Link: Vodafone to Offer Encrypted SMS’s to Businesses
Vodafone UK has signed a reseller agreement with Broca, to provide a secure SMS messaging service. Broca’s flagship service, SAMS, is a patented technology which encrypts and protects traditional SMS messages.
Under the terms of the agreement, Vodafone will integrate SAMS into the messaging portfolio sold by its ‘Target’ sales division. As a value added messaging product SAMS will be used for secure messaging and data capture for corporate customers.
Interesting. Wonder how it works? I assume there’s a client application on the recipients handset that decrypts the message – or perhaps it works via a WAP push that directs the recipient to a secure website? Either way, it’s a step in the right direction for improving the security of SMS – an essential requirement if we’re going to see more use of messaging in the banking and financial sectors.
To answer your question, Alex, I can confirm that it is the former. A small Java applet on the phone powers SAMS and, in most applications of the technology, a message will be unencrypted when the receiving party enters their PIN on the handset. This means that only the intended recipient can see the message. We believe that this level of encryption – both on the handset and over the air – is unique. It based upon the company’s patented key cycling protocol.
Hi Ian,
Thanks for the info, much appreciated!
Alex
Hi Ian,
I’ve got a question about the “patented key cycling protocol” – what is it?
Is proprietary security ever safe? If nobody else has checked it, we just have to take your word for it that it won’t have any vulnerabilities – patented or not.
Why does it not use publicly tested and trusted security like RSA, RC4, AES, like websites use and international standards bodies recommend for financial systems? (or maybe it does, I would be happy to be corrected)
how long is the pin? does the entire encryption depend on this single number? a 4 digit pin on average takes 5000 attempts to crack – not exactly a challenge for a brute force attack, though of course your patent might protect against that or might not (see post above)
This solution is unbelievably shoddy, Broca should definitely use standardised security which reads ‘non-proprietary’. Quite ridiculous that a large company like Vodafone fell for that.
As Samuel is saying, any of the named securitiy options should have been used. I am sure that Broca will be an easy feast for hackers worldwide.
What is a key cycling protocol anyway?
Please, see this PGP for SMS:
http://www.ugosweb.com/miabo
Bye
But there is a free solution here friends:
http://groups.google.com/group/sms-salama/web/introduction
Hi,
I have developed a mobile application for sending and receiving secure (encrypted) sms from midlet last year. Just wanted to inform if I can help your organisation in this front.
Please reply on email. contact no. is +91-9422772402