Wiretap This!

While I was in Berlin, I had a chance to visit the well-appointed offices of GSMK, makers of the world's first publicly available cell phone that nobody can wiretap. It's called the CryptoPhone.

Frank Rieger, the company's CTO, is a cross between geek and executive. He can talk about product sales, but he has the heart of a hacker. Seconds after shaking my hand, he was pulling out two CryptoPhones and showing me how they work. Slightly larger and heavier than a Treo, the CryptoPhone looks exactly like a PDA-cell phone – the sort of thing you might associate with dorks rather than spooks. But its entire operating system has been hardened against spies.

"The problem is that it's pretty easy for people in Europe to wiretap each other," Rieger told me. "This phone is popular in countries where there is a lot of competition in fields like raw materials or oil - people will ask private investigators to tap each other's phones, even when there's a deal with less than 1 million euros involved. Also, they're popular in countries where the barriers between business and government are very thin." GSMK has also given out several cut-rate CryptoPhones to human rights organizations working in countries with pervasive government surveillance.

Another incentive driving customers to the CryptoPhone is the fact that in the past two years it's become relatively cheap to create your own home-brewed wiretapper for phones on the GSM network (a cell network more popular in Europe than in the United States). Drawing rapidly on a whiteboard, Rieger showed me the vulnerable spots in a GSM setup. Cellular companies often boast that their cell phone signals are protected against snoops because they're encrypted in one way or another. But those signals are only encrypted up to a point. Once they hit a local cellular base station – a relay point between individual phones and the rest of the network – the signals are utterly naked.

Using surplus equipment, it's fairly easy to build a contraption that uses an antenna to sniff the unprotected phone signals that travel out of the thousands of cellular base stations in any given area. Because base stations are so numerous, it's quite common for a large company to have a base station on the roof of its building. A corporate spy could listen to the signals coming out of that base station and get a sampling of all the conversations happening via cellular in and around the building.

Also, it's not as if the protection on the signal between the cell and the base station is foolproof: there are well-known hacks for the encryption GSM uses. A spy could tail you with a hidden computer and antenna set up to behave like a base station. Your phone would be tricked into sending its signals to the spy's computer, which would suck them all up before bouncing them back into the cellular network. You'd never know anything had gone wrong, and the spy's got all your conversations recorded on his or her laptop.

The CryptoPhone defends against these threats by not relying on the GSM network for its protection. Each phone provides its own strong encryption. Of course, to get end-to-end signal protection, you have to call from one CryptoPhone to another. Each time you make a call, the phones exchange a unique code key that will encrypt the conversation - at the end of the call, the key is thrown away and will never be used again. (That way, somebody tailing you can't listen to dozens of conversations and figure out the key you're using.) When I made a call to Rieger, a series of numbers popped up on the screen – part of our unique key. I read them to him, and he verified that his phone had the same numbers. Thus we established that nobody was spoofing his phone somewhere in between us, decrypting my message and then relaying it to him.