, users of software, this year tried to pick up something more serious, in the form of hardware. True, even with an unexpectedly large number of offers from different countries, they, no matter how strange it turned out, either have our Stealthphone hardware encoder or a product of the German company Rode Schwartz. But more about that later ...
First, it is necessary to explain why the most sophisticated users have ceased to trust the information security software and have completely lost interest in them. This year there has even been some reappraisal of values. And, in all likelihood, a stable gradation has already been fixed forever, when only a hardware-based information protection tool can claim the title of a professional-level system.
Why, you ask? After all, the programs are very convenient and easy to use, they can be easily downloaded, they are relatively cheap, etc. All this is actually so, if you do not take into account that recently hackers have become so powerful computers and programs that it is relatively easy to immediately defeat any software protection installed on one or even several computers.
We give a fresh example. At the latest Password 12 security conference, researcher Jeremy Gosney demonstrated the look of the standard device that hackers use today to crack your passwords. In total, it represents 5 server cabinets equipped with 25 AMD Radeon graphics adapters, which can transfer up to 10 gigabits per second. A password cracking program is running on the device, capable of 348 billion hashes of NTLM passwords per second. This speed indicates that the encrypted LM Windows XP password will be cracked in 6 minutes. From which the conference participants made a logical conclusion: “a password that would have taken a million years to crack yesterday could today be cracked by noon” ...
You ask what unfortunate users do after they face a similar or even more sophisticated and powerful adversary?
Absolutely right! Using cryptographic hardware protection is the only way to successfully counter any, even the most powerful, hacker software.
But on this path, as it turned out, the owners of mobile technology, looking for peace and security in a stormy, violent and very dangerous electronic world, are waiting for unpleasant surprises.
A large number of the protection equipment presented at the largest international exhibitions, with the exception of, as we have already said, our company and the German Rode Schwartz offer “protection on CD”.
Our experts tested several samples of such products and found that the main encryption in them is a regular software tool, while external encryption serves only as a keystore ...
In fact, this is the same marketing move used by unscrupulous manufacturers to mislead users and hint to them that they allegedly dealing with hardware protection.
Talk about the seriousness of such systems is not worth it. They do not protect against viruses, do not protect against unauthorized inclusion of the microphone, and most importantly, they do not protect against dangerous information leaks via side channels. This happens because the phone’s microphone is located next to the transmit antenna. And the harmonics of the voice of a person talking through a microphone are superimposed on a signal that is broadcast through the antenna of a mobile phone along with an allegedly encrypted signal.
In other words, the superposition of the low-frequency voice signal recorded by the microphone on the high-frequency signal transmitted by the antenna is performed. And subsequently, with the help of not complicated digital signal processing, a low-frequency voice signal can be extracted from it. Therefore, in reality, the so-called “encrypted” conversation can be easily listened to with a conventional scanner, costing only a few hundred dollars, at a distance of up to five kilometers from the nearest GSM base station. Unfortunately, this time the calculation is made on the unpreparedness of users who do not know all the nuances.
As already noted, given all these circumstances, according to the unanimous opinion of experts who analyzed the trends of the year at the World Mobile Congress 2012 and CEBIT exhibitions, only two companies presented users with real hardware protection that meets the highest standards: Ancort and Rode Schwartz.
At another international exhibition, in Malaysia, the rival Ancort was the large cryptographic company Crypto AG, which introduced a secure telephone as its latest development. It is interesting that even this company could not resist the buzzwords in advertising its phone, ranking it as a full-fledged hardware protection tool. Although in reality I used only an “SD” card, and the phone itself only works with the outdated Symbian operating system.
It is worth recalling that several years ago it was Ancort that became the first company in the world to introduce the crypto smartphone - a special device with guaranteed cryptographic protection of voice information, caller authentication and SMS and email encryption.
And it makes no sense to compare our developments, since they relate to different levels of information protection for mobile phones. Each of them has its own advantages, and on the whole it adequately copes with the task - individual protection of the voice data of a particular user.
Today we are talking about modern, mass protection of information in mobile phones, which reduces user costs, including through the use of IP-telephony. It makes it impossible for hackers to decrypt and intercept not only conversations on a mobile phone, but also all types of data: voice communication over the Internet, SMS, MMS, e-mail, a database of social networks, etc.
And it is very pleasant that in this dispute between the two market leaders, international experts gave our products the first place. However, from the following comparative table of the technical capabilities of the two hardware products, readers will be able to independently conclude why in 2012 it was the Russian company Ancort that held the lead in the development and production of comprehensive information protection facilities.
Both devices consist of an encoder separate from the mobile phone and special software that is installed on the mobile phone. However, the outward similarity of the encoders in question is misleading, since their technical and cryptographic characteristics are different, and the range of capabilities they provide is unequal. The table below shows the technical and cryptographic characteristics of TopSec Mobile and Stealthphone Touch hardware encryptors:
Based on the data reflecting the technical and cryptographic characteristics of hardware encryptors, the following conclusions can be made in favor of Stealthphone Touch.
The functionality offered by Stealthphone Touch to ensure the confidentiality of information on a mobile phone is very large. Everyone using their mobile phone using the Stealthphone Touch can:
1. Encrypt voice, SMS, MMS, E-Mail;
2. Use the secure chat modes "cryptocurrency" and "cryptoconference";
3. Protect the microphone of your mobile phone from secretly taking information when the phone is in both call and standby mode;
4. Work with low-speed mobile Internet connections and transmit information in a secure form via 3G, 3,5G, EDGE, Wi-Fi and WiMAX communication channels;
5. Guaranteed to secure your data by transmitting encrypted information over a closed network and using the design features of the encoder (we are talking about the Stealthphone Touch keyboard, on which various access PIN codes are entered);
6. Ensure the security of the operating system of your phone (Android, IPhone, Symbian, BlackBerry);
7. Use the encoder in conjunction with any modern mobile phone, as well as a tablet or personal computer for sending email;
8. Connect via Bluetooth simultaneously up to 5 mobile devices;
9. Evaluate the high quality of voice transmission, the convenience of the user interface, the duration of the period of work without recharging, and the elegant, concise design of the encoder, developed using nano technology.
In modern conditions, the governments of many countries are moving towards creating integrated information security systems at the state level, combining the efforts of state bodies, representatives of business communities and public organizations. The reason for this is the high level of network activity of hackers: in 2012, 556 million people suffered from their actions, that is, a hacker attack was carried out every 18 seconds (2). Popular among users, high-tech mobile devices used to access the Internet and work with various applications are also at risk. Therefore, today it is very important not to make a mistake and choose the most cryptographically secure solution that is suitable in all respects to protect user information.
More on Stealthphone
Sources:
1. Manufacturer data www2.rohde-schwarz.com/file_18186/TopSec-Mobile-VoIP_bro_en.pdf
2. According to the Internet resource www.memoid.ru/node/Gromkie_prestupleniya_russkih_hakerov