Log in

No account? Create an account

March 22nd, 2009

SuperSecure Mobiles

DEFCON organizer (forgot-his-name) noted that far more mobile devices were vulnerable to Hydra-like attacks than any laptop at their 16th conference.  As more and more people use their phones for doing personal/private things, like writing email and sexting, security is overlooked.  The three vulnerabilities are everything people like about cell phones: Bluetooth, Wifi, and physical access.  Regardless of whether *you* have anything to hide, others have different ethical standards, even if it's just to redirect your conversation to their hands-free set and listen in. 

In that vain, I'm quite happy that my old phone died and I replaced it with a Blackberry 8830 WE.  People boo at its lack of camera but here's what it does have:
  • NSA Suite B compliance - yes that's the US government agency's public standards for securing data
  • 2-factor authentication - via SmartCard reader; really overkill but cool nonetheless
  • FIPS 140-2 validated - that's another government standard written in post 9/11 paranoia; basically the BB OS was designed with cryptographic API's for BB programs to secure data
  • AES/3DES storage encryption - 256-bit, and does this with a click of a button
  • S/MIME & PGP email signing & encryption - pretty standard if you download the right programs
  • TLS/SSL management - store certificates securely
  • GPS - if you get lost after running away from 007, then it pinpoints upto 10 satellites ;)
  • CDMA & GSM - if you get chased overseas, then you can still phone home (900/1800 Mhz ranges)
So yea: I've got a superkewl phone :)  On that note, I should enable my two Thinkpad's TCG chips and secure all keys in hardware.  And for my next usb schtick, I'll get either an IronKey or Kingston Blackbox.  Very sweet stuff :)