Cryptocurrencies or digital currencies seem to be the new currency that the majority of people rely on. Being digital assets, it is vulnerable to getting hacked, and people owing them can get so-called “wallet-rupt” if they do not care about its security. This thought has given rise to what we will discuss here, Cryptophone.
Additionally, the latest Encrochat incident that had recently been investigated for illegal activities has also drawn attention towards the cryptophones. A cryptophone is believed to be inviolable and interception-proof. We will talk more about this device in the latter part of the article.
A Cryptophone can be termed as the next generation device that blends a smartphone’s usability and a crypto hardware wallet’s strong cybersecurity approach. This all-in-one device revolutionizes the way we access Bitcoin (BTC) with the Web 3 technology that empowers you to buy, send, sell, receive, lend and borrow crypto coins.
However, cryptophones are very much different from regular smartphones or commercial smartphones. The first point of difference is the encryption feature. Cryptophones are far more encrypted than the smartphones we carry in our pockets. The smartphones (iOS and Android), on the other hand, use encryption in their memory and data management along with communication applications like instant messaging for the past couple of years.
Smartphones generally do not incorporate Full Disk Encryption (FDE), that are used in the hard drives of the computer where the entire disk is encrypted. But, the FDE in smartphones is less secured. Thus, File-Based Encryption (FBE) is preferred to encode the files individually.
There are various models of Cryptophone available in the market. In this segment, we will clarify how these devices perform and what peculiarities they have.
On the basic level, a Cryptophone is just like the standard Android phones or Blackberry phones. But the differences that make it unique are only at the software level, having the inclusion of an operating system (OS) bearing special security requirements.
The installed OS disables the GPS tracking, Bluetooth, USB port (operates solely for battery charge), camera, and Google services. It obscures the push notifications and bars any other service that might produce a risk of location or interception. Along with this, the utilization of external SD cards is also not allowed. HTC Exodus is an example of an encrypted phone or cryptophone. However, there are other examples as well.
The calls remain active but solely in the VoIP mode. Thus, it uses no GSM network and messaging, but it uses encrypted applications with proprietary — for example, the Zphone. The operating system (OS) installed in it is called a Secure OS. Another example is the Blackphone 2 of the Silent Circle. It comes in pre-installed applications under Silent Suite that includes Silent Text for messaging and file exchange, Silent Phone for voice calling, and Silent Contacts, which offers protection and security to contacts in the address book.
Both the chats and calls are encrypted with multi-level encryption such as Elliptical Curve Encryption (ECC), Diffie-Hellman encryption, OTR for chat, ZRTP for the calls, and PGP or Pretty Good Privacy for email. OTR, the abbreviation of Off-the-Record Messaging, is a cryptographic protocol used for instant messaging. It can also be implemented on the existing IM systems. In comparison, ZRTP is a protocol used for secure calls that permits you to make encrypted calls using the internet. The “Z” implies its inventor, Zimmermann and RTP mean Real-Time Transport Protocol.
Another thing that needs to a mention is that all of these features work via the specially installed applications only if the calls and the messages take place between two cryptophones. Both the Cryptophone needs to be on the same network. However, the calls that are made to the standard devices (not a Cryptophone) are never encrypted and are prone to interception or hacking by governmental agencies.
These techniques also help encrypt the message headers and the metadata, adding a security level that lacks traditional messaging such as WhatsApp.
Usually, the voice applications and the chat are encrypted peer-to-peer while the user communications are never stored on the servers. Additionally, one can choose whether or not to store the data backups such as contact lists and also the location for storing them. If one decides to do this on the service providers’ servers, then the backups get encrypted.
A CryptoPhone may also perform equally well without a SIM card but will use a Wi-Fi network. In other cases, dedicated SIM cards are offered that are definitely different from the traditional carriers. These SIM cards connect to the server network provided by your service provider. This trick enables a cryptophone to stay protected from Man in the Middle attacks or MITM that are made with tools like IMSI catcher.
A crucial feature of these phones is the necessary presence of a server infrastructure that is made available to the service provider against a fee payment that is generally higher than the original price of the device. In some cases like that of Encrochat, the annual subscription rises beyond 2,000 euros each year. Most of the time, the servers are located in “offshore” countries like Costa Rica along with Holland, Canada, and others. They also represent the heart of the service, and the investigators target the system to these servers.
In the bid to look like the usual smartphones, the cryptophones can load two separate operating systems that can run different key combinations — an encrypted system located in an encrypted and hidden partition and a standard Blackberry or Android system.
These phones also bear a “wiping” function. This implies that the encrypted system can be deleted entirely if the police seize the Cryptophone. The wiping procedure can be directly activated on the phone using a key combination or even can be wiped remotely using the servers’ network on which the devices depend.
In the bid to work, the cryptophones depend on a network and a Mobile Device Management (MDM) platform. It is a system permitting you to manage multiple phones, set limitations or profiles identical to the ones used in the companies. The commonly used and known MDMs is one based on Blackberry. This is the sole reason why most cryptophones utilize Blackberry hardware.
The Encrochat case had been one of the most exceptional circumstances, and Carola Frediani had illustrated pretty amazing in her article:
“Encrochat is the name of the company that sold a “secure” communication service based on cryptophones — smartphones modified in software and hardware to be impossible to hack/intercept/violate — whose encrypted messages were routed through the servers of the same company, scattered around the world”.
According to the expert Paolo Dal Checco,
“The Encrochat communication system seemed to be armoured, for a long time the police and experts all over Europe were looking for a way to access the Encrochat network and phones (when they were seized), but without success. So how did they manage to breach Encrochat? The authorities gave very little information about the results of the blitz, but it is not excluded that the success of the operation was possible thanks to a mole (an infiltrator or a repentant) that allowed the investigators to take control of the infrastructure (the MDM system) or perhaps by sending to the Encrochat network a specially manipulated update.”
The wired telephones had experienced wiretapping that was probably the best way to track audio communication between two people. However, with the arrival of wireless technology, smartphones have become the citizens’ virtual devices, raising the scope of new opportunities for easy snooping. This is due to the protocols that the UMTS or the GSM networks work on are much vulnerable.
Finally, Edward Snowden revealed that telecommunication interception had fully grown into a significant industry in the course of decades. Surprisingly, the intelligence agencies, the governments, and the major private organizations across the globe had been found guilty of intercepting the calls that would offer them business or financial information at the cost of ordinary people’s privacy.
As the wireless interception and tracking’s electronic equipment had started to be available readily, the monitoring has been deployed more deliberately and frequently. Unfortunately, for the comparatively small businesses as well. Thus, utilizing encryption as a shield for protecting your privacy is crucial in the digital era.
Nevertheless, shielding users’ information utilizing the encryption method is much challenging. The secret algorithms or the proprietary that the current day’s networking and mobile companies often use are found to be weaker when it comes to protecting you against the malicious actors trying to snoop your online activity and data. What is more surprising is that these organizations use smart marketing tactics to provide you with a false sense of security by claiming that they are certified by the government — ideally unknowingly the same intelligence organizations that peek into your data in the name of “national security” or “suspicious activity”. A Cryptophone is a savior!
Disclaimer: Read the complete disclaimer here.