Forum Statistics

Threads
27,576
Posts
541,665
Members
28,557
Latest Member
Ethan7400

seecrypt (free secure app for your smart phone).

slicwilly2000

slicwilly2000

VIP Member
Sep 14, 2010
1,955
305
I will research it and get back to you guys.

Slic.
 
Gstacker

Gstacker

MuscleHead
Aug 19, 2011
2,149
254
Why do I feel like I'm in 4th grade right now?
 
Gstacker

Gstacker

MuscleHead
Aug 19, 2011
2,149
254
"Your cellphone is a tracking device that lets you make calls"

Cory Doctorow at 3:55 pm Tue, Sep 4, 2012
"Just in case you had any doubts about how much of a security risk your mobile phone presents, have a read of Jacob Appelbaum's interview with N+. Jake's with both the Tor and Wikileaks projects, and has been detained and scrutinized to a fare-thee-well."

You can read the full article here with comments from readers... Some interesting thoughts from others that have some of the same ideas I do...


http://boingboing.net/2012/09/04/your-cellphone-is-a-tracking-d.html
 
midevil

midevil

TID Board Of Directors
Jan 20, 2011
1,575
1,243
I understand that cel phones can be tracked 100% of the time if they're powered on. It also is understood that IF the feds want you they'll get you end of story. If you're a target your phone can be listened in on during calls or in your pocket etc..


The software mentioned above is scrambling your outgoing signal and then deciphering on the opposite end. Do the feds have the technology to decipher seecrypt? Maybe not! If they (thanks Regs for the pm and heads up) can't decipher iphone messages it is highly possible this can said of seecrypt as well.

That is the question behind this post. Does anyone here have knowledge or proof either way?

article in the Washington post: http://www.washingtontimes.com/news...or-tool-kit-encryption-software-blo/?page=all

A cheap new encryption technology for mobile phones completely blocks eavesdropping, even from warrant-wielding law enforcement agents – raising fears the technology could fall into the hands of terrorists or criminals.

The software poses a growing problem that U.S. law enforcement agencies call “going dark” – the spread of communications technologies that cannot be intercepted even with a warrant because agencies lack the technical capabilities.

But experts say the feds’ proposed solution to get around the blackout – by legally mandating the insertion of “back doors” into such software to allow eavesdropping – creates an opening which could be exploited by hackers, online criminals or cyberspies.

The issue is not unique to the United States. Intelligence and counter-terrorism officials in the United Kingdom are concerned about the new mobile phone application, called Seecrypt, according the London Mail on Sunday.

The app provides individual users with military grade encryption — sending voice and text over the Internet in an a scrambled data stream that can only be deciphered by another user.

The new application, which is free to download and will cost $3 a month, is made by a South African-based company, Porton Group, that boasts “we don’t comply” with such mandates, said CEO Harvey Boulter. The program does not have a “Legal Intercept” capability, said Mr. Boulter.

“Seecrypt is about empowering people to take back their own privacy,” he added in an email to The Washington Times. Even so-called meta-data — information about which numbers called in or were called, and when and for how long — is stored in a secure private network to which only users have the key.

But he promised the company “would work with law enforcement agencies to make sure this does not get misused.

“Simply put if asked by the authorities the license can be revoked instantaneously,” he said, effectively cutting the user off from the service.

Last year, the U.S. company Silent Circle caused consternation in law enforcement circles when they launched a similar package here.

U.S. law enforcement responded by renewing its push for an update of the 1994 Communications Assistance for Law Enforcement Act, or CALEA.

The law currently applies only to telecommunications providers, though the Federal Communications Commission extended it in 2004 to apply to many Internet service and Web-based phone service providers. It requires covered service providers to make their products “wiretap ready.”

In a series of meetings with industry executives, reported earlier this month by CNet news, FBI director Robert Mueller has been urging Internet companies not to oppose an update to CALEA, which would extend the “wiretap ready” mandate to all kinds of Internet-based realtime communications services like instant messaging and chat, Skype, Google Hangouts and even Xbox Live.

But the installation of special software “backdoors” in to allow law enforcement to conduct court-authorized wiretaps creates an obvious vulnerability that can be exploited by anyone with the requisite skills, found a report last week by a group of leading encryption experts and other engineers.

“Building holes and backdoors into widely-available software and services creates vulnerabilities that can be exploited by a range of bad actors, including hackers, individual employees at the software companies and government officials in the numerous countries that will expect the same access afforded to the FBI,” wrote Ohio State law Professor and privacy scholar Peter P. Swire.




Read more: http://www.washingtontimes.com/news...ol-kit-encryption-software-blo/#ixzz2kBAPez3S
Follow us: @washtimes on Twitter
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
I'm very interested in security especially encryption. I'll do some background research on the app, company behind the app and post back up in here.
 
F

Fury

MuscleHead
Jun 6, 2012
1,666
130
There is some body watching and listening.any thing man made can be broken.big bro is ever where.
 
Zomb131

Zomb131

MuscleHead
Jan 31, 2011
1,125
264
Don't be fooled thinking some free piece of software will protect you. It's a security blanket.

for this software to "work" another user on the opposite end must have this software. If that's not the case, then it uses SSH tunneling or goes through a 3rd party, and that's not safe at all.
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
I've done my research and I have to say: do not use seecrypt.

Firstly I want to say that this approach to security is exactly the type of thing we need to be doing. I believe it should be standard in all phones regardless. The problem with seecrypt is that, in short, they co-operate with LE. Without digging up a bunch of links I'll post something from their privacy policy:

"7
We may disclose your personal information to third parties in the following very limited circumstances:

7.2
If all or substantially all of our assets or the assets of any member of our group are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.

7.3
If we are obligated to disclose or share your personal data in order to comply with any legal obligation (including any obligation to disclose personal data to a regulatory body or law enforcement agency, in circumstances where a legitimate Court Order has been obtained from a Court of competent jurisdiction (keeping in mind that we are technically unable to disclose in decrypted form any conversation or message communicated using the Seecrypt application)), or in order to enforce or apply the terms of the relevant license agreement and/or other agreements;

7.4
If disclosure is necessary to protect the rights, property, or safety of, inter alia, our business, our employees, or our customers, and may include disclosure for the purposes of fraud protection and credit risk reduction, as well as the prevention of hostile acts."

What does this basically mean? If the government says your suspected of being "hostile" then your encryption is useless. If the government has a warrant then all details will be turned over (both call logs, encryption details and statistical information). If the government threatens the company with legal action, they will turn over the information without a warrant.

It's also reported that:
SeeCrypt is funded by a Dubai based investment firm called Porton Group, I was concerned about their privacy policy when I read on their press release that “Seecrypt will pro-actively assist law enforcement agencies to prevent criminal activity being carried out using this encryption service.“

Now to get to the good stuff. Seecrypt can only talk to other Seecrypt users, it's basically a VoIP program with added end-to-end encryption (this means things are encrypted before they leave your device, not transmitted to the host servers in plaintext). It uses the encryption standard AES256 with RC4 stream cipher, which personally I wouldn't be bragging as military grade however it is very tough and quiet a good commonplace encryption system. It uses the UMTS network meaning you need 2G/3G/4G/LTE/WIFI signal to place calls or messages however the downside here is that it uses your data so if your on a data sensitive plan then it may push you over a conservative limit. The one things that concerns me with the security of seecrypt is that I can't find any details about the type of key exchange protocol they use, which always leads me to believe that they've implemented a Diffie-Hellman style key exchange protocol which is very susceptible to man-in-the-middle attacks by law enforcement that may be watching at the time the key exchange takes place.

If you want to know more on encryption, I wrote up an article on encryption you should read. I tried to explain things in a way that anyone can understand and included pictures, I'm happy to expand on any points and help out where I can. Get one of the VIP's to PM you a direct link if you can't find it.

Hope this helps (typed off my phone so the wording may be a little hard to read)
 
O

olrover

New Member
Jun 25, 2014
1
0
Hoodlum, I read with great interest on your thoughts on Seecrypt. Where does one get a link to your paper? Thanks
 
Who is viewing this thread?

There are currently 0 members watching this topic

Top