Re: [TSCM-L] {4648} Bypassing voice encryption on cell phones (including CryptoPhone)

From: kondrak <kon..._at_phreaker.net>
Date: Thu, 04 Feb 2010 04:32:10 -0500

>From - Sat Mar 02 00:57:27 2024
X-BeenThere: tscm-l2006_at_googlegroups.com
Received: by 10.224.22.138 with SMTP id n10ls222097qab.0.p; Fri, 29 Jan 2010
        10:07:35 -0800 (PST)
Received: by 10.224.123.206 with SMTP id q14mr185172qar.23.1264788454874;
        Fri, 29 Jan 2010 10:07:34 -0800 (PST)
Received: by 10.224.123.206 with SMTP id q14mr185170qar.23.1264788454825;
        Fri, 29 Jan 2010 10:07:34 -0800 (PST)
Return-Path: <ber..._at_netaxs.com>
Received: from webmail1.paetec.net (webmail1.paetec.net [209.92.1.171])
        by gmr-mx.google.com with ESMTP id 24si312726qyk.2.2010.01.29.10.07.34;
        Fri, 29 Jan 2010 10:07:34 -0800 (PST)
Received-SPF: neutral (google.com: 209.92.1.171 is neither permitted nor denied by best guess record for domain of ber..._at_netaxs.com) client-ip 9.92.1.171;
Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 209.92.1.171 is neither permitted nor denied by best guess record for domain of ber..._at_netaxs.com) smtp.mail¾r..._at_netaxs.com
Received: from webmail1.paetec.net (webmail1 [127.0.0.1])
        by webmail1.paetec.net (8.13.8/8.13.8) with ESMTP id o0TI7XCR000805
        for <tscm-..._at_googlegroups.com>; Fri, 29 Jan 2010 13:07:34 -0500
Received: (from apache_at_localhost)
        by webmail1.paetec.net (8.13.8/8.13.8/Submit) id o0TI7Xth000804
        for tscm-..._at_googlegroups.com; Fri, 29 Jan 2010 13:07:33 -0500
X-Authentication-Warning: webmail1.paetec.net: apache set sender to ber..._at_netaxs.com using -f
Received: from 173-101-106-137.pools.spcsdns.net
 (173-101-106-137.pools.spcsdns.net [173.101.106.137]) by webmail.uslec.net
 (Horde Framework) with HTTP; Fri, 29 Jan 2010 13:07:33 -0500
Message-ID: <20100129130733.104541n50jpj6qsk_at_webmail.uslec.net>
Date: Fri, 29 Jan 2010 13:07:33 -0500
From: ed <ber..._at_netaxs.com>
To: tscm-l2006_at_googlegroups.com
Subject: Re: [TSCM-L] {4621} Bypassing voice encryption on cell phones
 (including CryptoPhone)
References: <4B623A4F.5030509_at_gmail.com>
 <E1NapX0-0007B2-00_at_pop06.mail.atl.earthlink.net>
In-Reply-To: <E1NapX0-0007B2-00_at_pop06.mail.atl.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=ISO-8859-1;
 DelSp="Yes";
 format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.4)

John's points are well taken, but I believe people shouldn't throw in
the towel in trying to achieve COMSEC. The more efforts people take
to make the spies' jobs more difficult, the less effective their
overall surveillance efforts will be.

The Wired article exposing the vulnerabilities of "secure" telephone
products is academic. Every single one of these "successful" attacks
used unfettered physical access to the encrypted phones to compromise
them!

Whenever an attacker has unfettered physical access to a target's
encrypted phone, the game's over.

As Cryptophone's (and no doubt other products) users manual states,
installing third-party applications on the phone renders the phone
insecure by definition--as does allowing an untrusted party unfettered
physical access to the encrypted phone.

Duh.

-Ed



Quoting John Young <j..._at_pipeline.com>:

> The principal reason no publicly-purchaseable crypto-enable phone can
> be secure is that the manufacture and sale would be blocked by the gov,
> US or others. Fully secure communication against official interception
> will always be illegal. Outlaws may rig their own and communicate until
> caught, which won't be long due to the pervasive surveillance of the
> spectrum, wired, opticked or wireless, and for sure, with the assistance
> of communications equipment producers.
>
> Yes, Crypto AG is the canonical lesson learned: you may think you are
> secure but dream on and be quietly sensored.
>
> One might surmise why Marty was locked out of the lucrative market
> was his equipment was too good, and thus was likely to be used by
> outlaws who got his magical stuff from official bootleggers. Had Marty
> been more compliant he would still be rolling in clover, although rather
> dirty. Take your pick: sin or salvation. Marty to his great credit took
> the latter.
>
> Deception about comsec is fundamental tradecraft, and snake oil is
> all the public can buy legally. And all comsec snake oil, lawful and
> unlawful, promises what it cannot provide. Consider praying which
> works as well, skip the tithing.
>
> What is most impressive is the comsec advertising that bluntly states
> there is no 100% security, only vigilance by well-paid experts who spend
> most of the time insulting each other's capabilities and warning
> customers about snake oil of lesser quality than one's own. This
> is the SOP of the military and spies, and, why not be blunt, of the
> religions, educations, governments. TSCM guardian angels are
> the exception.
>
> --
> You received this message because you are subscribed to the Granite
> Island Group "TSCM-L Professionals List" group which is the oldest,
> and the largest TSCM group on Earth. To post to this group, send
> E-Mail to TSCM-..._at_googlegroups.com, to contact the list owner and
> moderator please send an E-Mail message to jm..._at_tscm.com.
>
> This group is sponsored by Granite Island Group to improve the
> profession of hunting spies, and to educate the security industry in
> the craft of technical counter-intelligence. Granite Island Group
> performs bug sweeps like it's a full contact sport; we take no
> prisoners, we don't play fair, and we give no quarter. Our
> professional goal is to simply, and completely stop the spy.
>
> Granite Island Group Offers World Class, Professional, Ethical, and
> Competent Bug Sweeps, and Wiretap Detection using Sophisticated
> Laboratory Grade Test Equipment.
>
Received on Sat Mar 02 2024 - 00:57:27 CST