On 03/13/2012 03:43 PM, Brian Conley wrote:
Hi all,
I'm pleased to announce that we have released our newest guide, focusing on increasing satphone safety through best practices.
You can find the guide here:
http://smallworldnews.tv/Guide/Guide_SatPhone_English.pdf
comments, questions, and critiques much appreciated!
I will be writing a longer blog about the motivations and timeliness later this week. Also you can see Frank Smyth's comments here at CPJ.org:
http://cpj.org/blog/2012/03/from-small-world-timely-advice-on-safe-satphone-...
Hi Brian, Some thoughts in response to specific chunks of text from your pdf follow... "If you communicate with someone outside the satphonebs service provider network your communications are subject to any observation happening on the other user. Communicating with other satphones from the same service provider is much safer. Even this method is not entirely secure, but following these basic steps will limit your risks." This is a really weird statement. The first sentence is true. The second is pretty subjective, I'd even say incorrect but there is some wiggle room. The third is also a bit weird to the point of being incorrect. Limit what risk? Risk in relation to whom? If someone is sniffing the uplink for either phone, it's irrelevant to take such a step - it's probably even irrelevant if your threat model includes the sat phone provider as part of the adversary model. "The time needed to connect with the network is the first major security risk." Sure - why is that though? Isn't it because 0) the beam pattern for uplink 1) gps location being sent by the phone 2) the phone provider knowing 0 & 1 and 3) the downlink? So really is it the time that is the issue? Or what is done during that time? "2.3 USING A SATPHONE, A WALKTHROUGH" This walk through seems not entirely correct. For example 07 is not really the full picture, is it it? Isn't that when the phone sends the GPS data and not in step 10 as indicated? "3.1 PHONE CONFISCATION" I rather like this part of the guide. "In some cases the authorities may have the proper equipment to b listen inb on your transmissions, however this requires highly advanced and sophisticated technology" I think this is misleading. What country doesn't have the ability to do this? It requires a fun cube dongle pro or a GNU Radio, a commercial device or something else home brew - if a hacker at the CCC can do it, it's not "highly advanced and sophisticated technology" in my opinion. That isn't to say that it was easy, it's just that now that the work is done - the code, the hardware and the rest of the information is available for anyone who cares to try. That is not a high bar and it would be misleading to suggest it. "Your location may be logged at the service providerbs Ground Earth Station (GES)" Or anyone watching... "Thurayabs encryption has been broken, and more advanced governments may be able to break the encryption of other satphones. To learn more see Section 6.2.2" Which sat phone protocol isn't broken? I don't see a table for which protocols or devices you mean to support with this guide - so it's not clear why Thuraya is the security exception, rather than an example of the insecurity rule. "Voice calls are a very risky method for communicating via satellite." All times when a user is associated with the network the user is at risk. "It is best to keep your call under three minutes" Why three? "Email sent from your satphone does not provide the same protection as Email sent via computer or mobile data plans." While true, this implies that email is somehow secure, ever - which we all know to be totally bogus, right? "On some mobile phones and all computers Tor can be used to anonymize your computers traffic and hide your identity and location. If at all possible use a secure internet connection to communicate, not a satphone." Tor can't protect you from hardware that spies on you - if your sat phone sends your GPS location, an attacker will know the exact location of the user, even if they do not know what they are doing or saying. This seems obvious but it is important to note - the GPS location is at a different layer. "Inmarsatbs iSatphonePro" Why? Rheinmetall, trltech, and others intercept that by brand name. How is that better than Thuraya? They're all doomed in terms of content security and location privacy - why suggest those in that case? For example, it seems odd to me that you did not mention the Cryptophone[0] as an example of how to secure the content of the communications - that is probably the only tool on the market right now that has any such claim. Combined with a Motorola 9501 Iridium satellite pager[1], I think you could do something interesting that actually improved the security of communications or at least assist in solving the rendezvous problem. The Motorola 9501 is entirely passive and so it can receive with a very minimal view of the sky, it does not transmit your location from the device, etc. All the best, Jacob [0] http://www.cryptophone.de/en/products/satellite/ [1] http://www.outfittersatellite.com/iridium_9501.htm _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE