1. 18
  1.  

  2. 4

    You’ll want to install this on your Android device at a bare minimum:

    https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone&hl=en

    That it’s only available on the Google Play store and not f-droid is irritating, but apparently there are some hurdles that haven’t been addressed:

    https://github.com/WhisperSystems/RedPhone/issues/143

    1. 2

      “Apps like TextSecure and Silent Text are secure alternatives to SMS messages, while Signal, RedPhone and Silent Phone encrypt voice communications.”

      I’d like to see these installed on Android by default. Cyanogenmod uses TextSecure. I assume all the phone versions use SSL instead of the phone network unfortunately?

      1. 1

        I don’t think there’s anything out there that encrypts regular voice calls, though I’m not sure how well that would work. Don’t regular calls rely pretty heavily on compression?

    2. 3

      Why wasn’t the master key network air gapped? Barring that, transferring keys via unencrypted FTP? Practically giving them away.

      There are a lot of ways this could have at least been made difficult, if not impossible, for GCHQ and NSA to pull off. What’s more concerning is that, if SIM security is designed primarily for fraud prevention, nothing in this attack was beyond the reach of a motivated fraudster.

      1. 2

        Barring that, transferring keys via unencrypted FTP? Practically giving them away.

        Pre-Snowden I’d rationalize this away by saying something like “I bet it’s just bad tech journalism and, in reality, they used SFTP”.

        Boy have I learned my lesson.

        1. 1

          After working for certain companies, its rather shocking how often ftp gets used even in this day and age.