For $3,500, a Spy-Resistant Smartphone
Prime ministers, business executives, and ordinary citizens clamor for phones that can’t be snooped on.
Most mobile phone call are not secure.
Ever since Edward Snowden came forward with a trove of secret documents about the National Security Agency, business has been booming for Les Goldsmith, CEO of ESD America.
Goldsmith’s company sells a $3,500 “cryptophone” that scrambles calls so they can’t be listened in on. Until recently, the high-priced smartphone was something of a James Bond–style novelty item. But news of extensive U.S. eavesdropping on people including heads of state has sent demand from wary companies and governments soaring. “We’re producing 400 a week and can’t really keep up,” says Goldsmith.
The Las Vegas–based company prepares and packages the device, called the GSMK CryptoPhone, by first wiping the software from an ordinary $350 Samsung Galaxy S3 handset. It then adds a version of Google’s Android operating system, licensed from the German company GSMK, that has been tweaked to add call encryption and fix security flaws.
Sales have tripled since Snowden’s revelations began last June, and close to 100,000 of the handsets are in use worldwide, according to Goldsmith. Secure calls work only between two cryptophones. To set up a secure connection, each handset creates a cryptographic key based on a sample of random background noise. Everything takes place on the handsets, so no unprotected data leaves the device.
Secure phones aren’t new. In the 1970s, the NSA developed a “secure telephone unit” that featured an ordinary-looking push-button landline phone connected to a crate-size scrambler. What has changed is that consumer smartphones have created an explosion of new opportunities for snooping. Handsets can be infected by malware that listens to calls, copies data, or transmits a device’s location. Some spies even employ fake base stations, known as interceptors, that harvest calls and text messages.
That’s reason enough for politicians, dissidents, and top executives to worry. Last year, the prime minister of Turkey ordered cryptophones for all his ministers after discovering bugs in his office and car. At ESD, Goldsmith says, most of his customers are U.S. multinationals worried about economic espionage by China, whose military conducts large-scale efforts to pilfer data. “We get a lot of people who have had information from one-to-one discussions over the telephone somehow get out,” he says.
Examples aren’t hard to come by. In February, a politically embarrassing conversation between a U.S. State Department staffer and the American ambassador to Ukraine was leaked onto YouTube. “All Department of State government-owned BlackBerry devices have data encryption. However, they don’t have voice encryption,” said State Department spokeswoman Jen Psaki.
The CryptoPhone’s $3,500 price tag (which pays for three years of service, not including calling charges) puts the device beyond the reach of most individuals and small businesses. A competing device, the Hoox m2 smartphone that French IT contractor Bull began selling in January, sells for 2,000 euros ($2,740) and is also aimed at corporate users.
For the most part, consumers haven’t joined the security rush. According to Gartner, a firm that tracks technology trends, few have even purchased antivirus software for their phones. Sales of mobile security software are about $1 billion a year, a fraction what’s spent on desktops, even though mobile devices now outnumber PCs.
Yet secure communication products could eventually have mass appeal as consumers tire of being tracked online. Some of the most successful apps of the past year have featured self-destructing messages or anonymous bulletin boards.
Companies on a budget could turn to the $629 Blackphone handset, which launched in February and also offers encrypted calling. The device is the product of a joint venture between Spanish smartphone startup Geeksphone and Silent Circle, a company that markets apps for encrypted calling and e-mail on Apple and Android devices.
The Blackphone lacks some premium security features, like the ability to foil fake-base-station attacks, and it isn’t marketed as being “NSA-proof” either. But it still offers significantly better security and privacy than a conventional handset, says Javier Agüera, cofounder and chief technology officer of Geeksphone. “Blackphone is for the people, not just a small elite,” he says.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today