GSMK CryptoPhone 500 User manual
GSMK CryptoPhone 500
Quick Start Guide
© 2013 GSMK mbH
Berlin, Germany
http://www.cryptophone.com/
IP
0 Introduction
The CryptoPhone 500 is a state
of the art encrypted telephone
that provides you with secure
calls over IP (via GSM/EDGE, 3G
or WLAN), secure SMS, and se-
cure storage for your contacts,
notes and secure SMS messages.
To protect the integrity and
security of the phone and your
data, the CryptoPhone 500 is
built on a hardened Android-
based operating system and
includes additional 360° security
systems, among them a Base-
band Firewall, a Permission
Enforcement Module for appli-
cations and an IP Firewall.
Security Advice: You should
always keep your CryptoPhone
with you to prevent manipula-
tion by attackers gaining physi-
cal access to the device.
Installing any potentially mali-
cious third-party apps on your
CryptoPhone 500 may, despite
of the built-in security mea-
sures, under some circumstances
compromise the security of your
data or your secure commu-
nications and is therefore not
recommended.
1 Select Security Level
The operating system of
your CryptoPhone has been
hardened against a num-
ber of known attacks.
To make use of this protec-
tion mechanism, the rst
step to congure your
CryptoPhone before you
take it in use, is to select
the operating sys-
tem’s security level
in the Security
Prole Manager
tool (this does
not inuence the
security of en-
crypted telephony
or SMS).
To reduce the
likelihood of new
and unknown attacks impacting
the security of your phone, the
higher security levels disable
more applications and services
than the lower security levels.
Setting the system’s security
level thus enables you to choose
the right balance between con-
venience and security by remov-
ing more potentially vulnerable
components and capabilities in
the higher security levels. Please
read the description of each se-
curity level carefully and choose
the level most appropriate for
you.
The default security level is
High. While you can always
switch to a different security
level later by cold booting the
phone (see section 13), doing so
will erase all data stored on the
phone.
2 Set Passphrase for
Secure Storage
The secure storage subsystem
contains your encrypted SMS
messages, your secure contacts,
and your secure notes.
After booting up, the phone
will ask you to set the pass-
phrase for the secure storage
container.
The strength of protection of
the secure storage container
depends entirely on how diffi-
cult it is to guess your pass-
phrase.
A passphrase consisting of at
least 16 characters, consisting
of a mix of letters, numbers and
punctuation characters, is rec-
ommended. For instance, you
could use the initial letters from
the words of a poem
or song text which you
remember well and
replace some of the let-
ters with numbers.
Avoid words that can be
found in a dictionary.
You can later change
the passphrase and
congure the automatic
timeout for locking the
secure storage con-
tainer in the settings.
Note: If you forget
your passphrase,
there is no way to
retrieve your data.
The encryption system
contains no backdoor
or master key. So
make sure not to for-
get the passphrase.
3 Check your CryptoPhone
Number
Your personal CryptoPhone
number can be found in the
“phone number” section of the
CryptoPhone settings menu.
You need to be logged into
the secure storage container to
access the settings menu. Your
passphrase will be required if
you are not logged in at the
moment. Write down your
CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone
number does not change, no
matter what SIM card you put
into the phone or whether you
roaming (see section 4), even if
you use Wireless LAN or a satel-
lite terminal.
4 Data Connection
required
Please note that the Crypto-
Phone 500 will establish a data
connection to stay online (so
that you can be reached) and
transmits more data when you
make or receive a call.
Normal data usage ranges from
2 to 5 Megabytes per 24 hours
in standby mode to keep the
CryptoPhone connected.
Using the CP500 over a mobile
phone network (3G/UMTS,
EDGE, or GSM GPRS) without
an affordable data plan can
result in high charges. When
you are roaming on a foreign
network, your mobile network
operator will typically bill you
for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff
plans with data at rates.
Tip: When traveling abroad,
obtain a pre-paid SIM card from
a local network of the country
you are going to that offers a
reasonable data plan (remem-
ber that your CryptoPhone
number does not change when
you change the SIM card).
Troubleshooting: If you experi-
ence difculties in getting your
data connection to work, set
the phone to “Basic Security” or
“Medium Security” (see sections 1
and 13).
Then work with your network
operator to set the correct APN
address and user conguration
until you can use the phone’s
web browser to access the Inter-
net. Alternatively, use Wireless
LAN / WiFi to connect to the
Internet.
When you can access the In-
ternet from your web browser,
your CryptoPhone should also
be able to establish secure con-
nections.
CryptoPhone IP calls require a
working Internet connection.
5 Connect to Secure
Network
To connect your
CryptoPhone to the
secure network, press
the offline status icon on the
CryptoPhone main screen.
It will show an ani-
mation while it tries
to connect.
6 Store your Contacts
Each contact stored in the
secure storage area consists of
one CryptoPhone number and
up to two GSM numbers. The
rst entry is the CryptoPhone
number, which usually starts
with +807.
This number can be used to
initiate secure voice calls. Like
your own
CryptoPhone
number, it
always stays
the same, even
if your partner
switches to a
different mo-
bile network
operator or is
online via Wire-
less LAN.
CryptoPhone numbers (+807)
cannot be used to send secure
SMS messages.
The GSM numbers are used for
sending secure SMS messages.
They are the normal mobile
phone numbers of your contact.
Use the optional secondary
GSM number to keep track of
your contact’s local pre-paid
If your CryptoPhone
is connected to the
secure network,
the icon will show a
checkmark.
If you want to dis-
connect from the
secure network,
press the status icon
again. This disables
the secure network connection.
number that your communica-
tion partner might use while
traveling abroad.
To add a new contact, press
the CryptoPhone
“Contacts” button
in the main menu,
then press the “Add
Contact” icon in the
lower left corner of
the screen.
Enter the name and corre-
sponding CryptoPhone number
for the contact you want to call
securely.
You will recognize a valid
CryptoPhone number by a spe-
cial prex, usually +807. Please
note that those CryptoPhone
numbers cannot be reached
from the normal telephone
network.
Optionally, enter one or two
GSM phone numbers of your
contact, if you also plan to ex-
change secure SMS messages.
Press “Save” to store the con-
tact. You can edit a contact
entry later on by selecting that
contact and pressing the “Edit”
icon in the lower right corner of
the screen.
7 Make A Secure Call
Press the “Contacts” button,
select the contact you want to
call and press the “Dial” button
in the lower left corner of the
screen.
The secure call screen opens
and, if your partner is available,
you will hear a ring tone. When
your partner picks up, the text
“Key Exchange” is shown on
the display and you will hear
a special tone sequence indi-
cating that the cryptographic
key exchange is in progress.
After the key exchange is
completed, six letters are
shown. These six letters are
a cryptographic ngerprint
of the unique session key
used during your secure call.
Once the call
has been es-
tablished, read
out the three
letters that are
shown under
the label “You
say” and verify
that the letters
your partner
reads out to you
are the same
as shown under the label that
reads “Partner says”.
If they do not match, you
should not consider the line
secure.
The quality indicator icon
changes color depending on the
delay and overall quality of the
connection. If it stays orange or
red, try to change to a location
with better network coverage.
If it stays red and your call has
glitches or bad audio, change to
a location with better network
coverage, try disconnecting
and reconnecting to the secure
network (see section 5), then call
again.
Please note that call quality can
be sub-optimal in fast-moving
vehicles.
8 Send a Secure Text
Message
Before you can exchange
secure SMS messages with
a contact, you need to
complete a key exchange
for text messaging.
To initiate the key ex-
change, go to the Crypto-
Phone “Contacts” menu,
highlight the name
of your contact and
keep it pressed,
then select “Show/
Edit Details” from
the pop-up menu.
You can now ini-
tiate the key ex-
change by pressing
the “key exchange”
button.
For each key exchange,
ve SMS messages will
be sent and received,
containing the public key
material.
After a key exchange is
completed, you will be
asked to verify the new
SMS key, either with a
secure phone call or by
other means.
Like in a secure
phone call, the six
letters of the cryp-
tographic nger-
print of your key
are shown on the
display.
Read out the three
letters that are
shown under “You
say” and verify that
the letters your partner reads
out are the same as shown un-
der “Partner says”.
Once you have conrmed that
the letters match, you can
exchange encrypted SMS mes-
sages with your
partner by selecting
the “SMS” icon on
the CryptoPhone
main screen.
The SMS key material is kept
inside the secure storage con-
tainer and is used to generate
individual message keys for
your future encrypted SMS mes-
sage communication with this
partner.
The initial key exchange can be
renewed at any time following
the procedure above.
9 Timeline
The timeline shows
your call and SMS
history.
Since the timeline
can reveal sensitive informa-
tion about you and your com-
munication partners, you can
congure whether and when
items get saved to the history as
an option in the CryptoPhone
“Settings” menu.
You can choose to store events
to the timeline even while the
secure storage container is not
unlocked. Be aware that the call
history for this period is stored
in a way that can be subject
to forensic analysis, until the
secure storage container is un-
locked the next time.
10 Lock/Unlock Secure
Storage
To unlock the secure
storage, press the
“Unlock” icon on
the CryptoPhone
main screen.
This reveals a “Lock”
icon, used to re-lock
the secure storage.
11 The CryptoPhone
Widget
The CryptoPhone Widget is a
quick way to access the most
important CryptoPhone 500
features directly from Android’s
home screen.
You can use it to make secure
calls, access your secure con-
tacts, the timeline, and secure
messages as well as change your
online status.
Tap on the respective icon in
the Widget to go directly to the
desired part of the CryptoPhone
Suite or to change your online
status.
12 Emergency Erase
In case a capture of your phone
by unfriendly elements is immi-
nent, you can use the emergen-
cy erase function to overwrite
all key material as well as the
rest of the ash memory of the
phone.
You can access this function
from the CryptoPhone “Set-
tings” menu. Note that an
emergency erase will take sev-
eral minutes.
The longer the emergency erase
process has time to run, the bet-
ter your data is erased.
Follow the setup instructions
(see sections 1 and 2) to re-setup
your CryptoPhone.
13 Reset
In case your phone behaves
unexpectedly or is getting slow,
you can restart it.
To restart your CryptoPhone,
press the power button for two
seconds. Choose “Restart” from
the pop-up menu.
Your data will not be erased.
14 Cold Boot
In order to switch your Cryp-
toPhone to a different security
level (see section 1) or reset your
phone to factory settings so
that a new empty secure stor-
age container is created, you
need to cold boot your phone.
To cold boot your phone, go to
the CryptoPhone Settings dia-
logue and select “Cold Boot”,
then follow the instructions on
the screen.
Please note that after a cold
boot, all data previously stored
on the phone will no longer be
available.
Any unencrypted data stored
on the phone is not securely
overwritten in memory as when
using the “emergency erase”
function and can possibly be
reconstructed by forensic meth-
ods.
Encrypted data stored in the
secure storage container is still
as secure as your passphrase.
Follow the setup instructions
(see sections 1 and 2) to re-setup
your CryptoPhone.
15 Baseband Firewall
The Baseband Firewall protects
the microchip in your Crypto-
Phone that manages the com-
munication with the mobile
network, the so-called base-
band chip, against attacks.
The Baseband Firewall was pro-
grammed to recognize certain
patterns of phone behavior, it
will notify you if it detects too
many suspicious events and will
then reset the baseband chip to
get rid of possible attack mal-
ware.
It will also detect any attempt
to force the CryptoPhone’s base
band to connect to a rogue
base station (e.g. a so-called
IMSI Catcher) by providing ma-
nipulated network parameters
and notify you if such a situa-
tion occurs.
The Baseband Firewall control
screen can be found in the
CryptoPhone “Settings” menu.
Note that in certain situations,
events will be agged as suspi-
cious that are due to miscong-
uration of the mobile network,
can be explained by spotty
network coverage, or unusual
cell site congurations.
The Baseband Firewall is con-
gured to err on the side of
caution and rather reset the
baseband more frequently than
overlook an attack and expose
the CryptoPhone to risks.
You can congure the Baseband
Firewall’s sensitivity, logging
and rebooting options directly
from the Baseband Firewall
screen by pressing the menu
button and then selecting
“Preferences”.
In the Baseband Firewall’s pref-
erences menu you also have the
option to send a log le con-
taining all detected suspicious
events to GSMK for analysis by
email.
Note that this requires your
CryptoPhone to be in Basic or
Medium Security level (see sec-
tions 1 and 14).
Upon rst start, an on-screen
tutorial will explain the usage
and functions of the Baseband
Firewall.
16 Permission
Enforcement Module
In “Basic Security”
mode (cf. section
1), you can install
apps from the
Google Play Store,
which might pose a
security risk due to
malware contained
in malicious apps.
Apps also pose a risk to your
privacy, as many apps send data
from your phone, including
your location, to a number
of tracking services.
To help you mitigate these
risks, the CryptoPhone 500
contains a Permission En-
forcement Module (PEM),
which allows you to deny
apps the permission to access
data on your phone, your loca-
tion, identication information,
the network, etc.
When you invoke
the PEM, you will
see a list of all
installed apps and
system components.
Upon clicking on the
name of a specic
app, you will see the permis-
sions that specic app would
like to have.
After the installation of
an app from the Google
Play store, a requester
window will pop up, al-
lowing you to precisely
grant or deny the de-
sired permissions for the
app in question.
You can now set each permis-
sion to Allow, generate Ran-
dom data, Custom value for
data or Block.
The random and custom data
options are especially useful for
apps that will not work with-
out receiving data from sources
like GPS. With the custom value
option for GPS and network
location, you can, for instance,
set your phone’s location to a
location of your choice.
If an app misbehaves with re-
strictive permissions enforced,
experiment to nd which set-
tings work or consider not using
the app at all.
Note that the PEM is no guar-
antee against malicious apps
compromising your Crypto-
Phone, it only raises the bar for
an attacker.
We strongly recommend to set
your CryptoPhone at least to
the “Medium Security” mode
(see section 1), and to not install
any third-party apps on your
CryptoPhone.
17 IP Firewall
Another component of the 360°
security concept of the Cryp-
toPhone 500 is the IP Firewall,
which can also be accessed from
the CryptoPhone “Settings”
menu.
It works essentially the same
way as a personal rewall which
you may know from your desk-
top computer. You can allow or
block all Internet connections
for each application separately
for GSM/3G and WiFi.
This prevents unauthorized
access from outside to the
CryptoPhone and allows you to
control the network usage of
applications.
18 Firmware Update
You can check for updates for
your CryptoPhone 500’s rm-
ware from the CryptoPhone
“Settings” menu.
The phone will connect to
GSMK’s update servers, and
check for updates that are
compatible with your phone’s
hardware and rmware version.
If an updated rmware version
is available, a list of changes to-
wards your current version will
be shown.
If you press the “Update now”
button, the rmware image
will be downloaded and crypto-
graphically veried. When the
verication succeeds, the rm-
ware image will be written to
your phone’s ash memory.
Follow the on-screen instruc-
tions. The data on your phone
will not be erased by a rm-
ware update.
Note: A full rmware image can
be up to 200 Megabytes. Make
sure that you use WiFi or a 3G
connection with a sufcient
data plan to download the
update.
Table of contents
Other GSMK Cell Phone manuals
