0

This question is about preventing eavesdropping by hackers, thieves, or other smart people collecting information for shady purposes.

Is it better to buy a smartphone and install a VOIP service on it like Google Voice or Skype and then use the data connection to make calls? Or does simply owning a smartphone create more problems than it solves?

What do you do when you are making calls to people who are not security-conscious enough to have install any special applications on their phones?

To be clear, this question is not concerned with surveillance by the NSA or other government authorities.

MM1926
  • 79
  • 1
  • 2

2 Answers2

2

To be clear, this question is not concerned with surveillance by the NSA or other government authorities.

If you are just dealing with the average hacker than listening to normal calls is not a problem. Communication within the mobile network are encrypted and although the encryption is weak enough for government it is still strong enough for the average hacker.

But note that the not-so-average hacker can obtain or build stingray like devices and thus intercept and decrypt the communication.

Or does simply owning a smartphone create more problems than it solves?

Given the amount of information the applications on the smartphone collect about you for monetizing it might be better for the average user to stick with a dumb phone than to use a smart phone. This is at least true for the Android phones where a large part of the phones has known vulnerabilities and some of these are actively exploited. It might be different for the more closed and more tightly updated iPhone but malware is known there too.

The situation might be different for a not-so-average user who is able to harden the phone and make it do only the things the user actually needs or for the user buying pre-hardened phones. In this case better encryption found in various messaging and phone application might actually provide more security than the usual encryption of mobile communication. It still leaves the problem what information are available for the hacker by simply stealing the phone. These data are usually only protected by weak authentication, i.e. fingerprints which can be faked, pattern are often not that hard to find out too and passwords can often be guessed or are known by should surfing.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Are there any good guides out there as to how to harden a smartphone? – MM1926 Mar 30 '16 at 02:44
  • Also...are calls made via the Google Voice or Skype smartphone applications (utilizing the data connection) any more secure than regular calls made over the cellular network? – MM1926 Mar 30 '16 at 03:02
  • @MM1926: "Are there any good guides out there as to how to harden a smartphone?" - There are companies specializing in this stuff. There are probably ways to do some of this on your own depending on your knowledge like restricting access to contact, internet... for applications. But for more details I would suggest to ask a separate question. – Steffen Ullrich Mar 30 '16 at 06:28
  • @MM1926: "are calls made via the Google Voice or Skype smartphone applications...any more secure than regular calls.." - with Skype the encryption is better and passive or active interception is harder. If somebody hacks the phone itself they still could access the data before encryption. I don't know of Google Voice but definitely not all kinds of VoIP are encrypted and for example simple SIP can easily be sniffed. – Steffen Ullrich Mar 30 '16 at 06:30
0

Best way is to use and encrypted VOIP system. An example is Signal. As long as you don't encrypt your calls, they can be intercepted.

What do you do with people who don't care their privacy? You just help them to care their privacies, teach them what you know.

ferit
  • 459
  • 3
  • 13
  • Please note that even if you encrypt your calls they still can be detected and analyzed for patterns. Ill-considered VOIP encryption/compression schemes are prone to decryption. – Deer Hunter Mar 29 '16 at 01:29
  • Related: https://security.stackexchange.com/questions/39440/is-redphone-a-secure-and-secret-way-to-communicate/39444#39444 and https://security.stackexchange.com/questions/33460/what-are-the-vulnerabilities-of-voip-specific-security-protocols/33497#33497 – Deer Hunter Mar 29 '16 at 01:33
  • @DeerHunter If encryption is not broken, it's not possible. But if you say, Signal's encryption is broken, then yes. I didn't search about it deeply, but it's a good open-source application widely used. – ferit Mar 29 '16 at 03:38