“If encryption made any difference, they wouldn’t let us use it”, said someone.
Encrypted calls are protecting you from the ones that don’t want to (or cannot) intercept your phone calls, and does not protect you at all against the ones that can intercept your calls – law enforcement, homeland security and intelligence agencies. Make sense to you? If not, please read below.
Most people think that call encryption is the Holly Grail of secure communications, being also a mainstream when it comes to software development for mobile security. Why is that? Because of 007 movies? Not at all. Because is the only product you can find on nowadays security overcrowded market. From hardware devices to sophisticated software applications, all claim that encrypting your mobile voice calls is the best you can get and there are no other trustworthy solutions. Unfortunately encrypted calls does not offer real security when you are targeted not just by (abusive or not) law enforcement, homeland security or intelligence agencies, but worst, even when you are a target for a skilled hacker.
You don’t have to trust us. Just google for voice call encryption hack and tons of articles are available at a glance.
For those of you that use voice encryption products on mobile phones the last thing you would expect is for it to be easily decrypted and intercepted. You may have shelled out good coin for your application and rely upon it for your intellectual security, but what if that security was not as tight as you had imagined, what if a readily available wiretapping utility attainable by anyone, and a simple Trojan slipped on to your device could compromise all of your calls?
Back in 2010 blogger, hacker and IT security expert Notrax has done just that. For his own safety we will not reveal his name, however, Notrax has discovered that 12 commercially available mobile voice encryption products can be intercepted and compromised using a little ingenuity and creativity as he has carefully detailed on his website.
He tested 15 voice encryption products in total, 12 of them were “worthless”. It’s easy to take the software at face value when it “tells you” that the call is secured. But how does someone actually go about being sure that it is secured? Notrax did some digging and discovered he could break in to almost all of them in under 30 minutes.
Secure means that Notrax did not manage to crack it. It does not mean that someone else would not be able to crack it.
These calls can be tapped by anyone that has basic technical skills or the money to back up such an endeavor. “Statistics show Government agencies on average conduct 50,000 legal wiretaps per year (legal= those where a court order is required), (Let’s not forget Echelon) another 150,000 phones are illegally tapped by private detectives, spouses and boyfriends and girlfriends trying to catch a potential cheater. Another estimate shows up to 100,000 phones are wiretapped by companies and private industry in some form of industrial espionage. It is happening and it is a big business.”
SnapCell was safe, it’s a private encryption device that snaps on to your mobile, they claim to protect your mobile voice, fax and data communications from wiretapping, eavesdropping and line interference. SnapCell’s website has been offline since January 21st for unknown reasons. Click here for the webchiev.
If you are using one of the above voice encryption technologies, you may want to be on the lookout for a new solution, as XCell Stealth Phones. Although these applications cracked are not entirely secure, it would take much effort to bypass them, like having the attacker be able to load software or a trojan on your phone without you knowing. It’s similar to a credit card, so as long as you keep it with you in a secure place you should be fine for the most part.
Think that LTE mobile networks are secure? Well, think twice: hackers decrypt VoLTE encryption to spy on people calls. More here.
Though using of encryption to protect your privacy might be the prudent choice, the method has its own disadvantages:
Open sesame of encryption solutions
Will you use an encryption app that have servers located in let’s say… North Korea? Probably not, but you have to reconsider your opinion. Shortly saying, the more consolidated a democracy is, the easier is for law enforcement to get access to encryption servers, based on a simple warrant. All that because consolidated democracy countries know what we call the rule of law. Since encryption apps are not developed out of this planet and all encryption servers reside in some county, Govt and related institutions have a simple tool called judge warrant which will instantly “open” any “encrypted” server used for so called “secure” communication. Yes, its a matter of time. But in the end they will get a plain text or plain voice copy. Not to mention that NSA and other similar actors have tools and solutions that effectively circumvent any encryption apps, used nowadays to find out in real time what they are looking for.
Using voice call encryption might make you look suspicious and attract unwanted attention on you, exactly from the ones you are trying to hide from. Its like a ringing bell attached on your tail. Have a wild guess on what they will do in case the you use an encrypted cell phone. For sure they will use some other ways to get the info they need. They will not wait to find some security flaws in your crypto app, they will not attempt even deciphering. They will simply bug your home, office and vehicle, will spy on your computer, will intercept your mail and will use covert human intelligence sources (HUMINT) and whatever it takes to obtain relevant information about you and your activities. They can easily bypass the communication protection provided by the encrypted phones by simply collecting relevant information from other sources. Simple as that. Yes, its not on real time. But can be very close to that.
If you are targeted by an intelligence agency, encrypting your mobile communications does not mean that you are 100% protected against eavesdropping. Think about that: will they drop you just because you use encrypted communication? No, for sure.. Being a challenge for them, will find another ways to get the information they need. Sure, for a short period of time your secrets will remain… secret. But any decent agency will find at any time security breaches, gathering info they need about you, by any means.
Actually by encrypting your phone conversations, you are telling them that you have something important to hide and you invite agencies to use other ways to gather intelligence.
When using encryption over standard mobile network voice channels (not via data connection) like that encryption devices attached to your cell phone, that encrypted call is not so… encrypted as you think. Yes, will defend against call interception performed by spyware apps installed on your phone, because phone microphone is not used during encrypted call sessions. But even if you use such a device, the GSM operator or the entity that operates a GSM interceptor can find out pretty much information such as:
Not even notorious encrypted cell phones are immune to this attack. Few years ago, an average Joe posted on YouTube a short movie demonstrating how a well known app used for enterprise encrypted communications – GoldLock – can be defeated by a cheap commercial grade spy app called FlexiSpy. Because he had the phone in his hands with GoldLock already installed on, he installed also FlexySpy on the same cell phone. He started an encrypted phone call with another GoldLock phone. Entire conversation was recorded by FlexySpy in clear, just because FlexiSpy collect audio straight from the microphone, way before GoldLock proceed to voice encryption. Then, when conversation finished, was automatically sent by FlexiSpy via WIFI or data connection on a server where could be listened from user personal account. Simple, efficient and embarrassing for a top notch encryption application. You can do whenever you want the same test.
By some reasons, the video was removed from YouTube so we cannot post a link. Also since then, no more free trial apps are available from GoldLock, avoiding other similar situations. However, that does not make GoldLock less effective for private users, being by far one of the most secure communication application.
And yes, the same can happen with your “secure” cell phone.
This is why voice call encryption is a short time solution for secure communications. In fact, being predictable is one of the worst choice on intelligence battlefield. And using a crypto phone means that you are more than predictable.
When using any voice encryption solution (software or hardware), you will never know when actually your cell phone is intercepted, and by consequence you will never know when you are in real danger. Instead of crypto phones blind protection, it is better to know when someone attempt to tap your calls and when they are trying to locate you. Then you can act advisedly, taking the right decisions and even influencing them by different deception techniques. Here comes XCell Stealth Phones, which brings you the best of both worlds: interception detection and interception blocking. Detecting interception in real time and on the right time is really something else than using blind encryption, an advantage that is used by professionals against… professionals.
A malware vendor has set up a fake website claiming to be from Amnesty International, offering gullible users software that purports to protect them from the NSO Group’s Pegasus malware. In reality it is a Remote Access Trojan (RAT).
We have always rejected user requests for caller ID spoofing solutions. Once the phone is out in the wild, it exposes the user to many security threats. Read the full article for an overview.
The ability to hide your current location by showing your location elsewhere. Learn the difference between the real thing and unnecessary VPN apps. Find out more
