{"id":24489,"date":"2015-09-09T08:54:34","date_gmt":"2015-09-09T06:54:34","guid":{"rendered":"https:\/\/e52.nl\/?p=24489"},"modified":"2015-09-09T08:54:34","modified_gmt":"2015-09-09T06:54:34","slug":"eit-digital-helps-crypttalk-scale-up","status":"publish","type":"post","link":"https:\/\/ioplus.nl\/archive\/en\/eit-digital-helps-crypttalk-scale-up\/","title":{"rendered":"EIT-digital helps CryptTalk scale up"},"content":{"rendered":"

Today Apple will announce the launch of their\u00a0iOS-9 operating system, which according to Apple’s recent statements has an improved security. This raises the question whether CryptTalk’s\u00a0encryption app for Apple will\u00a0still be needed. CryptTalk is\u00a0part of a scale-up program organized by the Dutch node of <\/i>EIT-Digital<\/i><\/a> based in Eindhoven.<\/i><\/span><\/i><\/span><\/i><\/span><\/i><\/span><\/i><\/p>\n

\"crypttalk<\/a><\/i><\/i><\/i><\/i><\/p>\n

The headquarters of <\/span>CryptTalk<\/span><\/a> are in Stockholm. Research and development are done in Hungary. We meet up with Co-Founder and CEO Szabolcs Kun in Amsterdam.\u00a0<\/span>\u201cOur small Eastern European country turns out to have a pool of brilliant telecom security experts \u2013 as well as being a healthy skeptical market for anything as disruptive as this. Now we\u2019re scaling up across Europe, watching how personal privacy and security is becoming a serious issue in the Netherlands and other countries in Western Europe.\u201d<\/span><\/p>\n

Hack<\/strong><\/p>\n

Hardly a day goes by without some new revelation of a company hack. <\/span>Carphone Warehouse<\/span><\/a> in the UK, security dealings in Germany or <\/span>Ashley Madison<\/span><\/a> in Canada may have got the attention of the press in August 2015. But, in fact, the recent hacks into the US <\/span>Office of Personnel management<\/span><\/a> are information breaches on a much larger scale. Lists of former and active CIA agents and those in witness protection programmes are suddenly out in the open. Ironically, these leaks are many times more serious than the revelations from WikiLeaks.<\/span><\/p>\n

It all goes to prove that we have to take our own measures if you want your calls and data kept safe from <\/span>eavesdroppers<\/span><\/a>. This recent <\/span>60 Minutes Special Investigation<\/span><\/a> from Australia exposes the vulnerabilities that insiders in the telecom business have known for years. <\/span><\/p>\n

\"tedx\"<\/a>Perhaps the clearest explanation of this was in the recent TED Talk by the principal technologist at the American Civil Liberties Union, <\/span>Christopher Soghoian<\/span><\/a>. During the short, sharp <\/span>intervention<\/span><\/a> at TED 2015, Soghoian points out that solutions are coming from smart-phone manufacturers not the telecom carriers.<\/span><\/p>\n

\u201cFor more than 100 years, the telephone companies have provided wiretapping assistance to governments. For much of this time, this assistance was manual. Surveillance took place manually and wires were connected by hand. Calls were recorded to tape. But, as in so many other industries, computing has changed everything. Our telephones and the networks that carry our calls were wired for surveillance first. First and foremost!<\/span><\/i><\/p>\n

So when you’re talking to your spouse, your children, a colleague or your doctor on the telephone, someone could be listening. <\/span><\/i><\/p>\n

Now, that someone might be your own government; it could also be another government, a foreign intelligence service, or a hacker, or a criminal, or a stalker or any other party that breaks into the surveillance system, that hacks into the surveillance system of the telephone companies.<\/span><\/i><\/p>\n

But while the telephone companies have built surveillance as a priority, Silicon Valley companies have not. And increasingly, over the last couple years, Silicon Valley companies have built strong encryption technology into their communications products that makes surveillance extremely difficult.”<\/span><\/i><\/p><\/blockquote>\n

\"washington<\/a>Tim Cook, heads one of those Silicon Valley companies that cares about security. Apple recently posted a personal message<\/span><\/a> from Cook, following a speech delivered to the Epic Champions of Freedom Meeting in Washington DC <\/span>(as <\/span><\/i>reported by Techcrunch<\/span><\/i><\/a>).
\n<\/span><\/i><\/i><\/p>\n

\u201cLike many of you, we at Apple reject the idea that our customers should have to make tradeoffs between privacy and security,\u201d <\/span><\/i>Cook began.<\/span> \u201cWe can, and we must provide both in equal measure. We believe that people have a fundamental right to privacy. The American people demand it, the constitution demands it, morality demands it.\u201d<\/span><\/i><\/p><\/blockquote>\n

Scale up<\/strong><\/p>\n

A few days before the Apple iOS-9 launch on September 9<\/span><\/i>th<\/span><\/i> 2015, Jonathan Marks has been speaking with the CEO of CryptTalk, Szabolcs Kun. He began by asking him whether their encryption app for Apple is still needed, bearing in mind Apple\u2019s recent statement about security and the launch of the latest version of the iPhone\u2019s operating system.<\/span><\/i><\/p>\n

\u201cBoth efforts are needed \u2013 and are complementary\u201d explains Szabolcs. \u201cApple encrypts what is stored and handled on the phone itself. \u00a0CryptTalk encrypts data that leaves the phone, i.e. both the voice conversations and messages. Likewise, the CryptTalk app is able to decrypt voice conversations and messages coming into the same iPhone. We know that standard GSM calls are poorly protected from eavesdropping. Using Skype or Apple’s FaceTime does provide a certain level of protection, but this cannot be compared to the security of the CryptTalk solution.\u201d<\/span><\/p>\n

Active malware detection<\/strong><\/p>\n

I wondered if the CryptTalk app is completely self-contained within the Apple iPhone. Suppose the iPhone has downloaded a piece of malware which records the microphone, listens to the speaker and sends the file to someone without me knowing? Can CryptTalk detect that the phone has been compromised or \u201cjailbroken\u201d?<\/span><\/p>\n

\u201cYes it can.\u201d Szabolcs explains. \u201cIf we were speaking now on CryptTalk, the app securely takes over access to both the microphone and speaker on the iPhone handset.\u201d <\/span><\/p>\n

\u201cSuppose I now start the native Apple Voice recorder on the iPhone, which is a piece of software from Apple – it is not from a third party. Being an Apple product, the Voice recorder has extended rights and privileges compared to non-Apple software.\u201d<\/span><\/p>\n

\u201cOnce CryptTalk detects that another app is trying to access either the microphone or the speaker, it immediately shuts down and drops the call. That’s not going to happen if you are using FaceTime, for instance.\u201d <\/span><\/p>\n

We know what to expect<\/strong><\/p>\n

\u201cLet’s say there is a scale of security from zero to 100. Most of the Apple iPhone applications like FaceTime reach just over 80 points on that scale. We would score 99 because we’re delivering the maximum possible security – and we keep working to ensure it stays at that level.\u201d<\/span><\/p>\n

\u201cWe know what to expect when iOS-9 is launched on September 9<\/span>th<\/span> 2015. Many people are playing with the public beta versions that Apple has released. Of course, as a developer, we have been examining the new operating system in depth. We don’t see major changes to the security aspects of iOS-9 – it is already much better than any other mobile platform. But there are some useful changes to the graphical user interface which make some features in CryptTalk even easier to use.\u201d <\/span><\/p>\n

Quantum Computing Proof<\/strong><\/p>\n

This is a theoretical challenge on the horizon of smartphone security.<\/span><\/p>\n

\u201cAt the moment, it can take decades to hack the type of encryption algorithms that CryptTalk uses. So, even if you have recorded the encrypted call, without having access to the encryption keys, brute force (i.e. randomly guessing the password) is not going to work. As computers get very much faster, some argue that a couple of decades could be reduced to a few days.\u201d<\/span><\/p>\n

\u201cNevertheless, we need to be prepared for the era of what\u2019s being called quantum computing.\u201d<\/span><\/p>\n

\u201cThanks to the basic architecture of the CryptTalk encryption engine, we are able to deliver a quantum-computing proof solution should the market demand this. We have already the technology working in our labs and we’re looking for ways to turn it into a commercial product. Expect a public release of this software next year.\u201d<\/span><\/p>\n

Two versions<\/strong><\/p>\n

ln the Apple App store, there are <\/span>two CryptTalk apps<\/span><\/a> available. \u00a0Is the enterprise version safer?<\/span><\/p>\n

\u201cAll versions use the same algorithms and offer the same maximum level of security. Let me stress that they are equally safe.\u201d<\/span><\/p>\n

\u201cOne version is designed for personal use. Private individuals only want to purchase one account, and they want to sign-up in a similar way to opening a subscription to the New York Times.\u201d<\/span><\/p>\n

\u201cBut companies have completely different requirements. They may want to have several hundred subscriptions, and they want to be able to manage these at the corporate level.\u201d<\/span><\/p>\n

\u201cIn the mobile world, a company goes to a telecom provider. They sign a contract and the telecom provider gives them, say, 350 SIM cards. So if companies purchase the CryptTalk enterprise version, CryptTalk PRO, they can expect volume discounts and additional services to administer the accounts. We also offer Service Level Agreements tailor-made to the needs of each company. Some need access to the CryptTalk Business Services desk as part of their business continuity strategy. And so, we offer different levels of support depending on each customer\u2019s needs. Being a software company makes it easy to adapt accounts as the customer’s business scales up. \u201c<\/span><\/p>\n

EIT Digital<\/strong><\/p>\n

\"eit\"<\/a>\u201cWe have done a lot of market research and validation in Hungary and this has been very useful for preparing our global roll-out, which is starting now. EIT Digital, from their node in Eindhoven, is helping us scale. And we have been transparent by publishing the results of independent audits of our solution.\u201d<\/span><\/p>\n

\u201cWe are different because our approach in developing CryptTalk is very different from others in this market. Most security companies are trying to prevent hackers from getting into their systems from the outside. That’s important, but in our talks with large corporations, we realized that <\/span>security breaches often originate from inside the security provider<\/b>. The weakest link is always the human-factor. Think of bad guys or a national security agency bribing employees, somehow putting pressure on an individual to create a back-door. It has happened.\u201d<\/span><\/p>\n

\u201cWe wanted to build a service where this is impossible – so even if you could gain access to the CryptTalk source code or you have administrative rights to our servers, even then it is impossible to eavesdrop on clients\u2019 calls. We have learned from the mistakes made by the <\/span>early players<\/span><\/a> who were often compromised \u2013 we took a different approach and built a solution designed to reassure clients that we have no back door. Never. It means that we can sleep at night knowing the trusted reputation we have built with our customers will always be secure. \u201c<\/span><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Today Apple will announce the launch of their\u00a0iOS-9 operating system, which according to Apple’s recent statements has an improved security. This raises the question whether CryptTalk’s\u00a0encryption app for Apple will\u00a0still be needed. CryptTalk is\u00a0part of a scale-up program organized by the Dutch node of EIT-Digital based in Eindhoven.<\/p>\n","protected":false},"author":1590,"featured_media":24492,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"categories":[42],"tags":[3448,3450,482,3452,486,484],"location":[],"article_type":[],"serie":[],"archives":[],"internal_archives":[],"reboot-archive":[],"class_list":["post-24489","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sustainability-nl","tag-apple","tag-crypttalk","tag-economy","tag-eit-digital","tag-geen-categorie-en","tag-innovation"],"blocksy_meta":[],"acf":{"subtitle":"","text_display_homepage":false},"author_meta":{"display_name":"Jonathan Marks","author_link":"https:\/\/ioplus.nl\/archive\/author\/jonathan-marks\/"},"featured_img":"https:\/\/ioplus.nl\/archive\/wp-content\/uploads\/2015\/09\/crypttalk-1-300x209.jpg","coauthors":[],"tax_additional":{"categories":{"linked":["Sustainability<\/a>"],"unlinked":["Sustainability<\/span>"]},"tags":{"linked":["Apple<\/a>","Crypttalk<\/a>","economy<\/a>","EIT-digital<\/a>","Geen categorie<\/a>","innovation<\/a>"],"unlinked":["Apple<\/span>","Crypttalk<\/span>","economy<\/span>","EIT-digital<\/span>","Geen categorie<\/span>","innovation<\/span>"]}},"comment_count":"0","relative_dates":{"created":"Posted 11 years ago","modified":"Updated 11 years ago"},"absolute_dates":{"created":"Posted on September 9, 2015","modified":"Updated on September 9, 2015"},"absolute_dates_time":{"created":"Posted on September 9, 2015 8:54 am","modified":"Updated on September 9, 2015 8:54 am"},"featured_img_caption":"","series_order":"","_links":{"self":[{"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/posts\/24489","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/users\/1590"}],"replies":[{"embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/comments?post=24489"}],"version-history":[{"count":0,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/posts\/24489\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/media\/24492"}],"wp:attachment":[{"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/media?parent=24489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/categories?post=24489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/tags?post=24489"},{"taxonomy":"location","embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/location?post=24489"},{"taxonomy":"article_type","embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/article_type?post=24489"},{"taxonomy":"serie","embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/serie?post=24489"},{"taxonomy":"archives","embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/archives?post=24489"},{"taxonomy":"internal_archives","embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/internal_archives?post=24489"},{"taxonomy":"reboot-archive","embeddable":true,"href":"https:\/\/ioplus.nl\/archive\/wp-json\/wp\/v2\/reboot-archive?post=24489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}