Search

How Secure Phones Protect Your Privacy


With invasive digital surveillance from advertisers and oppressive regimes increasing over the past few years, securing your mobile phone from privacy threats in 2022 and 2023 should be a priority. These phones often hold highly sensitive personal and business information. However, changing a few settings in your phone and apps isn't enough. To get the highest level of security and privacy you must use a secure, encrypted mobile phone. SecureCrypt offers the latest in secure communication technology including SecureCrypt Encrypted Communications System. We also protect the cellular network connection that most providers overlook with SecureCrypt Cellular Network Protection Technology.


Securing your phone's privacy from an internet service provider is not easy. Simply changing settings, or deleting/removing applications will not help you. To fully secure your communications you must use a secure phone which is built from the ground up with user privacy as the primary focus.


Real World Mobile Privacy Breach


The text delivered last month to the iPhone 11 of Claude Mangin, the French wife of a political activist jailed in Morocco, made no sound. It produced no image. It offered no warning of any kind. Claude Mangin received an iMessage from somebody she didn’t know, and this mysterious stranger delivered malware directly onto her phone — and past Apple’s security systems.


Once inside, the spyware, produced by Israel’s NSO Group and licensed to one of its government clients went to work, according to a forensic examination of her device by Amnesty International’s Security Lab. It found that between October and June, her phone was hacked multiple times with Pegasus, NSO’s signature surveillance tool while she was in France.

The examination was unable to reveal what was collected (perhaps due to the evasive nature of the malware itself) but the potential was vast. Pegasus can collect call records, emails, social media posts, user passwords, contact lists, videos, pictures, sound recordings and browsing histories, according to security researchers and NSO marketing materials. The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction.


And all of this can happen without a user even touching her phone or knowing they have received a mysterious message from an unfamiliar person — in Mangin’s case, a Gmail user going by the name “linakeller2203.”

These kinds of “zero-click” attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance — and built marketing campaigns on assertions that it offers better privacy and security than rivals.


Mangin’s number was on a list of more than 50,000 phone numbers from more than 50 countries.


For years, Mangin has been waging an international campaign to win freedom for her husband, activist Naama Asfari, a member of the Sahrawi ethnic group and advocate of independence for the Western Sahara who was jailed in 2010 and allegedly tortured by Moroccan police, drawing an international outcry and condemnation from the United Nations.



Mangin thought the Apple phone she was using was secure, a common misconception surrounding iPhones, as detailed in a previous SecureCrypt blog post. The same week she sat for an interview about the hacking of her iPhone 11, a second smartphone she had borrowed — an iPhone 6s — also was infected with Pegasus, a later examination showed.

Researchers have documented iPhone infections with Pegasus dozens of times in recent years, challenging Apple’s reputation for superior security when compared with its leading rivals, which run Android operating systems by Google.


There is more evidence to fuel that debate. Amnesty’s Security Lab examined 67 smartphones whose numbers were on the list of compromised insecure phones and found forensic evidence of Pegasus infections or attempts at infections in 37. Of those, 34 were iPhones — 23 that showed signs of a successful Pegasus infection and 11 that showed signs of attempted infection.


Only three of the 15 Android phones examined showed evidence of a hacking attempt.


Still, the number of times Pegasus was successfully implanted on an iPhone underscores the vulnerability of even its latest models. The hacked phones included an iPhone 12 with the latest of Apple’s software updates.


The University of Toronto’s Citizen Lab endorsed Amnesty’s methodology. Citizen Lab also noted that its previous research had found Pegasus infections on an iPhone 12 Pro Max and two iPhone SE2s, all running 14.0 or more recent versions of the iOS operating system.


How Pegasus works


Target: Someone sends what’s known as a trap link to a smartphone that persuades the victim to tap and activate — or activates itself without any input, as in the most sophisticated “zero-click” hacks.


Infect: The spyware captures and copies the phone’s most basic functions, NSO marketing materials show, recording from the cameras and microphone and collecting location data, call logs and contacts.


Track: The implant secretly reports that information to an operative who can use it to map out sensitive details of the victim’s life.


Read more about why it’s hard to protect yourself from hacks.


Hatice Cengiz, the fiancee of slain Washington Post contributing columnist Jamal Khashoggi, said she used an iPhone because she thought it would offer robust protection against hackers.


“Why did they say the iPhone is more safe?” Cengiz said in a June interview in Turkey, where she lives. Her iPhone was among the 23 found to have forensic evidence of successful Pegasus intrusion. The infiltration happened in the days after Khashoggi was killed in October 2018, the examination of her phone found.


Reports of hacks to iPhones have grown in recent years as security researchers have discovered evidence that attackers had found vulnerabilities in such widely used iPhone apps as iMessage, Apple Music, Apple Photos, FaceTime and the Safari browser.

The investigation found that iMessage — the built-in messaging app that allows seamless chatting among iPhone users — played a role in 13 of the 23 successful infiltrations of iPhones.


One reason that iMessage has become a vector for attack, security researchers say, is that the app has gradually added features, which inevitably creates more potential vulnerabilities.

“They can’t make iMessage safe,” said Matthew Green, a security and cryptology professor at Johns Hopkins University. “…it’s pretty bad.”

One key issue: IMessage lets strangers send iPhone users messages without any warning to or approval from the recipient, a feature that makes it easier for hackers to take the first steps toward infection without detection. Security researchers have warned about this weakness for years.


SecureCrypt powered phones protect against this vulnerability as within the SecureCrypt app, a contact that you do not know cannot send you any unsolicited message without you approving that contact first. There is no browsable directly of SecureCrypt users, you must have your users ECC (Elliptic Curve Cryptography) ID to be able to send a request to be added to their contact list. There is no phone number required to sign up, no phone number required to register with the app, and no email required to register or sign up. This eliminates any phishing style attack attempts.


At the application level, SecureCrypt has developed a state-of-the-art encrypted communications system that is superior to any free, or paid encrypted messaging application available. No Location Permissions and Contact Access Permissions are asked for, ever. All activity is isolated within the SecureCrypt application, which is housed in an encrypted partition, isolated from the rest of the mobile phone. There are no end-to-end encryption gaps due to all metadata being encrypted, no phone number required for registration, no email address required for registration, and all data encrypted at-rest and in-transit, using 512-bit ECC (Elliptic Curve Cryptography) to encrypt every message with a new ECC key, as well as every call. SecureCrypt also uses device attestation and containerization along with

FIPS 140-2 hardware compliance to ensure your device remains protected at all times.




At the operating system level SecureCrypt uses a secured and locked down version of Android using Verified Boot to ensure that the version of Android being loaded at start-up is indeed the correct version that is intended to be loaded, and hasn’t been tampered with. All GPS, Wi-Fi, Bluetooth, and NFC sensors are disabled from within the firmware, at the kernel level of the operating system. SecureCrypt powered phones come with a secure version of Android, protected with Verified Boot, Hardware level Tamper-Proofing, Enhanced Memory Protections, Kernel Hardening, Always-on-Full-Disk Encryption, Secure and Encrypted partitions, and exclusive use of non-rooted phones.


The infiltration of Mangin’s iPhones underscores hard lessons about privacy in the age of smartphones in that they are inherently insecure. A secure phone is the only way to protect your communications. Many professions and industries could benefit from the use of secure phones, some include: journalists, activists, NGOs, political organizations, law firms, politicians, security contractors, distributors, executives, and those in shipping, energy, entertainment, nightlife, hospitality, recreation, legal, banking, and finance industries.


NSO reported last month that it has 60 government customers in 40 countries, meaning some nations have more than one agency with a contract.


Cellular Network Threats


Most secure communications providers only protect the device itself, and the communication by using an encrypted communications application. SecureCrypt goes a few leaps forward by offering the most robust protection suite available on the market today. SecureCrypt protects the cellular network from any threats that may come from ISP, an unfriendly government, criminal organizations and hackers who build their own IMSI Catchers/Stingrays, and other hacking tools, and corruption within organizations with access to cellular network level information.


SecureCrypt Cellular Network Protection Technology™

SecureCrypt Cellular Network Protection Technology™ protects the cellular network from active threats such as Location Tracking requests from global telecom providers like AT&T, Verizon and others globally. IMSI Catcher/Stingray Attacks are also not possible, as is DNS Manipulation Attacks, APN Redirection Attacks, SS7 Attacks, Diameter Protocol Attacks, Malware/Trojan Injection Attacks delivered over the cellular network, Man-in-the-Middle Attacks, Denial of Service Attacks, Mobile Impersonation Attacks, and more. Our cellular network threat protections are always expanding. SecureCrypt™ is a pioneer in the secure communications industry for including cellular network protections in our suite of protection services.



Location Request Blocking

SecureCrypt Cellular Network Protection Technology™ blocks by default any external Location Requests made from any global telecom (AT&T, Verizon [US], Rogers, Bell [CA]). This makes Location Tracking on the cellular network level impossible. For clients with very high security needs Location Spoofing is optional. This eliminates any threat from government working with complicit telecoms in unfriendly and undemocratic countries.

Blocking Location Tracking requests is an industry first, and made possible by SecureCrypt Cellular Network Protection Technology™, which is comprised of the SecureCrypt™ Secured Overlay Core Network [SPLMN]. This SPLMN runs side-by-side to traditional global cellular providers like AT&T’s original core network [HPLMN]. A SecureCrypt™ dedicated applet is installed on the SecureCrypt™ SecureSIM. All communication is routed through our secure infrastructure on the cellular network level.


SecureCrypt also features IMSI Catcher/Stingray Detection & Avoidance Technology as part of our Cellular Network Level Protection package, along side Cellular Network Threat Monitoring. We are the only provider in the secure communications industry to offer such robust protections that fully ensure our clients are protected in ways that were not possible just 12 months ago.


SecureCrypt IMSI Catcher Detection & Avoidance Technology™

Our dynamic, always-on live SecureCrypt IMSI Catcher Detection & Avoidance Technology™ is another industry first. If any SecureCrypt™ powered phone detects an IMSI Catcher, the phone will momentarily disconnect from the cellular network, assign itself a new, clean IMSI and reconnect to the cellular network appearing to be new and different phone. SecureCrypt™ powered phones come with multiple IMSIs, IMEIs, and multiple Mobile Network Identities (PLMNs) for the most powerful privacy protection on the market.


Cellular Network Threat Monitoring

SecureCrypt Cellular Network Protection Technology also makes it possible for us to provide our clients with Cellular Network Threat Monitoring. Our SOC Analysts can, if requested, notify any client directly via a fully end-to-end encrypted notification through the SecureCrypt Encrypted Communication Application ensuring any live threats to any SecureCrypt powered phone are dealt with immediately, as they are detected.


The only way to fully protect yourself, your government agency, your enterprise, or your personal network of business associates is by using a secure device from SecureCrypt as SecureCrypt protects from threats on all fronts, including at the device/OS level, firmware level, application level, and network level.











35 views

Recent Posts

See All