
CELLPHONE sparked the inquiry that led Lord Justice Leveson to conclude that the press 鈥渨reaked havoc in the lives of innocent people鈥 in his long-awaited to the British government last week. But those in the public eye aren鈥檛 counting on heavier press regulation to stop future hackers. Instead, they are increasingly placing their bets on emerging smartphone technologies that foil eavesdroppers by encrypting voice and text data in real time.
One such technology hails from , based in Berlin, Germany. Its CryptoPhones are commercial smartphones that use military-grade encryption algorithms to ensure that calls, texts and voicemails 鈥 when passing between people with similar secure devices 鈥 are all but unhackable. These cost around 鈧2000 per handset. But now a rival has entered the fray with a much cheaper approach.
of Washington DC launched its real-time call encryption app Silent Phone for the iPhone in October, and next week it releases a version for Android. CEO Mike Janke, a former security expert with the US Navy Seals, claims demand for the service, which costs 拢13 per month, has taken him by surprise: 鈥淎-list Hollywood celebrities, special forces operatives, diplomats from nine nations, and a clutch of Fortune 100 companies have signed up to use our service in our first 40 days,鈥 he says.
Advertisement
聯A-list celebrities, special forces operatives, diplomats and Fortune 100 companies have signed up聰
For firms worried that their industrial secrets could be stolen, securing transmissions by phone is paramount. To do this, GSMK 鈥 which has 10,000 smartphones in use 鈥 replaces Windows, Linux or Android operating systems with its own, more secure operating system. Both GSMK and Silent Circle use 鈥渆nd-to-end鈥 encryption that takes place in the phone, so there鈥檚 no hackable server that carries out the encryption. When a call is made, two code words appear on the phone鈥檚 screen that both parties have to speak out loud. If they match, they know they are safe to proceed.
Both Silent Circle and GSMK doubly encrypt their messages using two encryption methods, including one called AES256, so even if one scheme is broken there鈥檚 still the other to deal with. 鈥淚t鈥檚 a very paranoid design,鈥 says GSMK founder Bjoern Rupp.
But Janke concedes that, as Silent Phone is app-based, it is vulnerable to attack from other, malicious apps that could pilfer voice and text data before it is encrypted. While Silent Phone鈥檚 securely received texts can self-delete a set time after they have been read, they can be saved as a phonecam鈥檚 screenshot. GSMK鈥檚 operating system prevents screenshot-taking by default, says Rupp.
It鈥檚 not all about cash: both GSMK and Silent Circle donate phones to human rights groups that need to be able to make secure calls. It鈥檚 all encouraging stuff, says Eric King of London pressure group Privacy International. But he adds that the onus should be on phone networks to do more to prevent interception. 鈥淧hone hacking would not have happened if networks had generated a random PIN for voicemail accounts in the same way a bank does.鈥