background image

network coverage, or unusual 

cell site configurations.

The Baseband Firewall is con-

figured to err on the side of 

caution and rather reset the 

baseband more frequently than 

overlook an attack and expose 

the CryptoPhone to risks.

You can configure the Baseband 

Firewall’s sensitivity, logging 

and rebooting options directly 

from the Baseband Firewall 

screen by pressing the menu 

button and then selecting 

“Preferences”.

In the Baseband Firewall’s pref-

erences menu you also have the 

option to send a log file con-

taining all detected suspicious 

events to GSMK for analysis by 

email.

Note that this requires your 

CryptoPhone to be in Basic or 

Medium Security level (

see

 

sec

-

tions

 1 

and

 14

).

Upon first start, an on-screen 

tutorial will explain the usage 

and functions of the Baseband 

Firewall.

Содержание CryptoPhone 500

Страница 1: ...GSMK CryptoPhone 500 Quick Start Guide 2013 GSMK mbH Berlin Germany http www cryptophone com IP ...

Страница 2: ...ating system and includes additional 360 security systems among them a Base band Firewall a Permission Enforcement Module for appli cations and an IP Firewall Security Advice You should always keep your CryptoPhone with you to prevent manipula tion by attackers gaining physi cal access to the device Installing any potentially mali cious third party apps on your CryptoPhone 500 may despite of the b...

Страница 3: ...mpacting the security of your phone the higher security levels disable more applications and services than the lower security levels Setting the system s security level thus enables you to choose the right balance between con venience and security by remov ing more potentially vulnerable components and capabilities in the higher security levels Please read the description of each se curity level c...

Страница 4: ...st 16 characters consisting of a mix of letters numbers and punctuation characters is rec ommended For instance you could use the initial letters from the words of a poem or song text which you remember well and replace some of the let ters with numbers Avoid words that can be found in a dictionary You can later change the passphrase and configure the automatic timeout for locking the secure stora...

Страница 5: ...the phone or whether you roaming see section 4 even if you use Wireless LAN or a satel lite terminal 4 Data Connection required Please note that the Crypto Phone 500 will establish a data connection to stay online so that you can be reached and transmits more data when you make or receive a call Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone con...

Страница 6: ...r Medium Security see sections 1 and 13 Then work with your network operator to set the correct APN address and user configuration until you can use the phone s web browser to access the Inter net Alternatively use Wireless LAN WiFi to connect to the Internet When you can access the In ternet from your web browser your CryptoPhone should also be able to establish secure con nections CryptoPhone IP...

Страница 7: ... to a different mo bile network operator or is online via Wire less LAN CryptoPhone numbers 807 cannot be used to send secure SMS messages The GSM numbers are used for sending secure SMS messages They are the normal mobile phone numbers of your contact Use the optional secondary GSM number to keep track of your contact s local pre paid If your CryptoPhone is connected to the secure network the ico...

Страница 8: ...CryptoPhone numbers cannot be reached from the normal telephone network Optionally enter one or two GSM phone numbers of your contact if you also plan to ex change secure SMS messages Press Save to store the con tact You can edit a contact entry later on by selecting that contact and pressing the Edit icon in the lower right corner of the screen 7 Make A Secure Call Press the Contacts button selec...

Страница 9: ...that the letters your partner reads out to you are the same as shown under the label that reads Partner says If they do not match you should not consider the line secure The quality indicator icon changes color depending on the delay and overall quality of the connection If it stays orange or red try to change to a location with better network coverage If it stays red and your call has glitches or...

Страница 10: ... pop up menu You can now ini tiate the key ex change by pressing the key exchange button For each key exchange five SMS messages will be sent and received containing the public key material After a key exchange is completed you will be asked to verify the new SMS key either with a secure phone call or by other means Like in a secure phone call the six letters of the cryp tographic finger print of ...

Страница 11: ...tner The initial key exchange can be renewed at any time following the procedure above 9 Timeline The timeline shows your call and SMS history Since the timeline can reveal sensitive informa tion about you and your com munication partners you can configure whether and when items get saved to the history as an option in the CryptoPhone Settings menu You can choose to store events to the timeline ev...

Страница 12: ... can use it to make secure calls access your secure con tacts the timeline and secure messages as well as change your online status Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status 12 Emergency Erase In case a capture of your phone by unfriendly elements is immi nent you can use the emergen cy erase function to ove...

Страница 13: ...start from the pop up menu Your data will not be erased 14 Cold Boot In order to switch your Cryp toPhone to a different security level see section 1 or reset your phone to factory settings so that a new empty secure stor age container is created you need to cold boot your phone To cold boot your phone go to the CryptoPhone Settings dia logue and select Cold Boot then follow the instructions on th...

Страница 14: ...irewall was pro grammed to recognize certain patterns of phone behavior it will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack mal ware It will also detect any attempt to force the CryptoPhone s base band to connect to a rogue base station e g a so called IMSI Catcher by providing ma nipulated network parameters and notify yo...

Страница 15: ...and rebooting options directly from the Baseband Firewall screen by pressing the menu button and then selecting Preferences In the Baseband Firewall s pref erences menu you also have the option to send a log file con taining all detected suspicious events to GSMK for analysis by email Note that this requires your CryptoPhone to be in Basic or Medium Security level see sec tions 1 and 14 Upon first...

Страница 16: ...toPhone 500 contains a Permission En forcement Module PEM which allows you to deny apps the permission to access data on your phone your loca tion identification information the network etc When you invoke the PEM you will see a list of all installed apps and system components Upon clicking on the name of a specific app you will see the permis sions that specific app would like to have After the i...

Страница 17: ...d experiment to find which set tings work or consider not using the app at all Note that the PEM is no guar antee against malicious apps compromising your Crypto Phone it only raises the bar for an attacker We strongly recommend to set your CryptoPhone at least to the Medium Security mode see section 1 and to not install any third party apps on your CryptoPhone 17 IP Firewall Another component of ...

Страница 18: ... that are compatible with your phone s hardware and firmware version If an updated firmware version is available a list of changes to wards your current version will be shown If you press the Update now button the firmware image will be downloaded and crypto graphically verified When the verification succeeds the firm ware image will be written to your phone s flash memory Follow the on screen ins...

Отзывы: