Name: Cryptographic security for mobile phone information – NUME BETA
Developer: Crypto Telecommunication Security SA (CTS), Switzerland
Price: Free
Available at: GOOGLE PLAY; Amazon com
Genre: Data protection
Current version: 1.0
Description:
NUME BETA – the encryption software demo version, developed by CTS, the leading manufacturer of data security products, allows the users to try the software prior to making a purchase decision.
NUME BETA – the security system, designed to encrypt voice for subscribers, using Android mobile phones. Each of them should download the trial NUME BETA software in his mobile phone. The communication is performed over IP telephony CTS cryptographic servers. It’s money saving compared to standard mobile networks, especially in roaming. AES 64 bit is used in NUME BETA.
The complete working NUME software version uses 256 bit encryption algorithm, developed by CTS and ensures the cryptographic protection for voice, E-mail, SMS, MMS, crypto-chat and crypto conference. Regarding NUME software sales please apply to CTS at www nume ch
This app look good but:
* not intended for normal people (more for business people)
* need for mobile internet (in my country is a problem)
* 64 bit AES encryption algorithm is not safe
In general, the application is very interesting.
Hello, sigcont! Thank you for appreciacion. This app is for thouse, who do not want a stranger interfere in his life. 64 bit AES encryption algorithm - only for demo version
Related
My company developed a product that uses GSM/CSD mode to send voice encrypded using 256 bits Rijndael. I don't know if in Europe my product works. I have a XDA working fine here in Brazil. I will apreciate if my software could be tested using the XDA and XDA-II (we don't tested-it with the XDA-II), because we don't have how to test-it in Europe.
My site is http://www.raseac.com.br , and in the site we have a working demo with 128 bits security and one minute of conversation per call. We have also a manual in PDF format (in english).
I will apreciate some help from Europe.
My personal e-mail is MOD EDIT: REMOVED EMAIL
Please erase the [REMOVE] in the e-mail.
Thank You.
Cesar Bremer Pinheiro
cesarbremer said:
My company developed a product that uses GSM/CSD mode to send voice encrypded using 256 bits Rijndael. I don't know if in Europe my product works. I have a XDA working fine here in Brazil. I will apreciate if my software could be tested using the XDA and XDA-II (we don't tested-it with the XDA-II), because we don't have how to test-it in Europe.
My site is http://www.raseac.com.br , and in the site we have a working demo with 128 bits security and one minute of conversation per call. We have also a manual in PDF format (in english).
I will apreciate some help from Europe.
My personal e-mail is MOD EDIT: REMOVED EMAIL
Please erase the [REMOVE] in the e-mail.
Thank You.
Cesar Bremer Pinheiro
Click to expand...
Click to collapse
I think you might consider looking also for European based solution, similar but using specifically MDA / XDA for encrypted comm
http://www.cryptophone.de/html/products_en.html
BTW when you consider introducing fully fledged and operational version for wm2003 ??
regards, monika
Thank you for your interest in our product.
We will test our product with the wm2003 in the next month, but we can't have a date limit to finish the compatibility test yet. There are a lot of hardware available to run our product. I will remember you that we are selling software (not hardware like cryptophone), and to sell our product we need to make compatibility tests in a lot of hardware . Our idea in this case is, if you have a hardware available (like the XDA), you only need to buy a software (and not the hardware that you already have). You investment in this case will be US$149,99 for the 128 bits version (US$ 249,99 for the 256 bits) in order to have a solid voice encryption product. Our product uses a TAPI modem linked with a PocketPc 2002 handheld by cable, bluetooth or a compactflash connection, and uses fixed, cellular and satelite lines. We tested the Raseac Secure Phone it in a lot of hardware (we have our product in our lab running in a XDA). We don't know about the CSD (Circuit Switched Data) quality in GSM networks outside Brazil (we are asking the readers to test-it and send us their comments). The bonus in this case is the use of a solid 128 bits voice encryption software free for one minute of conversation per call, with no limits in the number of calls (our freeware version).
Thank you.
Cesar Bremer Pinheiro
Sorry for the mistake in the price: The correct values are US$149.99 for the 128 bits version and US$249.99 for the 256 bits version.
Thank You.
Cesar.
How do we know if the software is actually carrying out the encryption, and that the voice is actually being encrypted is there something obvious that will let me know this.
The encryption is the easier part to be done in this system, if you see the user's manual, the most part of the system is the user interface and its architecture (our strongest point is our system design).
If you made a system that sends and receives voice without encryption, in our case you have 90% of the work done (error correction, codec optimization, software optimization). Think about reading the voice signal, compressing this signal using a voice codec, building the telephony interface, optimizing the code (our system is full-duplex), working a lot to optimize the code and let it running with quality), and until now i am not talking about encryption.
You can see in the google a lot of stuff about encryption (random number generators, hash functions, encryption functions), the encryption library available is huge.
After that work done to send and receive voice in a 4800 bauds line, you will see that 95% of the job is done. But i will remember that: To this system be a security system, all this design must be done before build the system. It is very dificult to transform a voice transmition system in a good security system(almost impossible) if you don't thing in security before building the system.
Now a little bit about encryption.
Our design is completely different from vast majority of the voice systems designs, we use block mode encryption and CBC mode encryption. The vast majority of the systems designs uses streaming mode. We generate an external random file in order to use the random numbers by the system. You can analyse this random file, it passes in the Diehard test (you can download the Diehard test and submit our generated file).
Each contact used by the system have its own master key, and you can edit this contact master key.
If you change one bit of this contact master key in your handheld, you will not be able to do the voice connection with the other handheld.
After reading our user manual, available in our site, you will see that this system was carefully built having security in mind, because you will see that you will have a 50 pages manual with a lot of information about security, and I invite you to read this manual (again, you will see a lot about our system design in this manual).
The Raseac Secure Phone security system spec will be published in february, and after that we will ask for an independent organization to analize our source code and publish the results (We think that the common user doesn't have the competence to analyse the source code). Our source code will not be available to the public only because commercial reasons, we sell software for commercial hardware available in the market (unlike our competition that sells proprietary hardware and have the copy protection inside their proprietary hardware), we have our system copy protection inside our code and we want to protect our intelectual property.
A little bit more about proprietary hardware systems: If you sell a hardware system and publish only part of the system (you can't garantee that the operational system was not changed in a dangerous way to compromise the security), the source published doesn't garantee the security at all.
Thank you.
Cesar Bremer Pinheiro.
MOD EDIT: REMOVED EMAIL
Please erase the [REMOVE] in the e-mail.
is it available in Asia?
Hi,
We wanted to announce the release of version 2.2.0 of the CyaSSL embedded SSL library. CyaSSL is a very small (30-100kB) SSL/TLS library that offers current standards support, small per-connection memory usage, an OpenSSL compatibility layer, very high portability, an underlying crypto library, and much more.
Release 2.2.0 contains bug fixes and feature enhancements, including:
- Initial CRL (Certificate Revocation Lists) support with --enable-crl
- Initial OCSP (Online Certificate Status Protocol) support with --enable-ocsp
- Static ECDH suites including:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- SHA-384 support
- ECC client certificate support
CyaSSL is dual licensed, like MySQL, under both a GPLv2 and commercial license. The new release can be downloaded under GPLv2 license at the yaSSL Download Page. Please let us know if you have any questions or comments at info (at) yassl.com. We look forward to hearing your feedback.
Thanks,
Chris
Hi fellow hammerheads,
I'm running the last kitkat milestone of liquidsmooth on my nexus 5 and have it so perfectly customized that I hesitate to upgrade.
It doesn't help that a substantial number of users are unhappy with lollipop, i.e. battery drain, memory leaks, various bugs, cumbersome notifications etc. Besides the fact that liquidsmooth is not officially maintained for lollipop, the lack of xposed would be problematic because I've grown to rely on xprivacy, amplify battery extender, YouTube adaway and a few other modules.
Most importantly though is that Android 4.4.4 has a few vulnerabilities ranked high by belarc security advisor and which have been patched in lollipop.
I don't know enough to gauge whether these security holes are actually serious enough to warrant an upgrade, or if they are something that is unlikely to be used to compromise my phone.
Thanks in advance.
Here are the results of a scan by belarc security advisor:
Security Advisor v1.0.25
Last scan: Mar 21, 2015 3:02:50 PM
Vulnerable software: 2
Total Vulnerabilities: 5
Vulnerable Software
Android OS / version 4.4.4
Vulnerabilities: 4
Severity: 3 High, 1 Low
Severity: 7.5, CVE-2014-8507
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.
Severity: 7.2, CVE-2014-7911
luni/src/main/java/java/io/ObjectInputStream.java in the java.ibjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
Severity: 7.2, CVE-2014-8609
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.
Severity: 3.3, CVE-2014-8610
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.
XDA Free / version 3.9.8 / com.quoord.tapatalkxda.activity
Vulnerabilities: 1
Severity: 1 Moderate
Severity: 5.4, CVE-2014-5681
The XDA-Developers (aka com.quoord.tapatalkxda.activity) application 3.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Bump to the top for increased visibility.
This is not specific to the Nexus 5 so I would suggest you the Security forum: http://forum.xda-developers.com/general/security
There's a new mobile framework coming in April (hypelabs.io), that allows any developer to build apps that can communicate even without internet. This is what the framework does:
Automatically creates cross-platform (Android2iOS, Android2WP & Android2Android) peer-to-peer mesh networks with nearby devices using any available transport channel (Bluetooth Low Energy, Bluetooth Classic, Wi-Fi Direct and Infrastructural wi-Fi) basing it's decisions on real-time network-data;
Data multiplexing: intelligently segments data packages into sub-packages and sends them through different paths on the network and different transport channels, making connections faster, more secure and ensuring deliverability;
Encrypts data and protects it against network attacks;
Is power-sensitive, choosing transport channels that require less power whenever possible;
Can have cloud integration, intelligently managing connections between local mesh networks and the internet (and can help offload local networks);
Every different app is connected and helps building the same mesh network, but can't communicate with each other;
Can be integrated into any existing app or project in a few minutes (and removed, in case you don't like it);
It's free, but not open-source (at least right now).
The Android version of the framework is coming in a few weeks, together with the iOS one, and the Windows 10 (mobile and desktop) version is coming in the future.
My question is, giving all these capabilities what use cases do you see for this type of technology? Right now there are apps testing the framework for messaging (the #1 use case that generally comes to everyone mind), real-time collaboration and file sharing, gaming, social networking, dating, and others using it to build mobile "ethernets" for enterprise solution. What would you use it for?
To improve the security and efficiency of smartphones, Huawei has developed the new Kirin 650 chipset. Featuring silicon chip level security, the chipset ensures a reliable and secure interface for users.
Kirin 650 Specifications
The Kirin 650 comes with an advanced 16nm FinFET plus process technology that is integrated with octa-core CPU, Cortex A53 (4×1.7GHz + 4×2.0GHz), ARM’s Mali T830 GPU, LTE Cat.7 technology and an i5 coprocessor.
Why does your Smartphone need security?
Our smartphones are our most personal devices. Accumulated with personal messages, information, contacts and photos, our smartphones are also our most common way to check emails, social media accounts and transfer money through internet banking. There is, therefore, a need to keep all this data secure. The Kirin 650 comes with dedicated security mode (HiSEE) to ensure this user security.
Pseudo Base Station Defense Technology: Free of Fraud Calls and Junk Short Messages
Nowadays most phone users are harassed by calls from pseudo base stations. A base station is a fixed station in the mobile wireless network which acts as the transceiver with mobile phones. Now the count of pseudo base stations has been rising steadily in the Smartphone world.
These pseudo telecommunication base stations are irritating users by sending junk or fraud messages, fraud calls and by stealing personal information. This issue has not been solved for a long time but now Huawei has found a solution to provide more security to users from pseudo base station to avoid fraud calls and junk messages.
As a part of this, Huawei applies the pseudo base station defense technology to the Kirin 650 chipset. Pseudo base station defense technology is based on communication baseband processor (Baseband processor is a part of the chipset used in Smartphone that manages the communication process) and it is capable of identifying and rejecting the pseudo communications from fraud telecom.
Chip level HiSEE Security
The Huawei Kirin 650 is integrated with HiSEE security solution which helps in call encryption, secure mobile payment etc. The HiSEE security solution is designed to provide hardware and software data security of devices.
Many users use the fingerprint to unlock the device and make payments. It is, therefore, necessary to secure the fingerprint information. For security, the Kirin 650 provides Replay Protected Memory Block (RPMB gives a secure memory block to stores the critical or dedicated data) where all the dedicated fingerprint information gets stored.
To achieve the highest level of security the Kirin 650 is backed with the ARM TrustZone environment. This technology stores all data in an encrypted format and provides hardware level security. This means that if a phone is rooted or violently dismantled, the data will not be compromised.
Fingerprint sensor interfaces and driver programs are encapsulated in TEE OS so the fingerprint sensor cannot be directly accessed by any third-party application. Trusted Execution Environment (TEE) is a secured storage area in the main processor (CPU) which offers the high level of security. TEE offers isolated execution to provide end-to-end security and it is considered as the most secured application available.
Conclusion
The Huawei’s chipset Kirin650 is protected by the HiSEE security solution. HiSEE security solutions store all data in encrypted form to safeguard user information. The Kirin 650 also provides RPMB where all the dedicated data will be stored and the high-level security is achieved by ARM’s TrustZone. Pseudo base station defense technology based on communication baseband processor is capable of rejecting all the junk message and fraud call. All these security technologies integrated into Kirin 650 to deliver the highest level of security.