cryptophone 500i user manual
TRANSCRIPT
CryptoPhone 500i User ManualTable of Contents
1 Introduction
2 Setting up the phone hardware2.1 Opening the housing2.2 Inserting the SIM card2.3 Inserting the micro SD card2.4 Inserting the battery2.5 Replacing the back cover2.6 Charging the battery
3 Setting up your CryptoPhone3.1 Select the Security Level3.2 Three Apps to control your device and use it securely3.3 Setting-up your Secure Storage3.4 Check your CryptoPhone Number3.5 Data connection required3.6 Connect to Secure Network3.7 Cryptophone App Settings3.8 Internet Firewall Setup3.9 General Android system settings
4 Updating your CryptoPhone
5 Using the CryptoPhone App5.1 Store your Contacts5.2 Making a Secure Call5.3 Sending a Secure Text Message5.4 Timeline5.5 Lock/Unlock Secure Storage5.6 The CryptoPhone Widget
6 Emergency Erase of the Phone's Memory
9
11
14
37
38
47
7 Understanding the Baseband Firewall
8 Backup & Restore8.1 Backing up secure storage on a non-removable SD Card8.2 Backing up secure storage on a removable SD Card8.3 Restoring secure storage
9 Contact Management9.1 Import Contacts to Secure Storage9.2 Export Android Contacts9.3 Import Android Contacts9.4 Syncing
10 Troubleshooting10.1 How to find out your version number10.2 How to find out your security level10.3 I forgot my passphrase -what to do?10.4 Reboot10.5 Factory Reset10.6 Contact your local distributor
11 General Security Advices11.1 Different security levels and their implications11.2 The CryptoPhone Permission Enforcement Module11.3 Safety information
12 Service & Support12.1 Support12.2 Service Request12.3 CryptoPhone 500i Manual12.4 Disclaimer
CryptoPhone 500i User ManualTable of Contents
1 Introduction
2 Setting up the phone hardware2.1 Opening the housing2.2 Inserting the SIM card2.3 Inserting the micro SD card2.4 Inserting the battery2.5 Replacing the back cover2.6 Charging the battery
3 Setting up your CryptoPhone3.1 Select the Security Level3.2 Three Apps to control your device and use it securely3.3 Setting-up your Secure Storage3.4 Check your CryptoPhone Number3.5 Data connection required3.6 Connect to Secure Network3.7 Cryptophone App Settings3.8 Internet Firewall Setup3.9 General Android system settings
4 Updating your CryptoPhone
5 Using the CryptoPhone App5.1 Store your Contacts5.2 Making a Secure Call5.3 Sending a Secure Text Message5.4 Timeline5.5 Lock/Unlock Secure Storage5.6 The CryptoPhone Widget
6 Emergency Erase of the Phone's Memory
49
51
54
61
66
69
7 Understanding the Baseband Firewall
8 Backup & Restore8.1 Backing up secure storage on a non-removable SD Card8.2 Backing up secure storage on a removable SD Card8.3 Restoring secure storage
9 Contact Management9.1 Import Contacts to Secure Storage9.2 Export Android Contacts9.3 Import Android Contacts9.4 Syncing
10 Troubleshooting10.1 How to find out your version number10.2 How to find out your security level10.3 I forgot my passphrase -what to do?10.4 Reboot10.5 Factory Reset10.6 Contact your local distributor
11 General Security Advices11.1 Different security levels and their implications11.2 The CryptoPhone Permission Enforcement Module11.3 Safety information
12 Service & Support12.1 Support12.2 Service Request12.3 CryptoPhone 500i Manual12.4 Disclaimer
How to install the SIM Card andthe battery
2
1
SIM Card
optional micro SD Card(on top of SIM Card)
4
Back button
Multipurposejack
Infrared LED
ProximityLightGesture sensor
Recent appsbutton
Microphone
Front camera
Power button
Home button
Notification light
Earpiece
Touch screen
Rear camera
Flash
GPS antenna
Mainantenna
NoiseCancellationMicrophone
Volumebutton
Back cover
Speaker
Headset jack
Device layout
5
CryptoPhone Widget
6
CryptoPhone Applicationand Functions
7
CryptoPhone relatedapplication icons
8
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
9
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
10
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
11
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
12
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
13
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
14
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
15
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
16
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
17
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
18
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
19
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
20
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
21
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
22
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
23
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
Online/Offline status iconand connection button
24
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
25
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
26
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
27
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
28
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
29
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
30
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
31
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
32
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
33
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
34
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
35
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
36
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
37
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
38
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
39
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
40
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
41
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
42
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
43
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
44
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
45
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
46
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
47
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
48
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
49
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
50
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
51
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
52
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
53
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
54
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
CryptoPhone Contacts
Android Contacts
55
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
Sync icon
56
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
57
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
58
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
59
1 Introduction
The GSMK CryptoPhone 500i is a state of the art encrypted telephone that provides you with secure calls over IP (via GSM/EDGE, 3G, 4G (LTE) or WiFi), secure SMS, and a dedicated secure storage system for your contacts, notes and secure short messages.
To protect the integrity and security of the phone and your data, the CryptoPhone 500i is built on a hardened Android-based operating system and includes additional components for true 360° security including the patented GSMK Baseband Firewall, an Internet Firewall and additional security options for installed applications.
Verifiable Source Code GSMK CryptoPhones are the only secure mobile phones on the market with source code available for independent security assessments. They can be verified to be free of backdoors, free of key escrow, free of centralized or operator-owned key generation, and they require no key registration.
360˚ Security: Armored and Encrypted • Ultimate CryptoPhone Security • Full source code available for review • No backdoors • Hardened Android OS • Configurable Security Profiles • Encrypted Storage • Emergency delete function • Built-in Baseband Firewall 2.0
Security Advice: You should always keep your CryptoPhone with you to prevent manipulation by attackers gaining physical access to the device.
Installing any potentially malicious third-party apps on your CryptoPhone 500i may, despite of the built-in security measures, under some circumstances compromise the security of your data or your secure communications and is therefore not recommended.
Package contents Please, check the product box for the following items:
• CP500i device • Battery • Headphones • USB charger • Micro USB to USB cable • Two stickers with your personal CryptoPhone number and corresponding PUK • Manual
2 Setting up the phone hardware2.1 Opening the housing
Be careful not to damage your fingernails when you remove the back cover.Do not bend or twist the back cover excessively. Doing so may damage the cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the mobile telephone service provider, and the included battery.
• Only microSIM cards work with the device. • Some LTE services may not be available
depending on the service provider. For details about service availability, contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with maximum capacity of 128 GB. Depending on the memory card manufacturer and type, some memory cards may not be compatible with your device.
• Some memory cards may not be fully compatible with the device. Using an incompatible card may damage the device or the memory card, or corrupt the data stored in it.
• Use caution to insert the memory card right-side up. • The device supports the FAT and the exFAT file systems for memory cards. When inserting a card formatted in a different file system, the device asks to reformat the memory card. • Frequent writing and erasing of data shortens the lifespan of memory cards.
Remove the back cover.Insert the SIM or USIM card with the gold-colored contacts facing downwards.Do not insert a memory card into the SIM card slot. If a memory card happens to be lodged in the SIM card slot, take the device to your local GSMK distributor to remove the memory card. • Use caution not to lose or let others use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored contacts facing to the upper left corner of the battery slot. Slide it upwards in the battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.Use only GSMK- and/or Samsung-approved back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery before using it for the first time. A computer can be also used to charge the device by connecting them via the USB cable.
a) Connect the USB cable to the USB power adaptor. b) Open the multipurpose jack cover. c) When using a USB cable, plug the USB cable into the right side of the multipurpose jack as shown.d) After fully charging, disconnect the device from the charger. First unplug the charger from the device, and then unplug it from the electric socket. e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power button on the upper right side of the device. You will see the CryptoPhone boot animation.
3.1 Select the Security Level
The operating system of your CryptoPhone has been hardened against a number of known attacks.
To make use of this protection mechanism, the first step to configure your CryptoPhone before you take it in use, is to select the operating system’s security level in the Security Profile Manager tool (this does not influence the security of encrypted telephony or secure SMS).
To reduce the likelihood of new and unknown attacks impacting the security of your phone, the higher security levels disable more applications and services than the lower security levels. Setting the system’s security level thus enables you to choose the right balance between convenience and security by removing more potentially vulnerable components and capabilities in the higher security levels. Please read the description of each security level (section 11.1) carefully and choose the level most appropriate for you.
The default security level is High. While you can always switch to a different security level later by means of a factory reset of the phone (see section 10.5), doing so will erase all data stored on the phone.
3.2 Three Apps to control your device and use it securely
The CryptoPhone App The CryptoPhone application is used to make encrypted calls, send and receive encrypted SMS, and to store contacts, notes and secure short messages in the encrypted Secure Storage. It comes further with the feature to 'Emergency Erase' the Content of the Secure Storage and other personal data on the phone (see section 6).
The Baseband Firewall (BBFW) The BBFW application protects the microchip in your CryptoPhone that manages the communication with the mobile network, the so-called Baseband chip, against attacks. The BBFW looks for certain patterns of phone and network behavior, will notify you if it detects too many suspicious events and will then reset the baseband chip to get rid of possible attack malware. It will also detect attempts to control the CryptoPhone by bringing it under the control of a rogue base station (e.g. a so-called IMSI Catcher) and notify you if such a situation occurs.
Note that in certain situations, events will be flagged as suspicious that are due to misconfiguration of the mobile network, spotty coverage, or unusual cell site configurations. The BBFW is configured to err on the side of caution and rather reset the baseband more frequently than overlook an attack.
The IP Firewall Another component of the 360° security concept of the CryptoPhone 500i is the IP Firewall application. It works essentially the same way as a personal firewall which you may know from your desktop computer. You can allow or block incoming and outgoing Internet connections for each application individually. This prevents unauthorized access from outside to the CryptoPhone and allows you to control the network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of the CryptoPhone Application. It contains your encrypted SMS messages, your secure contacts, and your secure notes.
After booting up, open the CryptoPhone Application. The phone will ask you to set the passphrase for the secure storage container.
Note that the strength of protection of the secure storage container depends entirely on how difficult it is to guess your passphrase.
A passphrase consisting of at least 16 characters, consisting of a mix of letters, numbers and special characters, is recommended. For instance, you could use the initial letters from the words of a poem or song text which you remember well and replace some of the letters with numbers.
Avoid words that can be found in a dictionary. You can later change the passphrase and configure the automatic timeout for locking the secure storage container in the settings (see section 3.7).
Note: If you forget your passphrase, there is no way to retrieve your data in the secure storage. The encryption system contains no backdoor or master key. So make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be found on the sticker shipped with the phone. It can also be found on-device, in the “phone number” section of the CryptoPhone settings menu, which can be accessed by invoking the CryptoPhone app and then tapping on the “Settings” icon.
You need to be logged into the secure storage container to access the settings menu. Your passphrase will be required if you are not logged in at the moment. Write down your CryptoPhone number so that you can give it to your contacts.
Your CryptoPhone telephone number never changes, no matter what SIM card you put into the phone or whether you are roaming, even if you use Wireless LAN or a satellite terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will establish a data connection to stay online (so that you can be reached) and transmits more data when you make or receive a call.
Normal data usage ranges from 2 to 5 Megabytes per 24 hours in standby mode to keep the CryptoPhone connected. Using the CryptoPhone 500i on a mobile phone network (4G/TLE, 3G/UMTS, EDGE, or GSM GPRS) without an affordable data plan can result in high charges. When you are roaming on a foreign network, your mobile network operator will typically bill you for additional roaming charges. To avoid such costs it is strongly recommended to use tariff plans with data flat rates.
Tip: When traveling abroad, obtain a pre-paid SIM card from a local network of the country you are going to that offers a reasonable data plan (remember that your CryptoPhone number does not change when you change the SIM card).
Troubleshooting: If you experience difficulties in getting your data connection to work, set the phone to “Basic Security” or “Medium Security” (see section 10.5). Then work with your network operator to set the correct APN address and user configuration until you can use the phone’s web browser to access the Internet. Alternatively, use Wireless LAN / WiFi to connect to the Internet.
When you can access the Internet from your web browser, your CryptoPhone should also be able to establish secure connections.
CryptoPhone calls require a working Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects automatically on start up, if a data connection is available. If this is not the case, press the offline status icon on the CryptoPhone main screen.
It will show an animation while it tries to connect.
If your CryptoPhone is connected to the secure network, the icon will show a checkmark.
If you want to disconnect from the secure network, press the status icon again. This disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your Secure Storage go to the 'Settings' menu of the CryptoPhone application and tap on 'Passphrase'.
Further you can change the timeframe for an auto-lock of the Secure Storage in the settings menu. Tap on 'Secure Storage' and type in a value that seems appropriate for you.
The 'Timeline' setting controls the recording of incoming and outgoing encrypted telephone calls. Three different settings are available:
a) 'Do not save events': Nothing is saved in the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked': Date, time and telephone number for incoming and outgoing encrypted telephone calls are saved but only when the secure storage is unlocked, when the event occurs.
c) 'Save all events': Date, time and telephone number for all encrypted telephone calls are saved in the Timeline of the Secure Storage. Note that, having this setting enabled, events occurring during locked Secure Storage are saved temporarily unencrypted within the flash memory until the Secure Storage is unlocked again.
The Emergency Erase function is described in section 6, the Backup process for the Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for all applications.In order to change this setting for one specific application, open the Internet Firewall App and choose the relevant application.
You can now allow incoming and outgoing internet connections for 'Wifi only': the application has no internet access when you are connected to mobile networks. Or you can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for resetting the baseband processor and disable geolocation from "Settings" in the drop down menu in the BBFW main screen (upper right corner).Enabled geolocation improves the analysis, but increases power consumption.
The Baseband can be configured to reboot if:• an IMSI catcher is detected• a certain warning level is achieved.
The desired warning level value for a baseband reboot can be set between 61 and 100 points. Tap on 'Reboot on Warning Level' and slide the controller to the value that seems appropriate to you. A baseband reboot caused by warnings can be disabled by sliding the controller to the right until 'off' appears as value. Press 'OK' to save the setting.
You also have the option of sending a commented logfile with suspicious events to GSMK for further analysis by encrypted e-mail. To do this, in the BBFW application, simply tap on the "cloud" symbol in the top bar and follow the instructions.
3.10 General Android system settings
This section will describe the most important system settings you can make on your CryptoPhone.The system settings can be configured using the Settings application.
PersonalIn this section you can enable and disable geolocation of your phone. Tap on 'Location' and set it to 'On' or 'Off'.
Further you find important settings in the Security menu.We recommend to set a proper screen lock for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect data that is outside of your Secure Storage. Note, that the data is only encrypted as long as your phone is switched off and you did not login on boot. The strength of protection of the encryption depends entirely on how difficult it is to guess your passphrase.
The inconspicuous boot feature replaces the CryptoPhone boot animation with a neutral boot animation.
AccountsGoogle and e-mail accounts can be set-up and configured here.The “Local” account comes per default and can be used for local-only storage of your calendars and contacts.
SystemImportant security settings can be influenced using the “App Options” menu.Understanding that some users' operational needs mean that they require access to third-party applications, the CryptoPhone Permission Enforcement Module gives these users fine-grained control of access permissions for network, sensors and data for all applications and operating system components by intercepting the respective API calls and returning either no or spoofed results (like user-defined coordinates for GPS and other location services). This method does for instance make it possible to use off-the-shelf mapping & navigation applications without revealing your true location. Camera and microphone access can be controlled as well, thus reducing the risk of surreptitious usage. If you need to install third-party applications, carefully examine what permissions these applications ask for, and restrict their access to sensitive data like e.g. GPS sensor data, access to address book data, etc.
When you invoke the PEM by choosing "App ops" in Device Settings / System, you will see a list of all installed apps and system components. Upon clicking on the name of a
specific app, you will see the permissions that the specific app would like to have. For apps that you installed from the Google Play store, a requester will pop up after installation, asking you to grant or deny the desired permissions for the app in question. You can set each permission to Allow, Random (generate Random data) or Ignore (do not allow). The Random option is especially useful for apps that will not work without receiving data from sources like GPS. If an app misbehaves with restrictive permissions enforced, experiment to find which settings work or consider not using the app at all.
Note that the PEM is no guarantee against malicious apps compromising your CryptoPhone, it only raises the bar for an attacker. We strongly recommend to use the "High Security" profile, and to not install any third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your CryptoPhone 500i’s firmware by opening the "Updater" application and pressing "Search for Updates”.
The phone will connect to GSMK’s update servers, and check for updates that are compatible with your phone’s hardware and firmware version. If an updated firmware version is available, a list of changes towards your current version will be shown.
If you press the “Update now” button, the firmware image will be downloaded and cryptographically verified. When the verification succeeds, the firmware image will be written to your phone’s flash memory. Follow the on-screen instructions. The data on your phone will not be erased by a firmware update.
Note: A full firmware image can be up to 200 Megabytes. Make sure that you use WiFi or a 3G/4G connection with a sufficiently generous data plan to download the update.
5 Using the CryptoPhone App5.1 Store your Contacts
Each contact stored in the secure storage area consists of one CryptoPhone number and one GSM number.
The first entry is the CryptoPhone number, which usually starts with +807. Enter the name and corresponding Crypto-Phone number for the contact you want to call securely.
Like your own CryptoPhone number, it will always be the same, even if your partner switches to a different mobile network operator or is online via WiFi. You will recognize a valid Crypto-Phone number by a special prefix, usually +807.
Please note that CryptoPhone numbers cannot be reached from the normal telephone network.
CryptoPhone numbers (+807) cannot be used to send secure SMS messages. The GSM numbers are your contact’s normal mobile phone numbers and can be used for sending secure SMS messages.
To add a new contact, press the CryptoPhone “Contacts” button in the main menu, then press the “Add Contact” icon in the lower left corner of the screen. Press the “Back” button to store the contact entry. You can edit that entry later on by
long-pressing on the contact and choosing “Show/Edit Details”.
For more details on contact management (backup/restore/sync), please refer to section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the contact you want to call and press the “Dial” button in the lower left corner of the screen.
The secure call screen opens and, if your partner is available, you will hear a ring tone. When your partner picks up, the text “Key Exchange” is shown on the display and you will hear a special tone sequence indicating that the cryptographic key exchange is in progress.
After the key exchange is completed, six letters are shown. These six letters are a cryptographic fingerprint of the unique session key used during your secure call. Once the call has been established, read out the three letters that are shown under the label “You say” and verify that the letters your partner reads out to you are the same as shown under the label that reads “Partner says”.
If they do not match, you should not consider the line secure.
The quality indicator icon changes color depending on the delay and overall quality of the connection. If it stays orange or red, try to change to a location with better network coverage. If it stays red and your call has glitches or bad audio, change to a location with better network coverage, try disconnecting and reconnecting to the secure network (see section 3.6), then call again.
Please note that call quality can be sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS messages with a contact, you need to complete a key exchange for text messaging.
To initiate the key exchange, go to the CryptoPhone “Contacts” menu, highlight the name of your contact and keep it pressed, then select “Show/Edit Details” from the pop-up menu.
You can now initiate the key exchange by pressing the “key exchange” button. For each key exchange, five SMS messages will be sent and received, containing the public key material.
After a key exchange is completed, you will be asked to verify the new SMS key, either
with a secure phone call or by other means. Like in a secure phone call, the six letters of the cryptographic fingerprint of your key are shown on the display.
Read out the three letters that are shown under “You say” and verify that the letters your partner reads out are the same as shown under “Partner says”.
Once you have confirmed that the letters match, you can exchange encrypted SMS messages with your partner by selecting the “SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the secure storage container and is used to generate individual message keys for your future encrypted SMS message communication with this partner.
The initial key exchange can be renewed at any time following the procedure above.
5.4 Timeline
The timeline shows your call history. Since the timeline can reveal sensitive information about you and your communication partners, you can configure whether and when items get saved to the history as an option in the CryptoPhone “Settings” menu.
You can choose to store events to the timeline even while the secure storage container is not unlocked. Be aware that the call history for this period is stored in a way that can be subject to forensic analysis, until the secure storage container is unlocked the next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the “Unlock” icon on the CryptoPhone main screen.
This reveals a “Lock” icon, used to re-lock the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to access the most important CryptoPhone application features directly from the device's home screen.
You can use it to make secure calls, access your secure contacts, the timeline, and secure messages as well as change your online status. Tap on the respective icon in the Widget to go directly to the desired part of the CryptoPhone Suite or to change your online status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by unfriendly elements is imminent, you can use the emergency erase function to overwrite all key material as well as the rest of the flash memory of the phone.
Note that stored secure storage back-ups (see section 8) found in the root directory of an inserted external SD-Card will be erased as well.
You can access the Emergency Erase function from the CryptoPhone “Settings” menu. Note that an emergency erase will take several minutes. The longer the emergency erase process has time to run, the better your data is erased.
Follow the setup instructions (see section 3) to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of phone and network behavior. It will output corresponding “Alerts” after having analyzed the network and phone status data.
The BBFW will notify you if it detects suspicious events. The events are classified is three categories:
Network Risk Level: A certain Network Risk Level is achieved when the general network behavior is suspicious. E.g. the BBFW looks for un- or badly encrypted communications or unusual cell selection and re-selection patterns.
Tracking Events: Tracking Events are events occurring in the network that theoretically can be used to track your phone within the network. E.g. paging requests.
Baseband Resource Anomalies: Baseband Ressource Anomalies are shown when the baseband status and the device's operating system status differ. E.g. a phone call is ended in the OS but much too late in the Baseband.
The events are further classified by strength of suspicion (none, low, medium, high and very high suspicious) and scored.
The sum of scores results in a “Warning Level”. If a certain warning level is reached (see section 3.9 for setting the threshold) the baseband chip is reset to get rid of possible attack malware.
Further the BBFW automatically resets the baseband when an IMSI catcher could clearly be detected. For instance in a 3G network, IMSI catcher could try to force the baseband to 2G to get around security limitations present in 3G specifications. This shows a clear signature which is counted as an IMSI catcher.
As a final step the BBFW turns your baseband to offline, if it had to trigger such resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS, notes, timeline and messaging key material) can be easily backed-up and restored.
8.1 Backing up secure storage on a non-removable SD Card
If no SD Card has been inserted the dialog will show Non-removable SD Card.
In order to backup your secure storage go to CryptoPhone settings/Backup secure storage.Tap on this and you will see a text saying: Secure Storage has been backed up successfully.
Now, your backup is saved in a file in the root directory of your phone with the name backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary format.
You can only read it with the CryptoPhone Application (see Restore secure storage 8.3)
Additionally you will be asked whether you want to send the file via e-mail. This is only possible if you have an e-mail client installed on your CryptoPhone.
Note that changing the Security Profile will also delete the back-up stored on the phones internal SD-Card.
Before changing the security profile you should save the backup in a different location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a removable SD CardIf a SD Card has been inserted the dialog will show Removable SD CARD and the backup will be saved on your removable SD Card.
8.3 Restoring secure storage
This function is only visible if you have already done a backup that is saved on the phones internal memory, or on an inserted removable SD Card. Tap on this entry to restore an existing backup.
Note that you need the passphrase you had set when you made the backup to access your secure storage after having restored it.
A pop-up window will open that lists all backups you have made before:
Select backup to restore:backup_yyyymmdd_tttttt.secstorebackup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order. Select the backup which you want to restore by tapping on it. A text is shown saying: Secure storage has been restored successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to store your contacts on your CryptoPhone:• either encrypted within the CryptoPhone application• or plain within the Android Contacts application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone Contacts from the Android Contacts App to your Secure Storage:Tap on the 'sync' symbol in the lower right corner of the CryptoPhone Contacts menu. All contacts stored with a valid CryptoPhone number in your device contacts list will be imported.
Further you can import a back-up of your Secure Storage containing your encrypted Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as followed:
• tap on the menu icon (on the bottom right corner of the screen) and select 'import/export'• choose 'Export to storage' All contacts are saved in a .vcf file (vCard) on the internal SD card. In order to copy the file, connect your CP500i to your computer and browse the internal SD card using your computer's file manager.
9.3 Import Android Contacts Android Contacts can be imported either from the internal SD card of your phone or from your SIM Card following the steps described here.
From SD card:• Connect your device to a computer and copy the vCard file(s) you want to import to the root directory of your Phone• On the phone: open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from storage'• Choose 'Local' Account• Choose the vCard file(s) you want to import
From SIM card:• Open the Contacts App• Tap on the menu (lower right corner) and select 'import/export'• Choose 'Import from SIM card'• Choose 'Local' Account• Now select the contacts you want to import by tapping on themor• Select 'Import all' from the menu in the top right corner
9.4 Syncing
In order to maintain a list of contacts, you can also synchronize your Android Contacts with your computer using third party software. GSMK can not guarantee the functionality and security of such a process and is not responsible for any damage caused by using third-party software.While it is possible to set up a Google account, and enable automatic syncing of your Android Contacts with your Google Account, we strongly recommend to save contacts under the 'Local Account' instead and use the export and import function of the Android Contacts application described above in order to prevent data leakage to third parties.
10 Troubleshooting 10.1 How to find out your version number
To check the software version on your device:• Open CryptoPhone App• Tap on "Information"• You will find• Base OS Version• Baseband Firewall Version• App Version• Alternatively you can obtain the CryptoPhone App version number from the device's Settings menu: - Open device Settings - Choose "Apps" - Choose the tab "all" - Scroll down and choose "CryptoPhone" - Look for the CryptoPhone App version number
10.2 How to find out your security level
You can see your current Security Level under “About Phone” in the phone's “Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your passphrase, your data in the Secure Storage can not be restored.
In order to set a new passphrase, you have to reset your Secure Storage as follows.
• Open device Settings• Choose "Apps"• Choose the tab "all"• Scroll down and choose "CryptoPhone"• Tap on "Clear data"• All your Secure Data will be deleted• On next application start you will be asked to initialize your Secure Storage again
10.4 Reboot
In case your phone behaves in an unexpected manner or is getting slow, you can reboot it. To restart your CryptoPhone, press the power button for two seconds. Choose “Reboot” from the pop-up menu and choose “Reboot” again from the drop-down menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a different security level (see section 11.1) or reset your phone to factory settings by following the steps described below.
Please note that after a factory reset all data previously stored on the phone will no longer be available.
Factory Reset:• Press power button for about 4 seconds• Select “reboot“ from the menu• Select “recovery“ mode and press “Reboot“• You are now in recovery mode. Use the volume buttons to scroll up and down; use the power button to select your choice.• Now choose „wipe data/factory reset“• Confirm wipe of all user data• Reboot system now• “Welcome to your CryptoPhone is shown• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please contact your local distributer for support (see section 12).
11 General Security Advices 11.1 Different security levels and their implications
The operating system of the GSMK CryptoPhone 500i has been hardened against a number of known attacks. Hardening the operating system against attacks is an essential feature for achieving true 360° protection of your phone.
The Android operating system, on which the GSMK CryptoPhone 500i's hardened version is based, enjoys unprecedented popularity in the mobile phone marketplace. Popularity and widespread use make the platform a popular target for malware and fraudulent applications. Criminals, surveillance tool manufacturers, and intelligence agencies are known to be aggressively in the market for usable exploits against the standard Android operating system.
Since security on software-driven platforms is largely a function of the attack surface, the first and most important step in securing a platform is to par down the installed software base as much as possible. This applies both to operating system-level components and applications. The CryptoPhone Security Profile Manager is at the core of the CryptoPhone 500i's security concept and allows the user to set upon initialization of the phone a desired security level for the operating system that matches the intended usage of the phone (e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk from software attacks against his phone. All software components on the phone have been classified into risk categories, and the CryptoPhone Security Profile Manager will restrict or remove an increasing number components depending on the chosen OS security level. The removal of components is augmented by a number of watchdogs and trigger systems that detect atypical system behavior. This general approach allows a flexible adaption of the mobile device’s security configuration on OS level in order to strike a meaningful balance between usability and security, as required by the user's operational needs.
As a general rule, you should always select the highest security profile that is still compatible with your operational needs. Selecting one of the lower security profiles increases the attack surface and will introduce security risks that you should only take if you absolutely need the kind of functionality offered by one of the lower security profiles.
11.2 The CryptoPhone Permission Enforcement Module
The GSMK CryptoPhone Permission Enforcement Module has now been integrated into the device settings menu, and also been provided with a more intuitive user interface.
In device settings, choose System -> App ops to set permissions for individual apps(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and regulations can cause serious injury or death. Do not use damaged power cords or plugs, or loose electrical sockets. For comprehensive safety advice, please refer to the safety information booklet that came with your device, or download the hardware manufacturer's safety guide from:http://www.samsung.com/uk/support/model/SM-G900FZKABTU
12 Service & Support12.1 Support
For support requests please send an email to [email protected] requesting support, please always mention your CryptoPhone model, App version number and the selected security profile (see section 10) and describe your issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local distributer is there for you to assist you and repair or replace the product in the fastest way possible. Should you experience a hardware problem with a CryptoPhone product, then please send your local distributer an email and list:
• your CryptoPhone model• App Version (see section 10.1)• invoice and/or serial number, and• the exact nature of your problem.
Please note that a detailed, meaningful description of the defect(s) is important to allow us to process your request. We will then provide you with a Return Merchandise Authorization (RMA) Number under which you can send the defective device(s) back to us for service. You will usually receive your RMA number within 48 hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i manual can also be accessed on the device itself by invoking the CryptoPhone App, pressing the “Information” icon and then selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile Kommunikation mbHMarienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
60
