Gruppo TIM
Gruppo TIM

Cryptophones: what they are and how they work

The issue of mobile communication security highlights one of the weak links in the security chain of organizations. It is often the behavior of individual employees, not necessarily malicious but also careless, that allows access to data and sensitive information to the bad guys.

It is essential to have mobile communication security solutions that offer a good user experience without compromising information security. This is possible thanks to specific solutions able to solve the problem: cryptophones.

Cryptophones are smartphones that use encryption methods to protect all communication systems.

They are usually based on the same hardware as normal mobile phones. The main difference lies in the software: these devices contain encryption systems superior to the normal telephone on the market.

 

What is a cryptophone?

Cryptophones are smartphones equipped with particular encryption systems that make them potentially inviolable and above all interception-proof.

But exactly what are cryptophones and how are they different from the normal commercial smartphones that we all use?

The encryption levels offered by these particular devices are substantially different from those of the usual smartphones.

In the meantime, let’s clarify that the current smartphones, both Android and iOS, have been using cryptographic protocols in memory and data management for some years, as well as in communication applications (instant messaging).

In general, Full Disk Encryption (FDE) is not adopted, typically used in computer hard disks where the entire disk is encrypted. In smartphones, FDE is less secure, so File-based Encryption (FBE) is preferred, which encrypts files individually.

But under certain conditions even this encryption can be cracked. Just as smartphones can be spied on or intercepted during their use. Cryptophones exist precisely to eliminate these points of vulnerability.

 

How cryptophones work

The vast majority of these are standard hardware, common in the market. Changes are almost always made only at the software level with the inclusion of an operating system with particular security requirements.

The installed operating system disables GPS localization, Google services, Bluetooth, the camera, the USB port (which remains in operation only for battery charging), obscures push notifications and blocks any other service that may generate a risk of wiretapping or localization.

The use of external SD cards is also prohibited. Calls remain active, but only in VoIP mode, therefore without the use of the GSM network and messaging, but with proprietary and encrypted applications.

Both phone calls and chats are obviously encrypted, with multi-level encryption: Diffie-Hellman encryption, elliptic curve (ECC), PGP (Pretty Good Privacy) for emails, OTR (Off-the-Record Messaging) for chat and ZRTP for calls (where “Z” refers to its inventor, Zimmermann, while “RTP” stands for Real-time Transport Protocol, a protocol for secure phone calls that allows you to make encrypted calls over the Internet).

All this works – through the specially installed apps – only if the calls (or messages) take place between two cryptophones belonging to the same network. Phone calls made to “normal” devices are not encrypted and are susceptible to wiretapping.

With these techniques, the metadata and message headers are also encrypted, adding a level of security to what is the greatest weakness in traditional messaging, precisely, metadata.

Typically, chat and voice applications are peer-to-peer, and user communications are not saved on servers.

In addition, you can choose whether or not to store data backups (e.g. contact lists, etc.) and also where to store them. If you choose to do so on the service provider’s servers, the backups are encrypted.

An essential feature of these phones is the – necessary – presence of a server infrastructure made available to the service provider.

 

InTocuh App & Phone

Thanks to the fifty-years experience gained in the cryptography sector, Telsy has continued to design, innovate and develop the technologies currently in use in this area, which led to the creation of InTouch, a dual solution that consists of two elements:

InTouch App: An instant messaging solution that provides an unencrypted user experience similar to  common terminals, featuring high audio and video quality thanks to the use of advanced codecs. For both Android and iOS, the InTouch app uses E2EE for chat, VoIP calling and audio conferencing.

InTouch Phone: InTouch Phones technology adopts a hardened platform for next generation smartphones, able to protect devices from any external intrusion. The secure smart card certified as root of trust and the local infrastructure provide unconditional security.

To meet the growing need for secure communications from mobile devices, Telsy’s InTouch solution allows users to share sensitive, critical, or confidential information without the need to rely on a third party.

With entirely proprietary technologies and an on-premise ecosystem, InTouch is a communication system created to offer uncompromising security, which allows you to share confidential information while maintaining the same usability of traditional communication apps.

Discover our Secure Communications solutions.

 

The cryptophones, in summary

The security and secrecy of these phones are therefore based on at least three levels:

  • The device and the operating system: OS are installed with anti-tampering systems and with multiple levels of protection and access (two-factor authentication, Captcha codes, etc.);
  • Connection and communications: the device connects only to the dedicated network of secure servers, it does not use unsecured public networks;
  • Applications: are dedicated apps, with strong encryption. They are also equipped with features that limit access attempts with a password and generally have wiping functions that delete all app data in the event of an attempted violation.