CryptoPhone 500i User Manual
Table of Contents
1 Introduction
2 Setting up the phone hardware
2.1 Opening the housing
2.2 Inserting the SIM card
2.3 Inserting the micro SD card
2.4 Inserting the battery
2.5 Replacing the back cover
2.6 Charging the battery
3 Setting up your CryptoPhone
3.1 Select the Security Level
3.2 Three Apps to control your device
and use it securely
3.3 Setting-up your Secure Storage
3.4 Check your CryptoPhone Number
3.5 Data connection required
3.6 Connect to Secure Network
3.7 Cryptophone App Settings
3.8 Internet Firewall Setup
3.9 General Android system settings
4 Updating your CryptoPhone
5 Using the CryptoPhone App
5.1 Store your Contacts
5.2 Making a Secure Call
5.3 Sending a Secure Text Message
5.4 Timeline
5.5 Lock/Unlock Secure Storage
5.6 The CryptoPhone Widget
6 Emergency Erase of the
Phone's Memory
9
11
14
37
38
47
7 Understanding the
Baseband Firewall
8 Backup & Restore
8.1 Backing up secure storage on a
non-removable SD Card
8.2 Backing up secure storage on a
removable SD Card
8.3 Restoring secure storage
9 Contact Management
9.1 Import Contacts to Secure Storage
9.2 Export Android Contacts
9.3 Import Android Contacts
9.4 Syncing
10 Troubleshooting
10.1 How to find out your version number
10.2 How to find out your security level
10.3 I forgot my passphrase -what to do?
10.4 Reboot
10.5 Factory Reset
10.6 Contact your local distributor
11 General Security Advices
11.1 Different security levels and
their implications
11.2 The CryptoPhone
Permission Enforcement Module
11.3 Safety information
12 Service & Support
12.1 Support
12.2 Service Request
12.3 CryptoPhone 500i Manual
12.4 Disclaimer
CryptoPhone 500i User Manual
Table of Contents
1 Introduction
2 Setting up the phone hardware
2.1 Opening the housing
2.2 Inserting the SIM card
2.3 Inserting the micro SD card
2.4 Inserting the battery
2.5 Replacing the back cover
2.6 Charging the battery
3 Setting up your CryptoPhone
3.1 Select the Security Level
3.2 Three Apps to control your device
and use it securely
3.3 Setting-up your Secure Storage
3.4 Check your CryptoPhone Number
3.5 Data connection required
3.6 Connect to Secure Network
3.7 Cryptophone App Settings
3.8 Internet Firewall Setup
3.9 General Android system settings
4 Updating your CryptoPhone
5 Using the CryptoPhone App
5.1 Store your Contacts
5.2 Making a Secure Call
5.3 Sending a Secure Text Message
5.4 Timeline
5.5 Lock/Unlock Secure Storage
5.6 The CryptoPhone Widget
6 Emergency Erase of the
Phone's Memory
49
51
54
61
66
69
7 Understanding the
Baseband Firewall
8 Backup & Restore
8.1 Backing up secure storage on a
non-removable SD Card
8.2 Backing up secure storage on a
removable SD Card
8.3 Restoring secure storage
9 Contact Management
9.1 Import Contacts to Secure Storage
9.2 Export Android Contacts
9.3 Import Android Contacts
9.4 Syncing
10 Troubleshooting
10.1 How to find out your version number
10.2 How to find out your security level
10.3 I forgot my passphrase -what to do?
10.4 Reboot
10.5 Factory Reset
10.6 Contact your local distributor
11 General Security Advices
11.1 Different security levels and
their implications
11.2 The CryptoPhone
Permission Enforcement Module
11.3 Safety information
12 Service & Support
12.1 Support
12.2 Service Request
12.3 CryptoPhone 500i Manual
12.4 Disclaimer
How to install the SIM Card and
the battery
2
1
SIM Card
optional micro SD Card
(on top of SIM Card)
4
Back button
Multipurpose
jack
Infrared LED
Proximity
Light
Gesture
sensor
Recent apps
button
Microphone
Front camera
Power button
Home button
Notification light
Earpiece
Touch screen
Rear camera
Flash
GPS antenna
Main
antenna
Noise
Cancellation
Microphone
Volume
button
Back cover
Speaker
Headset jack
Device layout
5
CryptoPhone Widget
6
CryptoPhone Application
and Functions
7
CryptoPhone related
application icons
8
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
9
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
10
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
11
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
12
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
13
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
14
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
15
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
16
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
17
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
18
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
19
1 Introduction
The GSMK CryptoPhone 500i is a state of
the art encrypted telephone that provides
you with secure calls over IP (via GSM/EDGE,
3G, 4G (LTE) or WiFi), secure SMS, and a
dedicated secure storage system for your
contacts, notes and secure short messages.
To protect the integrity and security of the
phone and your data, the CryptoPhone 500i is
built on a hardened Android-based operating
system and includes additional components
for true 360° security including the patented
GSMK Baseband Firewall, an Internet Firewall
and additional security options for installed
applications.
Verifiable Source Code
GSMK CryptoPhones are the only secure mobile
phones on the market with source code
available for independent security assessments.
They can be verified to be free of backdoors, free
of key escrow, free of centralized or
operator-owned key generation, andthey
require no key registration.
360˚ Security: Armored and Encrypted
• Ultimate CryptoPhone Security
• Full source code available for review
• No backdoors
• Hardened Android OS
• Configurable Security Profiles
• Encrypted Storage
• Emergency delete function
• Built-in Baseband Firewall 2.0
Security Advice: You should always keep
your CryptoPhone with you to prevent
manipulation by attackers gaining physical
access to the device.
Installing any potentially malicious
third-party apps on your CryptoPhone500i
may, despite of the built-in security
measures, under some circumstances
compromise the security of your data or
your secure communications and is
therefore not recommended.
Package contents
Please, check the product box for the
following items:
• CP500i device
• Battery
• Headphones
• USB charger
• Micro USB to USB cable
• Two stickers with your personal
CryptoPhone number and
corresponding PUK
• Manual
2 Setting up the phone hardware
2.1 Opening the housing
Be careful not to damage your fingernails
when you remove the back cover.
Do not bend or twist the back cover
excessively. Doing so may damage the
cover.
2.2 Inserting the SIM card
Insert the SIM or USIM card provided by the
mobile telephone service provider, and the
included battery.
• Only microSIM cards work
with the device.
• Some LTE services may not be available
depending on the service provider.
For details about service availability,
contact your service provider.
2.3 Inserting the micro SD card
Your device accepts memory cards with
maximum capacity of 128 GB. Depending
on the memory card manufacturer and
type, some memory cards may not be
compatible with your device.
• Some memory cards may not be fully
compatible with the device. Using an
incompatible card may damage the
device or the memory card, or corrupt
the data stored in it.
• Use caution to insert the memory
card right-side up.
• The device supports the FAT and the
exFAT file systems for memory cards.
When inserting a card formatted in a
different file system, the device asks to
reformat the memory card.
• Frequent writing and erasing of data
shortens the lifespan of memory cards.
Remove the back cover.
Insert the SIM or USIM card with the
gold-colored contacts facing downwards.
Do not insert a memory card into the SIM
card slot. If a memory card happens to be
lodged in the SIM card slot, take the device
to your local GSMK distributor to remove
the memory card.
• Use caution not to lose or let others
use the SIM or USIM card.
2.4 Inserting the battery
Insert the battery with the gold-colored
contacts facing to the upper left corner of
the battery slot. Slide it upwards in the
battery slot.
2.5 Replacing the back cover
Ensure that the back cover is closed tightly.
Use only GSMK- and/or Samsung-approved
back covers and accessories with the device.
2.6 Charging the battery
Use the charger to charge the battery
before using it for the first time. A computer
can be also used to charge the device by
connecting them via the USB cable.
a) Connect the USB cable to the USB
power adaptor.
b) Open the multipurpose jack cover.
c) When using a USB cable, plug the USB
cable into the right side of the
multipurpose jack as shown.
d) After fully charging, disconnect the
device from the charger. First unplug the
charger from the device, and then unplug
it from the electric socket.
e) Close the multipurpose jack cover.
3 Setting up your CryptoPhone
Boot the device by long-pressing the power
button on the upper right side of the
device. You will see the CryptoPhone boot
animation.
3.1 Select the Security Level
The operating system of your CryptoPhone
has been hardened against a number of
known attacks.
To make use of this protection mechanism,
the first step to configure your CryptoPhone
before you take it in use, is to select the
operating system’s security level in the
Security Profile Manager tool (this does not
influence the security of encrypted
telephony or secure SMS).
To reduce the likelihood of new and
unknown attacks impacting the security of
your phone, the higher security levels
disable more applications and services than
the lower security levels. Setting the
system’s security level thus enables you to
choose the right balance between
convenience and security by removing more
potentially vulnerable components and
capabilities in the higher security levels.
Please read the description of each security
level (section 11.1) carefully and choose the
level most appropriate for you.
The default security level is High. While you
can always switch to a different security
level later by means of a factory reset of the
phone (see section 10.5), doing so will
erase all data stored on the phone.
3.2 Three Apps to control your device
and use it securely
The CryptoPhone App
The CryptoPhone application is used to
make encrypted calls, send and receive
encrypted SMS, and to store contacts, notes
and secure short messages in the encrypted
Secure Storage. It comes further with the
feature to 'Emergency Erase' the Content of
the Secure Storage and other personal data
on the phone (see section 6).
The Baseband Firewall (BBFW)
The BBFW application protects the
microchip in your CryptoPhone that
manages the communication with the
mobile network, the so-called Baseband
chip, against attacks. The BBFW looks for
certain patterns of phone and network
behavior, will notify you if it detects too
many suspicious events and will then reset
the baseband chip to get rid of possible
attack malware. It will also detect attempts
to control the CryptoPhone by bringing it
under the control of a rogue base station
(e.g. a so-called IMSI Catcher) and notify
you if such a situation occurs.
Note that in certain situations, events will
be flagged as suspicious that are due to
misconfiguration of the mobile network,
spotty coverage, or unusual cell site
configurations. The BBFW is configured to
err on the side of caution and rather reset
the baseband more frequently than
overlook an attack.
The IP Firewall
Another component of the 360° security
concept of the CryptoPhone 500i is the IP
Firewall application. It works essentially the
same way as a personal firewall which you
may know from your desktop computer.
You can allow or block incoming and
outgoing Internet connections for each
application individually. This prevents
unauthorized access from outside to the
CryptoPhone and allows you to control the
network usage of applications.
3.3 Setting-up your Secure Storage
The secure storage subsystem is a feature of
the CryptoPhone Application. It contains
your encrypted SMS messages, your secure
contacts, and your secure notes.
After booting up, open the CryptoPhone
Application. The phone will ask you to set
the passphrase for the secure storage
container.
Note that the strength of protection of the
secure storage container depends entirely
on how difficult it is to guess your
passphrase.
A passphrase consisting of at least 16
characters, consisting of a mix of letters,
numbers and special characters, is
recommended. For instance, you could use
the initial letters from the words of a poem
or song text which you remember well and
replace some of the letters with numbers.
Avoid words that can be found in a
dictionary. You can later change the
passphrase and configure the automatic
timeout for locking the secure storage
container in the settings (see section 3.7).
Note: If you forget your passphrase, there
is no way to retrieve your data in the
secure storage. The encryption system
contains no backdoor or master key. So
make sure not to forget the passphrase.
3.4 Check your CryptoPhone Number
Your personal CryptoPhone number can be
found on the sticker shipped with the
phone. It can also be found on-device, in
the “phone number” section of the
CryptoPhone settings menu, which can be
accessed by invoking the CryptoPhone app
and then tapping on the “Settings” icon.
You need to be logged into the secure
storage container to access the settings
menu. Your passphrase will be required if
you are not logged in at the moment. Write
down your CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone number never
changes, no matter what SIM card you put
into the phone or whether you are roaming,
even if you use Wireless LAN or a satellite
terminal.
3.5 Data connection required
Please note that the CryptoPhone 500i will
establish a data connection to stay online
(so that you can be reached) and transmits
more data when you make or receive a call.
Normal data usage ranges from 2 to 5
Megabytes per 24 hours in standby mode to
keep the CryptoPhone connected.
Using the CryptoPhone 500i on a mobile
phone network (4G/TLE, 3G/UMTS, EDGE,
or GSM GPRS) without an affordable data
plan can result in high charges. When you
are roaming on a foreign network, your
mobile network operator will typically bill
you for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff plans with data
flat rates.
Tip: When traveling abroad, obtain a
pre-paid SIM card from a local network of
the country you are going to that offers a
reasonable data plan (remember that your
CryptoPhone number does not change
when you change the SIM card).
Troubleshooting: If you experience
difficulties in getting your data connection
to work, set the phone to “Basic Security”
or “Medium Security” (see section 10.5).
Then work with your network operator to
set the correct APN address and user
configuration until you can use the phone’s
web browser to access the Internet.
Alternatively, use Wireless LAN / WiFi to
connect to the Internet.
When you can access the Internet from your
web browser, your CryptoPhone should also
be able to establish secure connections.
CryptoPhone calls require a working
Internet connection.
3.6 Connect to Secure Network
The CryptoPhone Applications connects
automatically on start up, if a data
connection is available. If this is not the
case, press the offline status icon on the
CryptoPhone
main screen.
It will show an animation while it tries to
connect.
If your CryptoPhone is connected to the
secure network, the icon will show a
checkmark.
If you want to disconnect from the secure
network, press the status icon again. This
disables the secure network connection.
3.7 CryptoPhone App Settings
In order to change the passphrase of your
Secure Storage go to the 'Settings' menu of
the CryptoPhone application and tap on
'Passphrase'.
Further you can change the timeframe for
an auto-lock of the Secure Storage in the
settings menu. Tap on 'Secure Storage' and
type in a value that seems appropriate for
you.
The 'Timeline' setting controls the recording
of incoming and outgoing encrypted
telephone calls. Three different settings are
available:
a) 'Do not save events': Nothing is saved in
the Timeline of the Secure Storage
b) 'Only save when secure storage is unlocked':
Date, time and telephone number for incoming
and outgoing encrypted telephone calls are
saved but only when the secure storage is
unlocked, when the event occurs.
c) 'Save all events': Date, time and
telephone number for all encrypted
telephone calls are saved in the Timeline of
the Secure Storage. Note that, having this
setting enabled, events occurring during
locked Secure Storage are saved temporarily
unencrypted within the flash memory until
the Secure Storage is unlocked again.
The Emergency Erase function is described
in section 6, the Backup process for the
Secure Storage in section 8 of this manual.
3.8 Internet Firewall Setup
By default full internet access is allowed for
all applications.
In order to change this setting for one
specific application, open the Internet
Firewall App and choose the relevant
application.
You can now allow incoming and outgoing
internet connections for 'Wifi only': the
application has no internet access when you
are connected to mobile networks. Or you
can fully 'Deny' any internet connections.
3.9 Baseband Firewall Settings
You can configure the BBFW's options for
resetting the baseband processor and
disable geolocation from "Settings" in the
drop down menu in the BBFW main screen
(upper right corner).
Enabled geolocation improves the analysis,
but increases power consumption.
The Baseband can be configured
to reboot if:
• an IMSI catcher is detected
• a certain warning level is achieved.
The desired warning level value for a
baseband reboot can be set between 61
and 100 points. Tap on 'Reboot on Warning
Level' and slide the controller to the value
that seems appropriate to you. A baseband
reboot caused by warnings can be disabled
by sliding the controller to the right until
'off' appears as value. Press 'OK' to save the
setting.
You also have the option of sending a
commented logfile with suspicious events to
GSMK for further analysis by encrypted
e-mail. To do this, in the BBFW application,
simply tap on the "cloud" symbol in the top
bar and follow the instructions.
3.10 General Android system settings
This section will describe the most
important system settings you can make on
your CryptoPhone.
The system settings can be configured using
the Settings application.
Personal
In this section you can enable and disable
geolocation of your phone. Tap on 'Location'
and set it to 'On' or 'Off'.
Further you find important settings in the
Security menu.
We recommend to set a proper screen lock
for your device (a PIN, pattern or a password).
Full disk encryption can be set up to protect
data that is outside of your Secure Storage.
Note, that the data is only encrypted as long
as your phone is switched off and you did not
login on boot.
The strength of protection of the encryption
depends entirely on how difficult it is to guess
your passphrase.
The inconspicuous boot feature replaces the
CryptoPhone boot animation with a neutral
boot animation.
Accounts
Google and e-mail accounts can be set-up
and configured here.
The “Local” account comes per default and
can be used for local-only storage of your
calendars and contacts.
System
Important security settings can be influenced
using the “App Options” menu.
Understanding that some users' operational
needs mean that they require access to
third-party applications, the CryptoPhone
Permission Enforcement Module gives these
users fine-grained control of access
permissions for network, sensors and data for
all applications and operating system
components by intercepting the respective API
calls and returning either no or spoofed results
(like user-defined coordinates for GPS and
other location services). This method does for
instance make it possible to use off-the-shelf
mapping & navigation applications without
revealing your true location. Camera and
microphone access can be controlled as well,
thus reducing the risk of surreptitious usage. If
you need to install third-party applications,
carefully examine what permissions these
applications ask for, and restrict their access to
sensitive data like e.g. GPS sensor data, access
to address book data, etc.
When you invoke the PEM by choosing "App
ops" in Device Settings / System, you will see a
list of all installed apps and system
components. Upon clicking on the name of a
specific app, you will see the permissions that
the specific app would like to have. For apps
that you installed from the Google Play store,
a requester will pop up after installation,
asking you to grant or deny the desired
permissions for the app in question. You can
set each permission to Allow, Random
(generate Random data) or Ignore (do not
allow). The Random option is especially useful
for apps that will not work without receiving
data from sources like GPS. If an app
misbehaves with restrictive permissions
enforced, experiment to find which settings
work or consider not using the app at all.
Note that the PEM is no guarantee against
malicious apps compromising your
CryptoPhone, it only raises the bar for an
attacker. We strongly recommend to use the
"High Security" profile, and to not install any
third-party apps on your CryptoPhone.
4 Updating your CryptoPhone
You can check for updates for your
CryptoPhone 500i’s firmware by opening
the "Updater" application and pressing
"Search for Updates”.
The phone will connect to GSMK’s update
servers, and check for updates that are
compatible with your phone’s hardware and
firmware version.
If an updated firmware version is available,
a list of changes towards your current
version will be shown.
If you press the “Update now” button, the
firmware image will be downloaded and
cryptographically verified. When the
verification succeeds, the firmware image
will be written to your phone’s flash
memory.
Follow the on-screen instructions. The data
on your phone will not be erased by a
firmware update.
Note: A full firmware image can be up to
200 Megabytes. Make sure that you use
WiFi or a 3G/4G connection with a
sufficiently generous data plan to
download the update.
5 Using the CryptoPhone App
5.1 Store your Contacts
Each contact stored in the secure storage
area consists of one CryptoPhone number
and one GSM number.
The first entry is the CryptoPhone number,
which usually starts with +807. Enter the
name and corresponding Crypto-Phone
number for the contact you want to call
securely.
Like your own CryptoPhone number, it will
always be the same, even if your partner
switches to a different mobile network
operator or is online via WiFi.
You will recognize a valid Crypto-Phone
number by a special prefix, usually +807.
Please note that CryptoPhone numbers
cannot be reached from the normal
telephone network.
CryptoPhone numbers (+807) cannot be
used to send secure SMS messages.
The GSM numbers are your contact’s
normal mobile phone numbers and can be
used for sending secure SMS messages.
To add a new contact, press the
CryptoPhone “Contacts” button in the main
menu, then press the “Add Contact” icon in
the lower left corner of the screen. Press the
“Back” button to store the contact entry.
You can edit that entry later on by
long-pressing on the contact and choosing
“Show/Edit Details”.
For more details on contact management
(backup/restore/sync), please refer to
section 8 and section 9.
5.2 Making a Secure Call
Press the “Contacts” button, select the
contact you want to call and press the
“Dial” button in the lower left corner of the
screen.
The secure call screen opens and, if your
partner is available, you will hear a ring
tone. When your partner picks up, the text
“Key Exchange” is shown on the display and
you will hear a special tone sequence
indicating that the cryptographic key
exchange is in progress.
After the key exchange is completed, six
letters are shown. These six letters are a
cryptographic fingerprint of the unique
session key used during your secure call.
Once the call has been established, read out
the three letters that are shown under the
label “You say” and verify that the letters
your partner reads out to you are the same
as shown under the label that reads
“Partner says”.
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall quality
of the connection. If it stays orange or red,
try to change to a location with better
network coverage. If it stays red and your
call has glitches or bad audio, change to a
location with better network coverage, try
disconnecting and reconnecting to the
secure network (see section 3.6), then call
again.
Please note that call quality can be
sub-optimal in fast-moving vehicles.
5.3 Sending a Secure Text Message
Before you can exchange secure SMS
messages with a contact, you need to
complete a key exchange for text
messaging.
To initiate the key exchange, go to the
CryptoPhone “Contacts” menu, highlight
the name of your contact and keep it
pressed, then select “Show/Edit Details”
from the pop-up menu.
You can now initiate the key exchange by
pressing the “key exchange” button.
For each key exchange, five SMS messages
will be sent and received, containing the
public key material.
After a key exchange is completed, you will
be asked to verify the new SMS key, either
with a secure phone call or by other means.
Like in a secure phone call, the six letters of
the cryptographic fingerprint of your key are
shown on the display.
Read out the three letters that are shown
under “You say” and verify that the letters
your partner reads out are the same as
shown under “Partner says”.
Once you have confirmed that the letters
match, you can exchange encrypted SMS
messages with your partner by selecting the
“SMS” icon on the CryptoPhone main screen.
The SMS key material is kept inside the
secure storage container and is used to
generate individual message keys for your
future encrypted SMS message
communication with this partner.
The initial key exchange can be renewed at
any time following the procedure above.
5.4 Timeline
The timeline shows your call history.
Since the timeline can reveal sensitive
information about you and your
communication partners, you can configure
whether and when items get saved to the
history as an option in the CryptoPhone
“Settings” menu.
You can choose to store events to the
timeline even while the secure storage
container is not unlocked. Be aware that the
call history for this period is stored in a way
that can be subject to forensic analysis, until
the secure storage container is unlocked the
next time.
5.5 Lock/Unlock Secure Storage
To unlock the secure storage, press the
“Unlock” icon on the CryptoPhone main
screen.
This reveals a “Lock” icon, used to re-lock
the secure storage.
5.6 The CryptoPhone Widget
The CryptoPhone Widget is a quick way to
access the most important CryptoPhone
application features directly from the
device's home screen.
You can use it to make secure calls, access
your secure contacts, the timeline, and
secure messages as well as change your
online status.
Tap on the respective icon in the Widget to
go directly to the desired part of the
CryptoPhone Suite or to change your online
status.
6 Emergency Erase of the phone's memory
In case a capture of your phone by
unfriendly elements is imminent, you can
use the emergency erase function to
overwrite all key material as well as the rest
of the flash memory of the phone.
Note that stored secure storage back-ups
(see section 8) found in the root directory of
an inserted external SD-Card will be erased
as well.
You can access the Emergency Erase
function from the CryptoPhone “Settings”
menu. Note that an emergency erase will
take several minutes. The longer the
emergency erase process has time to run,
the better your data is erased.
Follow the setup instructions (see section 3)
to re-setup your CryptoPhone.
7 Understanding the Baseband Firewall
The BBFW looks for certain patterns of
phone and network behavior. It will output
corresponding “Alerts” after having
analyzed the network and phone status
data.
The BBFW will notify you if it detects
suspicious events. The events are classified is
three categories:
Network Risk Level: A certain Network Risk
Level is achieved when the general network
behavior is suspicious. E.g. the BBFW looks
for un- or badly encrypted communications
or unusual cell selection and re-selection
patterns.
Tracking Events: Tracking Events are events
occurring in the network that theoretically
can be used to track your phone within the
network. E.g. paging requests.
Baseband Resource Anomalies: Baseband
Ressource Anomalies are shown when the
baseband status and the device's operating
system status differ. E.g. a phone call is
ended in the OS but much too late in the
Baseband.
The events are further classified by strength
of suspicion (none, low, medium, high and
very high suspicious) and scored.
The sum of scores results in a “Warning
Level”. If a certain warning level is reached
(see section 3.9 for setting the threshold)
the baseband chip is reset to get rid of
possible attack malware.
Further the BBFW automatically resets the
baseband when an IMSI catcher could
clearly be detected. For instance in a 3G
network, IMSI catcher could try to force the
baseband to 2G to get around security
limitations present in 3G specifications. This
shows a clear signature which is counted as
an IMSI catcher.
As a final step the BBFW turns your
baseband to offline, if it had to trigger such
resets more then 3 times per 5 seconds.
8 Backup & Restore
Your entire Secure Storage (contacts, SMS,
notes, timeline and messaging key material)
can be easily backed-up and restored.
8.1 Backing up secure storage on a
non-removable SD Card
If no SD Card has been inserted the dialog
will show Non-removable SD Card.
In order to backup your secure storage go
to CryptoPhone settings/Backup secure
storage.Tap on this and you will see a text
saying: Secure Storage has been backed up
successfully.
Now, your backup is saved in a file in the
root directory of your phone with the name
backup_yyyymmdd_tttttt.secstore.
The backup file has an encrypted proprietary
format.
You can only read it with the CryptoPhone
Application (see Restore secure storage 8.3)
Additionally you will be asked whether you
want to send the file via e-mail. This is only
possible if you have an e-mail client installed
on your CryptoPhone.
Note that changing the Security Profile will
also delete the back-up stored on the
phones internal SD-Card.
Before changing the security profile you
should save the backup in a different
location, e.g. on an external SD-Card.
8.2 Backing up secure storage on a
removable SD Card
If a SD Card has been inserted the dialog
will show Removable SD CARD and the
backup will be saved on your removable SD
Card.
8.3 Restoring secure storage
This function is only visible if you have
already done a backup that is saved on the
phones internal memory, or on an inserted
removable SD Card. Tap on this entry to
restore an existing backup.
Note that you need the passphrase you had
set when you made the backup to access
your secure storage after having restored it.
A pop-up window will open that lists all
backups you have made before:
Select backup to restore:
backup_yyyymmdd_tttttt.secstore
backup_yyyymmdd_tttttt.secstore
Backups are listed in chronological order.
Select the backup which you want to
restore by tapping on it. A text is shown
saying: Secure storage has been restored
successfully. The app will restart now.
9 Contact Management
Note that you have two different locations to
store your contacts on your CryptoPhone:
• either encrypted within the CryptoPhone
application
• or plain within the Android Contacts
application
9.1 Import Contacts to your Secure Storage
You can import a list of valid CryptoPhone
Contacts from the Android Contacts App to
your Secure Storage:
Tap on the 'sync' symbol in the lower right
corner of the CryptoPhone Contacts menu.
All contacts stored with a valid CryptoPhone
number in your device contacts list will be
imported.
Further you can import a back-up of your
Secure Storage containing your encrypted
Contacts (see section 8).
9.2 Export Android Contacts
Android Contacts can be exported as
followed:
• tap on the menu icon (on the bottom
right corner of the screen) and select
'import/export'
• choose 'Export to storage'
All contacts are saved in a .vcf file (vCard)
on the internal SD card. In order to copy the
file, connect your CP500i to your computer
and browse the internal SD card using your
computer's file manager.
9.3 Import Android Contacts
Android Contacts can be imported either
from the internal SD card of your phone or
from your SIM Card following the steps
described here.
From SD card:
• Connect your device to a computer and
copy the vCard file(s) you want to import
to the root directory of your Phone
• On the phone: open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from storage'
• Choose 'Local' Account
• Choose the vCard file(s) you want
to import
From SIM card:
• Open the Contacts App
• Tap on the menu (lower right corner) and
select 'import/export'
• Choose 'Import from SIM card'
• Choose 'Local' Account
• Now select the contacts you want to
import by tapping on them
or
• Select 'Import all' from the menu in the
top right corner
9.4 Syncing
In order to maintain a list of contacts, you
can also synchronize your Android Contacts
with your computer using third party
software. GSMK can not guarantee the
functionality and security of such a process
and is not responsible for any damage
caused by using third-party software.
While it is possible to set up a Google
account, and enable automatic syncing of
your Android Contacts with your Google
Account, we strongly recommend to save
contacts under the 'Local Account' instead
and use the export and import function of
the Android Contacts application described
above in order to prevent data leakage to
third parties.
10 Troubleshooting
10.1 How to find out your version number
To check the software version on your device:
• Open CryptoPhone App
• Tap on "Information"
• You will find
• Base OS Version
• Baseband Firewall Version
• App Version
• Alternatively you can obtain the
CryptoPhone App version number from
the device's Settings menu:
- Open device Settings
- Choose "Apps"
- Choose the tab "all"
- Scroll down and choose "CryptoPhone"
- Look for the CryptoPhone App
version number
10.2 How to find out your security level
You can see your current Security Level
under “About Phone” in the phone's
“Settings” App.
10.3 I forgot my passphrase - what to do?
Note that when you have forgotten your
passphrase, your data in the Secure
Storage can not be restored.
In order to set a new passphrase, you have
to reset your Secure Storage as follows.
• Open device Settings
• Choose "Apps"
• Choose the tab "all"
• Scroll down and choose "CryptoPhone"
• Tap on "Clear data"
• All your Secure Data will be deleted
• On next application start you will be
asked to initialize your Secure Storage
again
10.4 Reboot
In case your phone behaves in an unexpected
manner or is getting slow, you can reboot
it. To restart your CryptoPhone, press the
power button for two seconds. Choose
“Reboot” from the pop-up menu and
choose “Reboot” again from the drop-down
menu.
Your data will not be erased!
10.5 Factory Reset
In order to switch your CryptoPhone to a
different security level (see section 11.1) or
reset your phone to factory settings by
following the steps described below.
Please note that after a factory reset all
data previously stored on the phone will no
longer be available.
Factory Reset:
• Press power button for about 4 seconds
• Select “reboot“ from the menu
• Select “recovery“ mode and press
“Reboot“
• You are now in recovery mode. Use the
volume buttons to scroll up and down;
use the power button to select
your choice.
• Now choose „wipe data/factory reset“
• Confirm wipe of all user data
• Reboot system now
• “Welcome to your CryptoPhone
is shown
• Select a security level
10.6 Contact your local distributer
If your CryptoPhone requires service please
contact your local distributer for support
(see section 12).
11 General Security Advices
11.1 Different security levels and their
implications
The operating system of the GSMK
CryptoPhone 500i has been hardened against
a number of known attacks. Hardening the
operating system against attacks is an essential
feature for achieving true 360° protection of
your phone.
The Android operating system, on which the
GSMK CryptoPhone 500i's hardened version is
based, enjoys unprecedented popularity in the
mobile phone marketplace. Popularity and
widespread use make the platform a popular
target for malware and fraudulent applications.
Criminals, surveillance tool manufacturers, and
intelligence agencies are known to be
aggressively in the market for usable exploits
against the standard Android operating
system.
Since security on software-driven platforms is
largely a function of the attack surface, the
first and most important step in securing a
platform is to par down the installed software
base as much as possible. This applies both to
operating system-level components and
applications. The CryptoPhone Security Profile
Manager is at the core of the CryptoPhone
500i's security concept and allows the user to
set upon initialization of the phone a desired
security level for the operating system that
matches the intended usage of the phone
(e.g. “dedicated secure phone” vs. “all-in-one
phone”) as well as the user's perceived risk
from software attacks against his phone. All
software components on the phone have
been classified into risk categories, and the
CryptoPhone Security Profile Manager will
restrict or remove an increasing number
components depending on the chosen OS
security level. The removal of components is
augmented by a number of watchdogs and
trigger systems that detect atypical system
behavior. This general approach allows a
flexible adaption of the mobile device’s
security configuration on OS level in order to
strike a meaningful balance between usability
and security, as required by the user's
operational needs.
As a general rule, you should always select the
highest security profile that is still compatible
with your operational needs. Selecting one of
the lower security profiles increases the attack
surface and will introduce security risks that
you should only take if you absolutely need
the kind of functionality offered by one of the
lower security profiles.
11.2 The CryptoPhone Permission
Enforcement Module
The GSMK CryptoPhone Permission
Enforcement Module has now been
integrated into the
device settings menu, and also been provided
with a more intuitive user interface.
In device settings, choose System -> App ops
to set permissions for individual apps
(see section 3.10).
11.3 Safety information
Failure to comply with safety warnings and
regulations can cause serious injury or death.
Do not use damaged power cords or plugs, or
loose electrical sockets. For comprehensive
safety advice, please refer to the safety
information booklet that came with your
device, or download the hardware
manufacturer's safety guide from:
http://www.samsung.com/uk/support/model/S
M-G900FZKABTU
12 Service & Support
12.1 Support
For support requests please send an email
When requesting support, please always
mention your CryptoPhone model, App
version number and the selected security
profile (see section 10) and describe your
issue as detailed as possible.
12.2 Service Request
If your CryptoPhone requires service, your local
distributer is there for you to assist you and repair
or replace the product in the fastest way
possible. Should you experience a hardware
problem with a CryptoPhone product, then
please send your local distributer an email and
list:
• your CryptoPhone model
• App Version (see section 10.1)
• invoice and/or serial number, and
• the exact nature of your problem.
Please note that a detailed, meaningful
description of the defect(s) is important to allow
us to process your request. We will then provide
you with a Return Merchandise Authorization
(RMA) Number under which you can send the
defective device(s) back to us for service. You will
usually receive your RMA number within 48
hours after we get your e-mail.
12.3 CryptoPhone 500i Manual
The latest version of the CryptoPhone 500i
manual can also be accessed on the device
itself by invoking the CryptoPhone App,
pressing the “Information” icon and then
selecting “Quick Start Guide”.
12.4 Disclaimer
This document is provided for information
purposes only, and the contents hereof are
subject to change without notice. This
document is not warranted to be error-free, nor
subject to any other warranties or conditions,
whether expressed orally or implied in law,
including implied warranties and conditions of
merchantability or fitness for a particular
purpose. We specifically disclaim any liability with
respect to this document, and no contractual
obligations are formed either directly or indirectly
by this document. This document may not be
reproduced or transmitted in any form or by any
means, electronic or mechanical, for any
purpose, without our prior written permission.
The product names and logos mentioned in this
document are trademarks or registered
trademarks of their respective owners.
GSMK - Gesellschaft für Sichere Mobile
Kommunikation mbH
Marienstrasse 11, 10117 Berlin, Germany
Manual Version V1.6 - 210115
20
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
