UK mobile security firm Cellcrypt is partnering with carrier giant Verizon to sell its voice encryption technology for mobiles and smartphones to the US Government, the pair have announced.
Already in testing with unnamed US Government departments the service will be formally released later in 2012 as a co-branded product that marks a major foot in the door for Cellcrypt.
Working on Android, iPhone and BlackBerrys, the company’s software encrypts GSM mobile, WiFi and satellite phone calls to FIPS 140-2 level between handsets running the same software, defeating the potential for man-in-the-middle eavesdropping.
How serious a risk this might be is still open to some debate, but a series of theoretical attacks against GSM’s established security have trickled out in recent years, albeit that these invariably require a special set of conditions to succeed.
The main area of weakness is the possibility of getting a Trojan program on to the handset itself in order to record calls before they have encrypted by software such as Cellcrypt. In 2010, one attack was able to bypass a range of call security systems using this approach.
Although unlikely with candy bar handsets, the rise of smartphones has increased anxiety about this type of attack.
Cellcrypt’s approach remains proven for call-to-call security, however, which is where most of the current risk lies.
"As a matter of national security, military and government personnel must be able to communicate sensitive information over their mobile phones, and it is imperative that these conversations be protected from interception," said Cellcrypt’s US vice president, Kathleen Peters.
"The combination of our world-class encryption solution and Verizon's networks will enable both companies to help strengthen the government's ability to effectively combat cybersecurity threats."
Verizon’s importance is that it is already a major supplier of voice communication technology to the US Government.
Touting its AES 256-bit encryption voice technology on Windows mobile, Nokia and BlackBerry, UK-founded Cellcrypt first broke cover only four years ago after three years in stealth mode.