Cellcrypt releases encrypted voice telephony app for Android

In order to ensure security at the point of handshaking between two terminals, the company says that the key pairs are generated on the handset during the installation and are unique to each phone.

The software uses RC4 and AES encryption in multiple layers - the data packet is first encrypted with RC4 and the cipher text is then encrypted again with AES in Counter Mode (CTR).

Infosecurity notes that a 2048 bit seed pool is generated during the installation and is periodically updated. The initial seed, says Cellcrypt, is derived from the microphone input.

As well as working across 2G (GSM) and 3G (CDMA) connections on a smartphone, the Android app is billed as working across a WiFi internet telephony connection and will also work across a satellite connection if accessible.

According to Nigel Stanley, practice leader for security with Bloor Research, cellular voice interception is different from other types of data breaches.

"If you lose a laptop, USB stick or disk drive it can be fairly obvious that the data has gone missing. But with voice, a successful interception can leave no physical trace so there is little chance of realising your data has actually been intercepted resulting in disastrous consequences", he said.

"If you can compromise a cell phone then you are more or less assured that you can collect the most relevant, current and damaging data possible about a user, their business or their private life. By supporting Android devices, Cellcrypt is providing enhanced security for one of the world's most popular mobile platforms", he added.

Richard Greco, Cellcrypt's CEO, meanwhile, said that the industry is seeing a growing tension between organisational security requirements and personal convenience requirements with people often discussing sensitive issues on mobile phones to get their jobs done faster or because they have no other practical choice

"With Cellcrypt's support of Android we are meeting the usability demands of a fast-growing user base whilst continuing to help organisations meet their operational security requirements", he said.

Before you rush off to the Android Market and download Cellcrypt Mobile for Android - which requires Android 2.3 or later - the slightly bad news is that using the software costs $1,500 per user per year. For pretty well uncrackable security however, it is the obvious business option, Infosecurity notes. 

What’s Hot on Infosecurity Magazine?