top of page
Search

How Secure Phones Protect Your Privacy

Updated: May 17


With invasive digital surveillance from advertisers and oppressive regimes increasing over the past few years, securing your mobile phone from privacy threats in 2023 & 2024 should be a priority. These phones often hold highly sensitive personal and business information. However, changing a few settings in your phone and apps isn't enough.


To get the highest level of security and privacy you must use a secure, encrypted mobile phone. SecureCrypt offers the latest in secure communication technology including our SecureCrypt Encrypted Communications app. Our privately distributed application is not available via the Google Play Store.


Securing your phone's privacy from an internet service provider is not easy. Simply changing settings, or deleting/removing applications will not help you. To fully secure your communications you must use a secure phone which is built from the ground up with user privacy as the primary focus.


Real World Mobile Privacy Breach


The text delivered last month to the iPhone 11 of Claude Mangin, the French wife of a political activist jailed in Morocco, made no sound. It produced no image. It offered no warning of any kind. Claude Mangin received an iMessage from somebody she didn’t know, and this mysterious stranger delivered malware directly onto her phone — and past Apple’s security systems.


Once inside, the spyware, produced by Israel’s NSO Group and licensed to one of its government clients went to work, according to a forensic examination of her device by Amnesty International’s Security Lab. It found that between October and June, her phone was hacked multiple times with Pegasus, NSO’s signature surveillance tool while she was in France.

The examination was unable to reveal what was collected (perhaps due to the evasive nature of the malware itself) but the potential was vast. Pegasus can collect call records, emails, social media posts, user passwords, contact lists, videos, pictures, sound recordings and browsing histories, according to security researchers and NSO marketing materials. The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction.


And all of this can happen without a user even touching her phone or knowing they have received a mysterious message from an unfamiliar person — in Mangin’s case, a Gmail user going by the name “linakeller2203.”

These kinds of “zero-click” attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance — and built marketing campaigns on assertions that it offers better privacy and security than rivals.



For years, Mangin has been waging an international campaign to win freedom for her husband, activist Naama Asfari, a member of the Sahrawi ethnic group and advocate of independence for the Western Sahara who was jailed in 2010 and allegedly tortured by Moroccan police, drawing an international outcry and condemnation from the United Nations.


How Pegasus works


Target: Someone sends what’s known as a trap link to a smartphone that persuades the victim to tap and activate — or activates itself without any input, as in the most sophisticated “zero-click” hacks.


Infect: The spyware captures and copies the phone’s most basic functions, NSO marketing materials show, recording from the cameras and microphone and collecting location data, call logs and contacts.


Track: The implant secretly reports that information to an operative who can use it to map out sensitive details of the victim’s life.



Hatice Cengiz, the fiancee of slain Washington Post contributing columnist Jamal Khashoggi, said she used an iPhone because she thought it would offer robust protection against hackers.


“Why did they say the iPhone is more safe?” Cengiz said in a June interview in Turkey, where she lives. Her iPhone was among the 23 found to have forensic evidence of successful Pegasus intrusion. The infiltration happened in the days after Khashoggi was killed in October 2018, the examination of her phone found.


Reports of hacks to iPhones have grown in recent years as security researchers have discovered evidence that attackers had found vulnerabilities in such widely used iPhone apps as iMessage, Apple Music, Apple Photos, FaceTime and the Safari browser.

The investigation found that iMessage — the built-in messaging app that allows seamless chatting among iPhone users — played a role in 13 of the 23 successful infiltrations of iPhones.


One reason that iMessage has become a vector for attack, security researchers say, is that the app has gradually added features, which inevitably creates more potential vulnerabilities.

“They can’t make iMessage safe,” said Matthew Green, a security and cryptology professor at Johns Hopkins University. “…it’s pretty bad.”

One key issue: iMessage lets strangers send iPhone users messages without any warning to or approval from the recipient, a feature that makes it easier for hackers to take the first steps toward infection without detection. Security researchers have warned about this weakness for years.


SecureCrypt powered phones protect against this vulnerability as within the SecureCrypt app, a contact that you do not know cannot send you any unsolicited message without you approving that contact first. There is no browsable directly of SecureCrypt users, you must have your users ECC ID to be able to send a request to be added to their contact list. There is no phone number required to sign up, no phone number required to register with the app, and no email required to register or sign up. This eliminates any phishing style attack attempts.


At the application level, SecureCrypt has developed a state-of-the-art encrypted communications system that is superior to any free, or paid encrypted messaging application available.


No Location Permissions and Contact Access Permissions are asked for, ever. All activity is isolated within the SecureCrypt application, which is housed in an encrypted partition, isolated from the rest of the mobile phone.


There are no end-to-end encryption gaps due to all metadata being encrypted, and all data encrypted at-rest and in-transit, using 521-bit ECC (Elliptic Curve Cryptography) to encrypt every message with a new ECC key, as well as every call. SecureCrypt also uses device attestation and containerization along with

FIPS 140-2 hardware compliance to ensure your device remains protected at all times.


At the operating system level SecureCrypt uses a secured and locked down version of Android using hardware protections like Verified Boot to ensure that the version of Android being loaded at start-up is indeed the correct version that is intended to be loaded, and hasn’t been tampered with.


SecureCrypt also uses other hardware/device protections like Hardware level Tamper-Proofing, Enhanced Memory Protections, Kernel Hardening, Always-on-Full-Disk Encryption, Secure and Encrypted partitions, and exclusive use of non-rooted phones.


All GPS, Wi-Fi, Bluetooth, and NFC sensors are disabled from within the firmware, at the kernel level of the operating system.


The infiltration of Mangin’s iPhones underscores hard lessons about privacy in the age of smartphones in that they are inherently insecure. A secure phone is the only way to protect your communications. Many professions and industries could benefit from the use of secure phones, some include: journalists, activists, NGOs, political organizations, law firms, politicians, security contractors, distributors, executives, and those in shipping, energy, entertainment, nightlife, hospitality, recreation, legal, banking, and finance industries.


NSO reported last month that it has 60 government customers in 40 countries, meaning some nations have more than one agency with a contract.












Kommentare


bottom of page