Security

U.K. 'stealth mode' startup Cellcrypt has started touting a new encryption system that sets out to solve a security problem most companies would rather not think about — insecure mobile phone calls.

According to Cellcrypt, governments and large companies in the financial sector have become increasingly concerned about the potential for eavesdropping on mobile phone calls of a confidential nature.

This can happen either by cracking the encryption schemes used by GSM — which has been shown to be possible in some circumstances - or more simply by tapping into the call once it has passed beyond the radio base station and entered the network.

Three years in the writing, the company's answer to the problem is a proprietary VoIP client for mobile phones and smartphones, Cellcrypt Mobile 3.2, that transparently encrypts traffic using RSA 2048 or AES 256-bit encryption.

"We have managed to do both the VoIP and the encryption with low latency," said former CEO and current vice president, Rodolfo Rosini. Cellcrypt had achieved this by writing the VoIP client from scratch, integrating it tightly with the operating systems on which is would be run. "That's why it took us more time to do the product development."

The software currently works only between mobile handsets using the same software on Nokia handsets — landline support it still to come — but the company has a PBX system in the works, and plans for a client running on BlackBerrys and Windows Mobile devices. The PBX, scheduled for later in 2008, would make it possible to receive encrypted calls on ordinary handsets sitting on the other side of the PBX.

The company was looking at licensing the client for third-parties, as well as selling it as stand-alone software. "We would love to be integrated with [say] Cisco VoIP phones," said Rosini, an ambition that could see the Cellcrypt software stake its claim to becoming the new standard for VoIP-to-VoIP call security.

Anyone for whom mobile phone confidentiality is of the utmost will have to stump up £500 per client, with a minimum of two needed for secure communications. Rosini said that the next version of the Cellcrypt software would let handset users distinguish Cellcrypt contacts able to make secure calls, from those contacts lacking the Cellcrypt client.

This issue of GSM eavesdropping isn't scaremongering. Recent reports have established that the technology to crack open the encryption used by GSM can be had for as little as $US1000, rendering its suspect where confidentiality is needed.