- Filed Under
With cellphones, convenience often is at odds with security and privacy. And that’s true whether one is a Defense Intelligence Agency case officer, an international banker or an investigative reporter.
There are plenty of obvious dilemmas in a cellphone. Even if the conversation is encrypted, for example, isn’t the geolocation data still available? Is that true security? What about malware? What information can an adversary or a hacker pry from a lost or stolen phone? And then there is the other weak link, the service adviser who owns the towers and sends the bill.
Yet there appears to be progress in the long quest to bring classified-capable mobile phones to the Defense Department masses. In February, a DoD press release announced that standards are in the works that could pave the way for its 600,000 cellphone users (which is to say most people) to carry “classified and protected unclassified mobile solutions.”
And General Dynamics C4 Systems has unveiled what it calls a solution for government and corporate communications, though it does not use the word “tamperproof.” Starting in April, the company first will offer the mobile-device software, called GD Protected. One version will be for Samsung’s Galaxy S3 phone and its Galaxy Tab tablet, while the other version, for LG phones, includes “dual persona” Android operating systems, where a phone can have a secure system and an open system simultaneously.
“You can make clear calls,” said Michael Guzelian, GDC4’s vice president of secure voice and data products. “You can call home, you can order pizza, whatever. But there’s a secure voice app that allows you to have an encrypted phone call with someone.”
In secure mode, the phones will encrypt calls and data exchanges to the National Security Agency’s Suite B standards, GD says. Of course, the fellow at the other end of the call also needs a secure phone.
“This secure voice app is a new government standard,” said Guzelian. “It’s not point-to-point compatible with all the devices we and others have made for the government, but the government is planning a gateway device that can translate it. So that from this device we’ll be able to call back to one of our secure vIPer desktop phones and other secure phones. But it needs to go through the government gateway.”
Like many secure systems, users will need to carry an RSA token, with its randomly changing codes.
“We use a two-factor authentication,” Guzelian said. “You need both the password and the RSA token.”
In theory, that should mean that even if the phone is stolen or lost, hackers can’t get the data. If they nab the user, that could change.
“If they take your RSA key and they can force you to give up your password,” Guzelian said, “they’ll be able to get on the phone.”
But he says the enterprise’s mobile device manager will control the phones.
“From my mobile device management station, I can shut that phone off. If I call my IT group and I say I lost my phone, they could say ‘Fine,’ and they could go and zap it,” he said
General Dynamics has experience in secure mobile. They produced the Sectera Edge, the secure BlackBerry-like device dubbed the “Obamaberry” after the president began using it in 2009. But it was prohibitively expensive.
“This is the first time we can offer a software-only solution on a device,” Guzelian said.