I was reading some interesting stuff about IMSI catchers and their ability to deactivate the encryption on your GSM phone to listen in on your conversations.
Now, considering that these tools are expensive and probably not in the hands of nosy individuals, I'm still curious about this whole deal of a third party device disabling your encryption and conversations being 'out in the open'.
Are there any software tools that display the encryption status of your calls?
Lots of info about IMSI Catchers but most of them are in German... apparently there's more of a fuss about invasion of privacy issues over there.
if you are concerned with your security, then look at www.cryptophone.de . Currently 2 russian companies are writing their own programs like that.
Getting encryption status is not docummented, I don;t think that there exists such a program.
HOwever, according to the Wikipedia page on IMSI-catchers, there are some mobile phones that display an icon when the call is unencrypted. I believe this should be a feature integrated into WM 6.1! Since it is such an old and arguably advanced platform... Maybe someone could write a program that puts an icon in the dialer when the call is unencrypted...perhaps it could also play a warning tone at the start of the call.
Related
My company developed a product that uses GSM/CSD mode to send voice encrypded using 256 bits Rijndael. I don't know if in Europe my product works. I have a XDA working fine here in Brazil. I will apreciate if my software could be tested using the XDA and XDA-II (we don't tested-it with the XDA-II), because we don't have how to test-it in Europe.
My site is http://www.raseac.com.br , and in the site we have a working demo with 128 bits security and one minute of conversation per call. We have also a manual in PDF format (in english).
I will apreciate some help from Europe.
My personal e-mail is MOD EDIT: REMOVED EMAIL
Please erase the [REMOVE] in the e-mail.
Thank You.
Cesar Bremer Pinheiro
cesarbremer said:
My company developed a product that uses GSM/CSD mode to send voice encrypded using 256 bits Rijndael. I don't know if in Europe my product works. I have a XDA working fine here in Brazil. I will apreciate if my software could be tested using the XDA and XDA-II (we don't tested-it with the XDA-II), because we don't have how to test-it in Europe.
My site is http://www.raseac.com.br , and in the site we have a working demo with 128 bits security and one minute of conversation per call. We have also a manual in PDF format (in english).
I will apreciate some help from Europe.
My personal e-mail is MOD EDIT: REMOVED EMAIL
Please erase the [REMOVE] in the e-mail.
Thank You.
Cesar Bremer Pinheiro
Click to expand...
Click to collapse
I think you might consider looking also for European based solution, similar but using specifically MDA / XDA for encrypted comm
http://www.cryptophone.de/html/products_en.html
BTW when you consider introducing fully fledged and operational version for wm2003 ??
regards, monika
Thank you for your interest in our product.
We will test our product with the wm2003 in the next month, but we can't have a date limit to finish the compatibility test yet. There are a lot of hardware available to run our product. I will remember you that we are selling software (not hardware like cryptophone), and to sell our product we need to make compatibility tests in a lot of hardware . Our idea in this case is, if you have a hardware available (like the XDA), you only need to buy a software (and not the hardware that you already have). You investment in this case will be US$149,99 for the 128 bits version (US$ 249,99 for the 256 bits) in order to have a solid voice encryption product. Our product uses a TAPI modem linked with a PocketPc 2002 handheld by cable, bluetooth or a compactflash connection, and uses fixed, cellular and satelite lines. We tested the Raseac Secure Phone it in a lot of hardware (we have our product in our lab running in a XDA). We don't know about the CSD (Circuit Switched Data) quality in GSM networks outside Brazil (we are asking the readers to test-it and send us their comments). The bonus in this case is the use of a solid 128 bits voice encryption software free for one minute of conversation per call, with no limits in the number of calls (our freeware version).
Thank you.
Cesar Bremer Pinheiro
Sorry for the mistake in the price: The correct values are US$149.99 for the 128 bits version and US$249.99 for the 256 bits version.
Thank You.
Cesar.
How do we know if the software is actually carrying out the encryption, and that the voice is actually being encrypted is there something obvious that will let me know this.
The encryption is the easier part to be done in this system, if you see the user's manual, the most part of the system is the user interface and its architecture (our strongest point is our system design).
If you made a system that sends and receives voice without encryption, in our case you have 90% of the work done (error correction, codec optimization, software optimization). Think about reading the voice signal, compressing this signal using a voice codec, building the telephony interface, optimizing the code (our system is full-duplex), working a lot to optimize the code and let it running with quality), and until now i am not talking about encryption.
You can see in the google a lot of stuff about encryption (random number generators, hash functions, encryption functions), the encryption library available is huge.
After that work done to send and receive voice in a 4800 bauds line, you will see that 95% of the job is done. But i will remember that: To this system be a security system, all this design must be done before build the system. It is very dificult to transform a voice transmition system in a good security system(almost impossible) if you don't thing in security before building the system.
Now a little bit about encryption.
Our design is completely different from vast majority of the voice systems designs, we use block mode encryption and CBC mode encryption. The vast majority of the systems designs uses streaming mode. We generate an external random file in order to use the random numbers by the system. You can analyse this random file, it passes in the Diehard test (you can download the Diehard test and submit our generated file).
Each contact used by the system have its own master key, and you can edit this contact master key.
If you change one bit of this contact master key in your handheld, you will not be able to do the voice connection with the other handheld.
After reading our user manual, available in our site, you will see that this system was carefully built having security in mind, because you will see that you will have a 50 pages manual with a lot of information about security, and I invite you to read this manual (again, you will see a lot about our system design in this manual).
The Raseac Secure Phone security system spec will be published in february, and after that we will ask for an independent organization to analize our source code and publish the results (We think that the common user doesn't have the competence to analyse the source code). Our source code will not be available to the public only because commercial reasons, we sell software for commercial hardware available in the market (unlike our competition that sells proprietary hardware and have the copy protection inside their proprietary hardware), we have our system copy protection inside our code and we want to protect our intelectual property.
A little bit more about proprietary hardware systems: If you sell a hardware system and publish only part of the system (you can't garantee that the operational system was not changed in a dangerous way to compromise the security), the source published doesn't garantee the security at all.
Thank you.
Cesar Bremer Pinheiro.
MOD EDIT: REMOVED EMAIL
Please erase the [REMOVE] in the e-mail.
is it available in Asia?
Anyone interested
http://www.symantec.com/home_homeoffice/beta/overview.jsp?pvid=nssp1beta
Thanks, I needed a laugh.
I am particularly curios as to how they identify SMS as SPAM (with no subject or formatting to rely on)...
I'd say a few words on the antivirus part too but I don't want to give them any ideas ;-)
Oh almost forgot - it would be a super neat trick to hack in to smartphone via the internet (given utter lack of server components in the OS)!
i never heard about anybody who irl had a virus on their pda
much less of anybody who had a firewall
and yet plenty of people are willing to have both firewalls and virusscanners on their pda's
hope they overclock to make their pdas allmost as fast as if they dident
I read some news article (didn't save the link) about a very "good" spyware app for blackberry.
Not only could it monitor all mail and SMS on the device as well as phone calls but it could also turn on the microphone on without a call to turn the device in to a "bug" (as in surveillance device not the stuff MS software is full of).
One thing I couldn't figure out is how did this super dangerous program (which needed to be installed by user despite being referred to as a "Trojan") transfered all that data back to the source without the user noticing and without interfering with device operation.
How much upstream bandwidth does BB have?
Can it do data and voice at the same time (can it do voice at all?).
Any way I am sure that one of these days we will see a real virus for WM platform (a proof of concept file infection has been developed - that does not work with signed files of course).
But until than - if you have nothing better to do with your phone might as well keep the battery draining with a good antivirus / firewall.
Hello all
I've been reading this forum for some months now and i like the windows'es and informations i've found here on my Hermes device
But now i have some questions on using the often integrated tool field test.
I've found out that with the IMSI-catcher (german wikipedia as one of the sources), that are more and more often used semi-legal by the police(here in europe there are a lot of 'GA-90' devices sold to the police and other institutions), it is possible to listen to phone calls(man in the middle attack), by just 'emulating' the strongest phone-cell in the area, to which the device connects instead of connecting to the provider's cell.
I also read that it would be possible to find out if there was an imsi-catcher device active in the area near you or not. The only thing needed is a special monitor software (field test?) that observes the MNC(Mobile Network Codes) behavior(appearently you need 2 handy's from the same provider with the monitoring software running).
But they didn't explain exactly on which behavior you should pay attention.
Since I could use 2 windows mobile devices to test this out, I am searching for more detailled information on this subject, and the first place that came in my mind was xda-developers
I allready did search this forum for the subject imsi catcher, and the only thing I've found is this.
google result
so one person who tries to change hies imei number, and another one who doesn't seem to know exactly what an imsi catcher can do.
Is here anyone who knows more?
I know that where I live, there are pple who make abuse with IMSI-catchers(catching calls without the permission from a judge or similar, or even one time someone listening to his girlfriends phone calls to see if she's cheating(and she did and that was the reason he left her))And yes this one was a young policeman who told that to his friends and even was proud of it.
I also dislike the fact that the handy, instead of the encrypted one with the provider's cell, has an non encrypted connection to the imsi catcher(if not there would be no possibility for a listening man in the middle attack).
I also read about the cellphones from http://www.cryptophone.de/
Appearently they do allways have encrypted conversations even through an Imsi-catcher. But if that would be true, the other side will need the same handy to decrypt it again. Because it has to encrypt, the allready encrypted data traffic with the provider's cell, if not it can't allow any protection against IMSI -Catcher devices. I also ask myself if, depending on where u want to use it, the 2nd encryption could produce a to huge phone traffic that could result p.ex. in a robot voice...
Anyone who could light me up?
Or is there any software able of reencrypting the encrypted transfer on windows mobile devices?technically it should be possible(2nd phone dialer installed so you choose the normal one for normal calls and 2nd one for calls with pple who also have this software installed on their phones)perhaps not with an 256 bit encryption but perhaps with a 128 or 64 bit encryption...
BTW, if there would be anyone able to programm such a hot piece of software for windows mobile devices I wouldn't have any problem to donate him with paypal, and i suppose other pple would do the sameAnd no I don't wanna replace that by Voip or skype via HTC...
Thanks in advance
Patrick
So no one who knows more about this?
I would be very happy if i could at least test if they're really used that often as they say they are(where i live).
And since i could try it in different major 'cities' over here, i suppose catching a imsi catcher soon or later
I'm quite curios if all the pple, telling that there is a lot of abuse with these machines, are right, or if that's all nonsens...
It would be nice if a warning icon could be integrated into Windows Mobile or the dialer to indicate that a call is not being encrypted. Read the Wikipedia entry for IMSI-catcher for more info. I'm guessing CDMA is largely unaffected since the hole seems to rely on the UMTS spec's backward-compatibility with GSM.
I'd also like to note that Skype is the way to go for true endpoint to endpoint call encryption. You know, if you're a gangster or something and need to brush off the popos. It would be interesting to investigate whether the WM6 integrated VOIP stack requires authentication/encryption.
(long post warning...I'm placing the summary first for those who don't care to read the whole thing)
***
In summary, I want a mobile platform that I can tweak until I get it exactly as I like it; that will sync with Windows desktop and server platforms (this is a strong preference, not a "must"; upon which I own things and don't have to worry about them being stolen or broken; that doesn't tell everyone and their mother where I go and what I'm doing; and on which I can listen to Sirius radio; and to which I can transfer data back and forth via USB without any permission based cloud interface. It must also be compatible with Slingplayer software and I have a strong, strong, preference for a slideout QWERTY keyboard, but I'd sacrifice that if I have to for the above functionalities. I'm currently on ATT, but it doesn't have to be that way
***
I am thinking about purchasing a new phone. But the market is a bit more complicated than when I purchased my current phone (HTC Diamond), so I hope that you guys can give me some advice.
I have been a Windows Mobile user since 5.0. What I loved about WM is that I could come here and read about the various hacks, mods, and custom roms and generally find something to address any problems I had, or find a way to modify the phone to meet my preferences.
I love the mobile version of Office and I use it constantly for work purposes. I especially like being able to sync outlook contacts on both phone and device, and that I can make presentations from the phone, and can open and manipulate Word and Excel.
I was also using SiriusXM 6 by tcbush over on Geekstoolbox to listen to satellite radio. Unfortunately, Sirius has taken down their legacy servers that streamed content to third party providers. So it does not appear that I can listen to satellite radio any longer via my mobile device.
It is this turn of events (Sirius radio) that is my main motivator for seeking a new phone. I could listen to Sirius via the web, but that requires a Flash player and I can't find a version of flash for WM 6.1. I have both Opera Mini and IE. So, if any of you know a way for a WM 6.1 device to listen to Sirius, you will have solved my immediate problem and saved me some money. I would really appreciate that.
But on the larger scale, I know that one day I will have to replace my beloved Diamond. Her slideout QWERTY is starting to jiggle, there are a few scratches on her beautiful face even though she hasn't gone a moment without a case and screen protector. Every now and again her D-Pad loses its way, and I have to reboot. Alas, I fear the end is near. *sigh*
So, in looking over the current landscape, I see three options: iphone, Android, and WM7.
Apple products to me are out for personal preference reasons.
That leaves Android and WM7.
Problem 1:
I enjoyed my prior experience of owning a WM phone supported by a network of generous, friendly developers who found ways that we could modify our phones to our hearts' content. I also like the fact that I own my phone and all its content. Once I install or tweak something, then that's it unless I decide to change it.
But the current market seems to be based on a top-down control model. From what I've read, owning a phone with the current tech is like owning a home on leasehold property or in a HOA: You pay full price for ownership but you do not enjoy the rights of control normally associated with that ownership. It seems that the devices are locked, difficult to unlock, find ways to re-lock, and that a Nanny-server may at times uninstall or disable software that it doesn't like.
I just don't get it. Has the culture embraced a model where a user pays a provider only to be told by that provider what he can and cannot do with the property he has purchased?
Of course, my perception of these issues could be incorrect. I recently went back to school and have unplugged from most external things. I haven't been following the "insider info" on xda for nearly two years. If I'm wrong, please tell me.
Problem 2:
User tracking. Sounds Orwellian.
I get it that the cell provider can locate you. I understand the technology reasonably well for regular Joe, and I understand that the network needs to know where you are. But until recently, the cell provider could not release those records without a warrant or some emergency confirmed by law enforcement like a lost person, etc. I actually worked with Sprint in conjunction with the police to attempt to track a stolen phone. However, it now appears that the manufacturers themselves and many app developers are bypassing the law by tracking users without their consent. Am I right on this?
I've read a number of articles on the Apple and Android tracking problems - generic apps tracking you and reporting your movements to Apple, Google, etc. Apps turning on the mic or camera at intervals and tracking your surroundings or conversations. Route these concerns through the awfulness of the Electronic Communications Privacy Act, the Patriot Act, and the fact that both the post-digital presidential administrations (Bush II and Obama) seem intent on eroding what remains of our privacy, and it makes me uncomfortable. To make it worse, Google and Zuckerburg are both in bed with the Obama administration, and stories of their privacy infractions are epidemic.
Yet none of the progs I use on my WM 6.1 device use tracking (that I know of). So, in a very short time, it appears that the culture of mobile communications has gone from an ownership model with Constitutional protections to a free-for-all where you essentially pay big brother to track you.
I have heard many of my younger friends who have grown up in the big-government era use the default: "If you have nothing to hide, then you have nothing to worry about." But that's exactly backward. The law presumes your privacy and allows infractions only after due process. The current culture seems to presume lack of privacy, and treat privacy-seekers as an anomaly. And the tech seems to reflect the culture rather than the law.
Am I crazy? Even if I am crazy, is there a way to block this tracking? And, if so, does Android or WM7 better lend itself to blocking this tracking?
Problem 3:
USB data transfer.
WM7 doesn't support smart cards. But, the devices seem to have adequate on-board storage for my needs. However, from what I've read, I'll need to use Zune (on WM7, don't know about Android) to move data back and forth. Is that correct?
I currently use Windows Mobile Device Center to transfer files back and forth via USB or Bluetooth, and I really want to keep that functionality.
Thank you if you have read this far. And, given those criteria, what are my best options?
Droid X2. Get it.
Droid X2
Droid X2. Get it.
+1
Thanks for the responses. I've done a bit of research on the phone you recommended, and some research in general. I really need to spool back up
It looks like there are apps out there like WhisperMonitor that will help with my privacy concerns. Actually, it looks like there are Android Apps to address most of my concerns.
I'll keep researching that to determine how much functionality I'll have to sacrifice. And I appreciate the responses. Love the dual core structure of this phone. From what I've read, the benchmarks don't differ too much from single core phones, but it looks like the dual core really helps with load distribution and multi-tasking.
It will be hard to leave Windows...been with it since it was Pocket PC 2000. But atm, it appears that Android may work best for me.
I agree Droid X2, although VZW is expensive, its the best network
Off the basis of wanting a slide out QWERTY and Windows Phone 7, I would go with the HTC Arrive for Sprint. You still have Windows Phone, you can get Sling Player from the Marketplace, and it has a slide out QWERTY that when it slides out, angles the screen for better typing the way I look at it.
samsung galaxy s2
or atrix
If you QWERTY I'd wait till my4g slide if it launches with s-off. I don't imagine you'd be keeping the os in tact.
The g2 is also a beautiful phone. Amazing specs for the good hardware.
T-Mobile is also cheapest, I find, of the four carriers.
The epic 4g seemed nice. Hummingbird (Samsung 1ghz processor) is very nice and has a great gpu.
If you're looking to use google talk video chat, avoid nvidia tegra 2 chips.
Google's suite of software is pretty sweet. Google docs works nice, and there's an app for that.
As long as you download from android market you're good from malware. (If you do get it from market, google does pull the app from the store AND your phone, that's the only time I heard them doing this, and that was once instance.)
Besides... Supporting your developers is a great thing.
Did I miss anything?
Sent from my LG-P999 using XDA App
IMO almost any of the android phones would work for what you have in mind. As you pointed out in your follow up post there are apps out there for your privacy concerns. I've had a Moto Droid and now the HTC Thunderbolt. Both have been synced with my works exchange servers with no issues, google apps work great with Office docs, and the available roms and other customizations are almost endless.
Also, don't get hung up on a QWERTY keyboard. I swore I would never have a phone without one, but now that I do I actually don't really miss it.
Edit:
USB data transfer - very simple to do with android. Install a driver for the phone and then connect to your pc with a USB cable. Your pc will recognize the sdcard as removeable storage. Just select it in My Computer and drag and drop anything you want to move like you would for moving any file around in Windows.
dear devs, i was wondering if there could be any registry tweak to light up the led when sms come just like what the phones do when low battery
I guess not. It really a shame that MS couldnt implement a message, email, missed call reminder. The implemented missed call reminder only works for a few minutes after the missed call.
Agreed. The LED is actually a non-trivial battery drain, even on a short duty cycle (plus the slight increase in CPU needed to wake up and drive it) but it should be the user's choice, even if off by default.
Unfortunately, I don't think MS included any such functionality, hidden or otherwise. Doing it with homebrew might be possible, but wouldn't be easy; you'd need an app that could access SMS (or call, or whatever) activity, drive the LED state, and do it from the background long-term without crippling the battery life. Frankly, it's the ideal kind of thing for a native app... but we still haven't managed to make those work.
What you would need, in order to implement this in a homebrew app:
Access to the history/activity of the behavior you want to indicate (SMS, whatever).
Access to the LED, either through an official API to control it or by sending IOCTLs to the driver.
The ability to run long-term in the background - I don't know if this is feasible right now, though you might be able to savagely abuse the background audio decoder agent (the only official API that allows long-term third-party code execution in the background).
APIs for SMS (and I think for notification LEDs?) are on MSDN.
http://msdn.microsoft.com/en-us/library/ee498239.aspx
http://msdn.microsoft.com/en-us/library/ee481040.aspx
Those are for Windows Embedded Compact (CE7), which is not exactly the same as WP7 even after you strip away the WP7 UI and application model. Nonetheless, they've been useful references to me when developing native code in the past, and might work here.
If you're not familar with native code development, search this forum for Heathcliff74's great how-to on the subject. If nothing else, it would be worth it to find out if those APIs can be used.
GoodDayToDie said:
Agreed. The LED is actually a non-trivial battery drain, even on a short duty cycle (plus the slight increase in CPU needed to wake up and drive it) but it should be the user's choice, even if off by default.
Unfortunately, I don't think MS included any such functionality, hidden or otherwise. Doing it with homebrew might be possible, but wouldn't be easy; you'd need an app that could access SMS (or call, or whatever) activity, drive the LED state, and do it from the background long-term without crippling the battery life. Frankly, it's the ideal kind of thing for a native app... but we still haven't managed to make those work.
What you would need, in order to implement this in a homebrew app:
Access to the history/activity of the behavior you want to indicate (SMS, whatever).
Access to the LED, either through an official API to control it or by sending IOCTLs to the driver.
The ability to run long-term in the background - I don't know if this is feasible right now, though you might be able to savagely abuse the background audio decoder agent (the only official API that allows long-term third-party code execution in the background).
APIs for SMS (and I think for notification LEDs?) are on MSDN.
http://msdn.microsoft.com/en-us/library/ee498239.aspx
http://msdn.microsoft.com/en-us/library/ee481040.aspx
Those are for Windows Embedded Compact (CE7), which is not exactly the same as WP7 even after you strip away the WP7 UI and application model. Nonetheless, they've been useful references to me when developing native code in the past, and might work here.
If you're not familar with native code development, search this forum for Heathcliff74's great how-to on the subject. If nothing else, it would be worth it to find out if those APIs can be used.
Click to expand...
Click to collapse
Thx. Is's very kind and patient of you tell me so much about that.
on my hTc 7 pro the green led blinks on sms and missed calls. but only for 5 minutes than it goes off... i would like to have it on till i look on the screen what is the notification... that would be cool. but i haven't found any tips how to tweak that.
recently i look in the registry and found a /notification/ led path. that could be to the path of the green and red led. and there is some things like "blackout time" custom timer... etc. but i don't understand the timing they are in binary code written and i'm not sure if this is for the LED on top of the handset. i found this registra on windows mobile devices too. (and there it is for the blinking led)
The LED on the handset is certianly the "notification LED" if you phone has one (not all do). It lights up or blinks to "notify" you of certain things (missed calls, low battery, charging complete, etc.)
There may be some registry values that can control its behavior. Otherwise, I'd suggest trying with the native APIs. I'd like to help with this but you'll have to wait quite a while if you want me to do so; I've got a lot that I'm working on right now.
Moved to WP7 Q&A
This is a development section, it is not for questions. As highlighted in the read before posting stick