I was recently thinking about SMS encryption (you know, the short messages sent from your cell phone). Or MMS encryption for that matter. Are there any Free Software solutions to implement such a thing, based on well-known crypto primitives and proven implementations thereof?
From a quick glance I could not find anything usable, only lots of commercial, closed-source "solutions" which cost money and are basically crap.
I was thinking about hacking together a small Java application (so that most modern phones can run it) which basically asks for a password and pipes your text through AES before sending the SMS. On the receiver's side, you enter the same password and get to see the plaintext. That's pretty much it.
If you want something more elaborate you can use public-key crypto (basically embed GnuPG or similar into the application), but the above should be fine for most uses.
Anyways, I do not want to start implementing something like this if there are other, more mature projects out there which do the same...
Why you'd want to do this (other than simple paranoia, or the fact that governments and other institutions are spying on everyone these days, whether they're allowed to or not)? Well, one good reason for SMS encryption is when you're using some kind of SMS gateways, e.g. a website which gives you 2-3 free SMS per month if you sign up with them and give them tons of personal data. That alone is crappy enough, but you don't want their admins to be able to read and store all your SMSes in addition (which consist of simple plain-text, transmitted though HTTP in this case!). Neither should any local or remote scriptkiddy who knows how to use a sniffer be able to read your private SMSes.
Solution: Write the text in your favorite text editor, pipe it through aespipe (for example), cut'n'paste the result in the web form of the SMS service. The receiver does everthing backwards and you're done.
It seems that I have become quite a gadget-whore lately. I'm spending all my money buying one gadget after the other, no end in sight...
In the beginning, all sounded quite good: my cell phone contract with o2 is two years old soon, so I can get a new (cheap) cell phone. Stupidly enough, o2 doesn't offer the A780 in their shops and there seems to be no way to order one either (they do offer other Motorola phones, though). After asking the same questions in different o2 shops multiple times (and almost giving up), I accidentally saw the A780 in the local Saturn (a German electronics store).
And indeed, they sell the phone, and they can even prolong my contract with o2 (there's a dedicated o2 employee working in the Saturn store), so that I can profit in the form of a cheaper phone. Or at least that's the theory... In practive, however, I have a student-contract (saves me some bucks) which has the stupid "feature" that it can only be prolonged in o2 shops. Guess what, the Saturn guys cannot give me the A780 as they can't prolong my contract, and the o2 shop simply doesn't have the A780 at all. Argh!
After grumbling, asking around, googling, and even more grumbling, I finally decided to do the following: I got a new "dummy" o2 contract in the Saturn (yes, I'll have to pay that for 2 years) which enables me to get the A780 and to get it cheaper. I'll keep using my old contract and my old SIM card for simplicity and leave the new one untouched. If you take into account the money I'll spend on the new contract it doesn't save me too much money, but at least it's distributed across two years... I'll terminate my (new) o2 contract tomorrow, to make sure I don't forget about it (I don't want to have it any longer than the 2 years I'm forced to live with)... Stupid, stupid world we live in. Nobody should be required to perform such "hacks" in order to get the phone he/she wants...
Enough ranting now, here's some juicy details about the phone:
For details on the hardware see this wiki page.
The only thing which I'm missing is WLAN, but once USB host support works (the hardware does support it), you can easily use a WLAN USB dongle...
I'm pretty sure I'll be having lots of fun with this thing, and I'll quite probably be contributing to the OpenEZX project, which was started by Harald Welte (of gpl-violations.org fame) and tries to create the first 100% Free Software GSM-phone using the Motorola A780 and similar phones. Judging from these blog posts by Harald, running your own 2.6 kernel on the phone is not too unrealistic anymore, and telnetting into the phone (via USBnet) seems to work fine already...
spammingblog posts about the A780 in future...
Nothing really new for most of you, but still some good food for thought:
Cell tower records can pinpoint a phone owner's location for police, whether the phone is used or not.
Cell phone trails snare criminals, call or no — a nice article which tells us that several murderers were convicted using (among other things, I guess) cell tower records. Police could often pinpoint the location of the accused within a few blocks and thus "prove" they were lying in court about their location at a given time (i.e., their alibi was smashed).
Of course, this is not a reliable method in all cases. A murderer could give someone else his cell phone to create an alibi in the first place. I can easily imagine lots of other ways to abuse this.
While probably useful in some cases, this is pretty scary stuff. Authorities can track where you are at a given time, and where you are going in realtime. Combine this with Google Earth and you've got some pretty Big Brother style surveillance. This is inacceptable in general, but even more so if performed without probable cause (as has happened already). The EFF has some more information.
Issues like this always make me wonder whether I'm too paranoid or not paranoid enough...
(via Bruce Schneier)