For several years the interception of mobile communications has become an important field for the defense industry. The “Five Eyes” group, an intelligence alliance between Australia, Canada, New Zealand, the United Kingdom and the United States, has not only bought technology to monitor telecommunications in different countries but also, to protect their own communications, began using encrypted mobile devices known as “cryptophones”.
These devices were designed to encrypt call and message signals with algorithms, protecting their users from any kind of interception or data leakage. An encrypted device is so secure that even if it gets involved no one could understand the messages or extract information from their calls. Below are some of the most popular cryptophones among security agencies and even used by some criminal groups, in addition to detailing some measures that law enforcement agencies have implemented against criminal use of these solutions.
Launched in 2014 the Blackphone was one of the first encrypted phones marketed, thinking about its use for business customers and having some options that would ensure the confidentiality of calls and messages. The Blackphone came with a modified version of the Android operating system called SilentOS.
In 2016 the EncroChat, a device that replaced the Blackphones, was released. EncroChat was a communications network and service provider that guaranteed privacy in all communications it provided, which was very useful to celebrities or large entrepreneurs who feared for the security of their calls. Unsurprisingly, encroChat’s service as well as its devices became very popular, especially in Europe and Latin America. Given its attractive features, narcos and organized crime also decided to make use of this secure communication service, as they required anonymity and a lot of privacy.
Before EncroChat there had already been other secure and encrypted communication networks of this type. One of the companies that offered this service in the communications market before EncroChat was the manufacturer of Phantom Secure encrypted phones. They offered BlackBerry phones modified to have different features focused on message and call security. In fact, one of his most famous clients was “El Chapo” Guzmán, who used it to carry his communications privately.
In 2018, EncroChat was already a very popular company for its privacy-oriented services. It expanded rapidly and reached the point of having more than 60,000 customers.
It was only on June 13 of this year that EncroChat realized that their service had been infiltrated by a powerful malware. They claim that it was a really very sophisticated attack, which made them think that it came from a government.
They quickly sent a message to all their customers and users asking them to destroy their phones as soon as possible since they could no longer guarantee security in their communication; however, for many of their clients, it was too late. Collaborations between the UK’s National Crime Agency and agencies in France and the Netherlands were responsible for this elaborated attack that managed to infiltrate the EncroChat network during Operation Venetic in July this year.
The malware they used for this operation was installed on all EncroChat phones and was so well designed that it could hide itself from detection. It was also designed to be able to register the screen lock password, as well as to clone all data from the different applications on the device. This malware allowed the National Crime Agency to read messages written and stored on the device, even before they were encrypted and sent over the Internet.
After the Venetic operation, it was revealed that 90% of EncroChat users were criminals and the authorities obtained all the evidence such as images of drugs, weapons, money, and hideout locations. Operation Venetic allowed the arrest of 746 criminals, in addition to the discovery of torture houses used by organized crime.
Soon after, an FBI report revealed that another organized crime group in Mexico with ties to the Sinaloa cartel also used Encrochat phones to be able to transport fentanyl to the United States.
In general, devices like those offered by EncroChat are also known as “carbon units” or carbon phones. This means that the devices are already sold modified and with pre-installed applications, as well as a secure operating system. They are basically modified Android devices. Among those most used by EncroChat to make their carbon phones are the BQ Aquaris, some Samsung devices, and BlackBerry phones.
“Carbon units” are modified smartphones whose GPS, camera and microphone have been intentionally removed or deactivated. As per experts from International Institute of Cyber Security, these devices run modified versions of the Android operating system. In fact, they run two operating systems at the same time, side by side. In case you want to use the device like any other Android phone, it simply starts up normally, thus helping to avoid suspicion. If you want to use some type of secure communication, you can make the change to the secure operating system, which in turn has applications designed to maintain privacy. An important feature of these “carbon units” is a panic or emergency option. This allows a certain PIN number to immediately erase all data on the phone.
After a famous interview by Edward Snowden with the Vice team, “carbon phones” became even more popular.
In the interview Snowden disassembles a smartphone to remove the cameras and GPS from it, explaining that each part of the phone must be there to serve us and not the other way around.
In case you are interested in creating your own carbon phone following the advice of Edward Snowden, the first thing you have to do is deactivate or remove the included cameras as per cyber security experts. This is because, despite the fact that phone cameras are a great convenience, they also represent a risk to your safety. They can be activated remotely and used to spy on you.
Later, you would have to deactivate or remove the GPS antenna that comes by default in all cell phones. Not only does it follow you everywhere, but it can also help the government or cybercriminals to track your location remotely.
Finally, you must deactivate or remove the microphone that comes with your cell phone. To be able to talk on the phone, you will need to wear a headset with a built-in microphone. This way, your microphone will only be activated when you are actually calling someone on the phone and cannot be activated remotely or used to spy on you.
You can find many videos on the internet that explain how to do all this, you just have to look for the instructions for your type of smartphone. Similarly, any phone repair shop in your area can do it for you.
Encrypted SIM cards
In case you don’t want to make your own carbon unit but want to keep your mobile communication safe, you also have the option to buy one. You can also choose to purchase an encrypted SIM card, which are also known as white SIM cards. An encrypted SIM card makes and receives encrypted calls that cannot be intercepted. Additionally, using one of these, your phone number is randomly generated or you can spoof the phone number of any person, in order to hide your identity and location. As an extra feature, many of these SIM cards also offer voice change during calls to protect against audio analysis and identification. On the black market these SIM cards are sold at cryptocurrencies prices.
Today there are many companies offering secure phones for sale as well as encrypted SIM cards. Among them are the following companies.
Some of Omerta’s smartphones include GrapheneOS in their carbon units. On their site they claim that there are no back doors and that their encryption software is impenetrable even to the FBI and CIA.
They offer carbon units made with Google Pixel phones and their prices range from 500 to 3,500 euros per phone, depending on the model and required customizations. On average, the price of an encrypted SIM card is 1300 euros for a 6-month plan and they ensure that you can use it in any country without any problem.
Cipher Phone is another option within this type of secure mobile communications. Their phones offer features like a kill switch for the camera and for the built-in microphone. On the other hand, according to their site, they offer a software with features focused on privacy and security of communication. This has services such as switching between operating systems, a delete button and a VPN that changes every 30 minutes.
Another option is the PinePhone phone, developed by the Pine64 computer manufacturers, and designed to allow its users absolute control over their smartphones. Their operating systems are based on Linux. In addition, they allow the customer to easily disassemble the device to turn into a carbon unit easily. In total, it includes six physical switches for the front and rear camera, Wi-Fi, Bluetooth, GPS, microphone and cellular network.
GSMK CryptoPhone is another secure phone option. They offer a baseband firewall, a tamper-proof hardware and, of course, an end-to-end encryption on their devices. They also claim that they can detect SS7 attacks and mobile phone jammers. In addition, like many devices of this type, they also have an emergency erase function.
Boeing Black Smartphone
Another option is the Boeing Black Smartphone; however, it is intended primarily for defense companies and the United States military. Nonetheless, compared to other secure phones on the market, it is not the best when it comes to privacy.
In case you consider that a cryptophone is out of your reach, you can also use your own smartphone but with applications designed to maintain secure communications. One of these is Silent Phone. The Silent Circle Company, who originally created the Blackphone, now offers an app called Silent Phone that provides voice, video, conference calling, and secure messaging.
Another of these applications designed to maintain your privacy is Signal. This is a cross-platform encrypted messaging service that allows encrypted voice and video calls. It is completely free and is available for both Android and Iphone.
There is also, GrapheneOS, a secure operating system that you could opt for. GrapheneOS is a mobile operating system based on Android, but reinforced in security. It’s privacy-centric, free, and open source, so you could install it on your current smartphone. It was previously called Android Hardening and is compatible with Google Pixel phones; however, it does not have Google applications, so no one can spy on you through Google and all its services. Edward Snowden himself mentioned on Twitter that if he was setting up a smartphone today, he would use GrapheneOS as the base operating system.
Today there are many ways to communicate securely, maintaining our privacy and leaving no trace that can be used against us. However, you need to stay informed and aware of new developments in mobile technology to know all the features that an encrypted smartphone has and know if it is really what we are looking for.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.