By: Desiree Carter

The words phone and freak combine to coin the term phreak to describe a phone hacker. The phreak tries to break into your telephone network with the intention of listening to your conversations or making costly calls at your expense. Being aware of feasible attacks is important. My dad is a disabled Army vet he always says that the military never releases information on a tool or weapon unless there is something better already developed for their use. On September 28th of this year the military made their application for Android smartphones PlaceRaider public knowledge. Place Raider is malware developed by the military that uses the cameras on android phones to take pictures of a persons surroundings. From there the pictures can be retrieved and formed into a 3D model for the malwares operator to use. It doesnt always take the technical skills of a cell phone phreak such as Lucky255 to access your phone account and accompanying personal information. There is websites that educate black-hat (bad hackers) and white-hat (good hackers) such as http://infinityexists.com/ There are also automated pre-packaged tools for compromising current smartphone platforms are readily available One such automated pre-packaged tool for compromising current compatible smartphones is FlexiSPY. Sadly there is also a growing market for products advertised by companies for lawful monitoring of cell phone activity. One syllogism I found about smartphones while doing my research is: Smartphones are vulnerable; Vulnerabilities are exploited; Smartphones will be exploited.

There fortunately multiple companies and products out there to help combat the phreaking problem. Secur Star Computer Security is one such company. The Secur Star Companys product PhoneCrypt has 8 features. The first, feature is Military grade encryption. The second, feature is RSA 4096 but & AES 256 bit Encryption. The third, feature is Diffie-Helman (DH) Key Exchange. The fourth, feature is MD5 & SHA512 Hash for voice integrity. The fifth, feature is Protection Agents detects, alerts and defends against attacks (Man-in-the-middle) approach. The sixth, feature is 100% secure calls. The seventh, feature is the software uses internet connectivity through 3G, UMTS, HSPA, W-CDMA, EDGE, GPRS and Wi-Fi. The eighth feature is that it is compatible with both landline and mobile phones. There are 5 PhoneCrypt products. The first, product is PhoneCrypt Mobile. The second, product is PhoneCrypt PBX. The third, product is PhoneCrypt Gateway. The fourth, product is PhoneCrypt Softphone The final product is PhoneCrypt LandLine Adapter.

The Digital Encryption Standard also called (DES) is a symmetric block cipher with 64-bit block size that uses a 56-bit key. It is a symmetric algorithm it was adopted in the United States in 1977 as a federal standard. Due to major cracks in 1998 and 1999 the orginal DES is not considered safe anymore and Triple DES (3DES) has emerged as a stronger method.

A good password is needed anytime you use the internet. More importantly a good password is needed when you use encryption. The RSA Security manual has 6 guidelines for making a password. They are: 1. Use at least 10 characters 2. Mix in uppercase and lowercase letters, numbers ,spaces ,punctuation , and other symbols. 3. Avoid using a character more than twice. 4. Avoid using actual words. 5. Avoid using personal information, such as the name of a spouse, child, parent, or friend, or your phone number, Social Security number, license plate number, or birthday. 6. Do not write it down. Instead, memorize it. (University, 2011)

When public key cryptography is used two keys are used. The one that encrypts the data is known as the public key. The one that decrypts the data is known as the private key. As long as the private key is not compromised then the data is secure when using the public key cryptography method.

It is possible to set up a scheme to restore keys that someone loses by forgetting a password or losing a token. There are also signing keys if these are lost its not a problem. existing signatures are still valid because only the public key is needed to verify. (University, 2011) When using new signatures you generate a new key pair and distribute the new public key. Because of this it is important that participants have separate signing and key exchange keys.

The use of digital signatures has four know benefits. Message Integrity: The use of digital signatures are superior to a handwritten signature because it attests to the contents of a message as well as to the identity of the signer. Savings: Using open systems such as the Internet as transport media can provide considerable savings of time and money. Also, adding automation means that data can be digitally signed and sent in a timely manner. Storage: Business data such as contracts can be stored easily in electronic form. Also an electronic document that has been digitally signed can be validated indefinitely. Risk Mitigation: If properly implemented, digital signatures reduce the risk of fraud and attempts by a party to repudiate (disavow) the contract (University, 2011)

There are two types authentication when it comes to digital signatures signer authentication and data authentication. The digital signature cannot be forged unless the signer compromises the private key by divulging it or losing the medium or device in which it is contained. Data authentication is comparable to stamping a document in a way that disallows all future modifications to it. Data authentication is usually accompanied by data origin authentication, which binds a concrete person to a specific document. Verification reveals any tampering because the comparison of the hash results (one made at signing and the other made at verifying) shows whether the message is the same as when signed. (University, 2011)

Please refer to: Cryptography Best Practices and Resource Portfolio Part A Phreaking to see a complete list of refrences