26
Security Updates • Security, Storage and Handling
knowledge of upcoming academic research and new emerging
cryptanalysis methods. In case a firmware update is needed for security
reasons, you will get notified either via the e-mail address that you
supplied when purchasing the CryptoPhone online, or directly by the
distributor. If you receive a notice about an upcoming security update,
please verify it directly at our website htttp://www.cryptophone.de/ to
prevent attackers from slipping you a malicious »update«. Please note
that we will describe the details of the update procedure directly on the
website. The firmware update mechanism is cryptographically secured
using a 4096 bit public key signature system, which ensures only signed
CryptoPhone updates will be accepted by your CryptoPhone. If you receive
suspicious communication regarding CryptoPhone updates (such as an
e-mail with an update file as attachment), please inform us immediately,
as this may be an attempt to insert malicious firmware into your
CryptoPhone. Please see our Frequently Asked Questions (FAQ) section
on the website http://www.cryptophone.de/ for further detailed information
on the benefits of published source cryptography.
Security, Storage and Handling
Your CryptoPhone is a Communication Security (COMSEC) device. It can
only be regarded as secure as long as you have permanent and uninterrupted
physical control over the CryptoPhone. Once an adversary could have
gained physical possession of the CryptoPhone, it must be regarded as
compromised. There is a variety of potential methods that would allow an
adversary to listen into your calls after he manipulated the CryptoPhone
