Comments on: Vodafone to launch secure SMS

By: vijay chaudhari

vijay chaudhari — Mon, 22 Oct 2007 12:00:07 +0000

Hi,

I have developed a mobile application for sending and receiving secure (encrypted) sms from midlet last year. Just wanted to inform if I can help your organisation in this front.

Please reply on email. contact no. is +91-9422772402

By: Sila Mpage

Sila Mpage — Thu, 16 Aug 2007 10:30:33 +0000

But there is a free solution here friends:

http://groups.google.com/group/sms-salama/web/introduction

By: ugosweb

ugosweb — Fri, 13 Jul 2007 08:17:56 +0000

Please, see this PGP for SMS:

http://www.ugosweb.com/miabo

Bye

By: Pat Lang

Pat Lang — Thu, 12 Jul 2007 16:24:45 +0000

This solution is unbelievably shoddy, Broca should definitely use standardised security which reads ‘non-proprietary’. Quite ridiculous that a large company like Vodafone fell for that.
As Samuel is saying, any of the named securitiy options should have been used. I am sure that Broca will be an easy feast for hackers worldwide.
What is a key cycling protocol anyway?

By: Samuel Hydrangea

Samuel Hydrangea — Thu, 12 Jul 2007 13:39:45 +0000

how long is the pin? does the entire encryption depend on this single number? a 4 digit pin on average takes 5000 attempts to crack – not exactly a challenge for a brute force attack, though of course your patent might protect against that or might not (see post above)

By: Henry Rose

Henry Rose — Thu, 12 Jul 2007 11:22:55 +0000

Hi Ian,

I’ve got a question about the “patented key cycling protocol” – what is it?

Is proprietary security ever safe? If nobody else has checked it, we just have to take your word for it that it won’t have any vulnerabilities – patented or not.

Why does it not use publicly tested and trusted security like RSA, RC4, AES, like websites use and international standards bodies recommend for financial systems? (or maybe it does, I would be happy to be corrected)

By: Alex

Alex — Wed, 11 Jul 2007 20:33:04 +0000

Hi Ian,

Thanks for the info, much appreciated!

Alex

By: Ian Price

Ian Price — Wed, 11 Jul 2007 17:14:57 +0000

To answer your question, Alex, I can confirm that it is the former. A small Java applet on the phone powers SAMS and, in most applications of the technology, a message will be unencrypted when the receiving party enters their PIN on the handset. This means that only the intended recipient can see the message. We believe that this level of encryption – both on the handset and over the air – is unique. It based upon the company’s patented key cycling protocol.