HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
I really want to act like I am surprised by this revelation but, to be totally honest, I'm not (and neither are you). 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Verizon Voice Cypher App Plays Nice With The NSA
- Thread starter HardOCP News
- Start date
Wierdo
[H]ard|Gawd
- Joined
- Jul 2, 2011
- Messages
- 1,817
No surprise, at least it's a regional surveillance tool so it shouldn't directly cost more US business losses abroad, though indirectly might enforce the negative image.
It's not a surveillance tool, it's a secure communications tool with a access mechanism for lawful wiretap access. It's being marketed to business and government customers. Can't say about businesses but the government typically puts notices on their communications and IT systems that users are subject to monitoring just like people driving onto a military base are subject to search. This is a selling point to the government that the product will meet their requirements.
This quote from the article highlights the author's complete misunderstanding of who is being targeted as a customer of this product and why this feature is important to them. This product is not being marketed to individual users.
Steve linked to some doof's forum post, here is the link from the article on NewsWeek.
http://www.verizonwireless.com/wcms/business/apps/voice-cypher.html
Verizon's product link under Business products;
http://www.verizonwireless.com/wcms/business/apps/voice-cypher.html
I really want to act like I am surprised by this revelation but, to be totally honest, I'm not (and neither are you).
Look at the Elf story again.
Not to be a kook, but you KNOW today's children will grow up to be much more accepting of the surveillance state we're turning into.
Regardless of whether this is intended for businesses or individuals, any system which has a built in method to obtain the subject matter is not--by its very design--secure. Such a backdoor can and will eventually be exposed by those who are determined enough to get at the subject matter. The bottom line is that if you consider the subject matter important enough to be sent in an encrypted form, then you shouldn't be using something with a backdoor.
Would you provide the police, the feds or your home security company with the keys to your house and/or car? How about a security card granting them full access to your company?
There's a reason the answer is no.
Would you provide the police, the feds or your home security company with the keys to your house and/or car? How about a security card granting them full access to your company?
There's a reason the answer is no.
Of course it can still be secure if it's engineered to be that way. An engineered access is not the same thing as a "secret vulnerability". Why would you think an engineered entry point can't be as secure as the typical end user access points?
They don't need key's, with the proper justification they have all the size 10 1/2 keys they could ever need.
In regards to this product it has been designed from the ground up to be a solution intended for specific customers and their requirements. If you can't recognize that this is perfectly normal and acceptable then you have a lot to learn about the way the world works. You can't expect a customer to buy a product that doesn't fit their requirements.
So Verizon is pushing a fundamentally insecure application and selling it as "secure". Sorry, but there is no such thing as true end-to-end encryption if someone else already has the key in which it wasn't intended for. You're the definition of man-in-the-middle.
Because another access point increases the attack surface. Plus that second access point is admin back door, not regular user access. It's the same reason you disable default Administrator/SA/root accounts. How many times have we seen stories about backdoors being found and used by hackers? But this backdoor is ok, it's just the government keeping us safe from "terrorists".
If you can't recognize why this type of design is not secure, then you need to learn how security in software development works.
No, Verizon is selling a secure product with secure access for authorized users. Where do you get this insecure thing from. No where in this article has anyone said the product isn't secure.
Biznatch, are you telling me that you can't build a product for a customer and engineer it so that it can be securely monitored in an authorized manner?
If the Army want's a secure radio set that uses encrypted communications channels but want's their Force Protection people to be able to monitor those communications to ensure soldiers are using proper voice communications procedures and to identify if the enemy as potentially breached those communications channels say by a physical compromise of a tactical command post that there is no secure way to do it?
![Zarathustra[H]](https://cdn.hardforum.com/data/avatars/m/9/9298.jpg?1707758471){kind=avatar}
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,857
Well, then it isn't true end to end encryption, now is it.
For that to be the case, only the sender and the receiver should have the requisite keys to decode a message.
Someone should sue them for false advertising.
For that to be the case, only the sender and the receiver should have the requisite keys to decode a message.
Someone should sue them for false advertising.
How do you sue them for false advertising when the capabilities are part of the product's selling point. It's intended to be a "three party system" for lack of a better description. You guys are out there on this one no doubt.
Steve trolled you again
Steve trolled you again
Yes, that's what I'm telling you. Secure access will be broken, given enough time. The time required decreases with more access like these backdoors, and ass computing power increases.
That high level analogy doesn't help, and is probably the exact type of argument used to sway non-technical law makers to approve funding for a project like this. Yes we can talk about how secure they want to make it, and the fancy features it will allow, but a system designed like that is inherently insecure.
Retronym
[H]F Junkie
- Joined
- Mar 5, 2007
- Messages
- 13,605
Hey guys, the ISPs that pay extortion money and kickbacks to the government are giving us a fancy widget to undermine their meal ticket. Check it out!
It's not a backdoor, it's engineered access. You need to slow your mouth and read the product page, wow.
http://business.verizonwireless.com/content/b2b/en/solutions/technology/mobile-security/voice-cypher.html
And I am not claiming absolute impervious security, I am saying each user including the intended third party users all enjoy the same level of security.
No less secure then all the US Military Communications systems worldwide. You don't know what you are talking about.
So how is it Pakistan was able to bring down one of our drones fully intact with our ub3r l33t secure military systems? Your blind faith in our government is scary, and unfortunately appears to be a widespread epidemic in this country.
Its a backdoor because of WHO can access it. Can the user access it or turn it off? No? then its a backdoor to the user.
Cause you don't have to break an encryption system to jam a signal. that's how. Blind Faith, no worse then blind ignorance. Again another guy who interprets my problems with our media as defense of our government.
this in a topic which has nothing really to do with either.
No it isn't. God man read more before you post.
The intended user is either a business employee or a government worker. The product is owned and operated by the above business or government entity. These purchasers bought and deployed the product specifically because it allows this access for their own purpose. Get a grip. there is no false advertising or inherently insecurity about this. It's a business product for business use where these features are desirable and can be employed for multiple reasons.
You guys just can't get passed the Boogie Man can you?
Steve, it's too easy isn't it
Hornet
Supreme [H]ardness
- Joined
- Oct 4, 2005
- Messages
- 6,624
It is a backdoor access irrespective of who the intended users are. A proper encryption system cannot have any special access to anyone, irrespective of who's using it, or who gets that backdoor access.
It's exactly what they said that implies insecure. You can't have a secure platform, much less encryption, where a middleman can gain access via a workaround. That isn't how it was designed or meant to be implemented. In fact they are intentionally weakening it in order to appease law enforcement.
Blackberry was the last big guy that tried this and got burned in the end when they tried to do business in the Middle East. All those crypto email platforms are basically a joke in the sense they have the ability to see all communications (Hushmail caved nearly a decade ago). We saw Lavabit was the only one that went a step further and refused to comply because it would expose all clients by giving the Feds the master key.
Whether or not you think encryption should be weakened for the feds is besides the point. Secure communication is one thing, but then when you add the words "end-to-end", "secure", and "encryption" all in the same sentence. It's an oxymoron.