​"If encryption made any difference, they wouldn't let us use it", said someone.

Encrypted calls are protecting you from the ones that don't want to (or cannot) intercept your phone calls, and does not protect you at all against the ones that can intercept your calls - law enforcement, homeland security and intelligence agencies. Make sense to you? If not, please read below.

Most people think that call encryption is the Holly Grail of secure communications, being also a mainstream when it comes to software development for mobile security. Why is that? Because of 007 movies? Not at all. Because is the only product you can find on nowadays security overcrowded market. From hardware devices to sophisticated software applications, all claim that encrypting your mobile voice calls is the best you can get and there are no other trustworthy solutions. Unfortunately encrypted calls does not offer real security when you are targeted not just by (abusive or not) law enforcement, homeland security or intelligence agencies, but worst, even when you are a target for a skilled hacker.

You don't have to trust us. Just google for voice call encryption hack and tons of articles are available at a glance.

For those of you that use voice encryption products on mobile phones the last thing you would expect is for it to be easily decrypted and intercepted. You may have shelled out good coin for your application and rely upon it for your intellectual security, but what if that security was not as tight as you had imagined, what if a readily available wiretapping utility attainable by anyone, and a simple Trojan slipped on to your device could compromise all of your calls?

Back in 2010 blogger, hacker and IT security expert Notrax has done just that. For his own safety we will not reveal his name, however, Notrax has discovered that 12 commercially available mobile voice encryption products can be intercepted and compromised using a little ingenuity and creativity as he has carefully detailed on his website.
He tested 15 voice encryption products in total, 12 of them were “worthless”. It’s easy to take the software at face value when it “tells you” that the call is secured. But how does someone actually go about being sure that it is secured? Notrax did some digging and discovered he could break in to almost all of them in under 30 minutes.

Secure means that Notrax did not manage to crack it. It does not mean that someone else would not be able to crack it.

These calls can be tapped by anyone that has basic technical skills or the money to back up such an endeavor. “Statistics show Government agencies on average conduct 50,000 legal wiretaps per year (legal= those where a court order is required), (Let’s not forget Echelon) another 150,000 phones are illegally tapped by private detectives, spouses and boyfriends and girlfriends trying to catch a potential cheater. Another estimate shows up to 100,000 phones are wiretapped by companies and private industry in some form of industrial espionage. It is happening and it is a big business.”

SnapCell was safe, it’s a private encryption device that snaps on to your mobile, they claim to protect your mobile voice, fax and data communications from wiretapping, eavesdropping and line interference. SnapCell’s website has been offline since January 21st for unknown reasons.
If you are using one of the above voice encryption technologies, you may want to be on the lookout for a new solution, as XCell Stealth Phones. Although these applications cracked are not entirely secure, it would take much effort to bypass them, like having the attacker be able to load software or a trojan on your phone without you knowing. It’s similar to a credit card, so as long as you keep it with you in a secure place you should be fine for the most part.
How govt is using spyware to circumvent call encryption? Read more here.

Think that LTE mobile networks are secure? Well, think twice: hackers decrypt VoLTE encryption to spy on people calls. More here.

Though using of encryption to protect your privacy might be the prudent choice, the method has its own disadvantages:

• Because a cell phone (no matter brand, OS, ram or chipset) does not have enough computation capabilities to encrypt/decrypt a phone call locally, voice encryption take place on 3rd party servers. That means your voice encryption app that you just installed on your "secure" smartphone act like a link to encryption server. This way, only by using data connection (WIFI, etc.) and stepping out on phone outer world you can use such application. The problem is that a server is actually someone else computer. You can't find out who is really hiding behind that servers. Some manufacturers of cryptographic equipment have a track record of hidden cooperation with intelligence agencies and interested private companies. Some of them are not even using publicly scrutinized and standardized crypto algorithms (like Diffie-Hellman, SHA256, AES and Towfish), but “proprietary” encryption methods that are not available for public evaluation. Several “proprietary” crypto-algorithms that were not subject to public review have been shown to be easily breakable in the past, like the COMP128 algorithm that is in use in many GSM networks for authentication, so the “proprietary crypto” approach has to be regarded as very risky. In the end of the day that means you have no real control on your voice calls.
• Introducing a back door into a crypto system does not even require active cooperation of the manufacturer of the equipment or software. All it takes is one bribed programmer to compromise an entire product.
• You never know if encryption solution you use is indeed trustworthy and there is no reliable way to check it. Most of the encryption applications developers are not making public the source code. There can be (and most of the time there are) back doors used by law enforcement agencies. Sure, you can find source code for some encryption apps, which are made available for public by the developer itself. Unless you are not a cryptographer or cryptanalyst, there is no way for you average Joe, to find out if some security flaws affect your encryption app.

Open sesame of encryption solutions
Will you use an encryption app that have servers located in let's say... North Korea? Probably not, but you have to reconsider your opinion. Shortly saying, the more consolidated a democracy is, the easier is for law enforcement to get access to encryption servers, based on a simple warrant. All that because consolidated democracy countries know what we call the rule of law. Since encryption apps are not developed out of this planet and all encryption servers reside in some county, Govt and related institutions have a simple tool called judge warrant which will instantly "open" any "encrypted" server used for so called "secure" communication. Yes, its a matter of time. But in the end they will get a plain text or plain voice copy. Not to mention that NSA and other similar actors have tools and solutions that effectively circumvent any encryption apps, used nowadays to find out in real time what they are looking for.

Using voice call encryption might make you look suspicious and attract unwanted attention on you, exactly from the ones you are trying to hide from. Its like a ringing bell attached on your tail. Have a wild guess on what they will do in case the you use an encrypted cell phone. For sure they will use some other ways to get the info they need. They will not wait to find some security flaws in your crypto app, they will not attempt even deciphering. They will simply bug your home, office and vehicle, will spy on your computer, will intercept your mail and will use covert human intelligence sources (HUMINT) and whatever it takes to obtain relevant information about you and your activities. They can easily bypass the communication protection provided by the encrypted phones by simply collecting relevant information from other sources. Simple as that. Yes, its not on real time. But can be very close to that.

If you are targeted by an intelligence agency, encrypting your mobile communications does not mean that you are 100% protected against eavesdropping. Think about that: will they drop you just because you use encrypted communication? No, for sure.. Being a challenge for them, will find another ways to get the information they need. Sure, for a short period of time your secrets will remain... secret. But any decent agency will find at any time security breaches, gathering info they need about you, by any means.
Actually by encrypting your phone conversations, you are telling them that you have something important to hide and you invite agencies to use other ways to gather intelligence.

When using encryption over standard mobile network voice channels (not via data connection) like that encryption devices attached to your cell phone, that encrypted call is not so... encrypted as you think. Yes, will defend against call interception performed by spyware apps installed on your phone, because phone microphone is not used during encrypted call sessions. But even if you use such a device, the GSM operator or the entity that operates a GSM interceptor can find out pretty much information such as:

• both phone numbers involved in conversation
• conversation length, time stamped
• your (phone) location at the moment of call
• your geo-location at every moment, by some simple and effective triangulation techniques, based on your phone IMEI that cannot be hided by any encryption app. Once you power up your crypto phone, IMEI and IMSI (if there is inserted a SIM card) will be sent out to network, for connection. No need to make any call or send any SMS. This is the way that all cell phones work, including your crypto phone.​

• Modern GSM interceptors can selectively and temporarily block any cell phone within its range based on IMEI and/or IMSI values, making that particular crypto phone unavailable for use, for as long as they want. This happen when a crypto phone uses data connection in order to make encrypted calls.
• It is well known that cell voice encryption need high speed internet connection. Many modern GSM interceptors can downgrade your crypto phone connection from 3G/4G to 2G, by simply jamming 3G/4G uplink frequencies, which is a standard procedure. By doing that, crypto phones that use data connections will fail and become useless.

Not even notorious encrypted cell phones are immune to this attack. Few years ago, an average Joe posted on YouTube a short movie demonstrating how a well known app used for enterprise encrypted communications - GoldLock - can be defeated by a cheap commercial grade spy app called FlexiSpy. Because he had the phone in his hands with GoldLock already installed on, he installed also FlexySpy on the same cell phone. He started an encrypted phone call with another GoldLock phone. Entire conversation was recorded by FlexySpy in clear, just because FlexiSpy collect audio straight from the microphone, way before GoldLock proceed to voice encryption. Then, when conversation finished, was automatically sent by FlexiSpy via WIFI or data connection on a server where could be listened from user personal account. Simple, efficient and embarrassing for a top notch encryption application. You can do whenever you want the same test.
By some reasons, the video was removed from YouTube so we cannot post a link. Also since then, no more free trial apps are available from GoldLock, avoiding other similar situations. However, that does not make GoldLock less effective for private users, being by far one of the most secure communication application.
And yes, the same can happen with your "secure" cell phone.

This is why voice call encryption is a short time solution for secure communications. In fact, being predictable is one of the worst choice on intelligence battlefield. And using a crypto phone means that you are more than predictable.
When using any voice encryption solution (software or hardware), you will never know when actually your cell phone is intercepted, and by consequence you will never know when you are in real danger. Instead of crypto phones blind protection, it is better to know when someone attempt to tap your calls and when they are trying to locate you. Then you can act advisedly, taking the right decisions and even influencing them by different deception techniques. Here comes XCell Stealth Phones, which brings you the best of both worlds: interception detection and interception blocking. Detecting interception in real time and on the right time is really something else than using blind encryption, an advantage that is used by professionals against... professionals.

Based strictly on customer request and if we are sure that customer fully understand all security risks he take, a voice encryption app can be installed on XStealth Lite and XStealth.

source

Trying to dismantle the scam behind antitap.com, imeichanger.com and secretgsm.com, we found out the following facts:

• Behind all this three scam websites hides an italian scammer
• There is no company behind (as trader or manufacturer), but only a guy that buy cheap and sell high, making good money from people
• There is no postal address, no phone number and no contact details, all three websites being a classical online scam
• There is no company PayPal account, but only a personal PayPal account used to sell the fake products.
• There is no "producer" as the scammer states, but only a seller
• There is no customer support since the scammer have no clue about how stealth phones work and how cell interception work
• There are no product user manuals
• There is no general guarantee for any of the products sold on all three websites
• All three websites are owned from the beginning by the same italian scammer. The websites was never owned by any "russian guy"
• On all three websites are being sold counterfeit stealth phones (IMEI change phones) that does not work as described by the scammer
• There are no real anti tapping / anti IMSI catcher / anti interception features on any cell phones that scammer sell, but only words used to fool people, with no factual support
• There are no demo movies to show phones functions and capabilities, being fake products
• The scammer is selling software applications obtained for free from iTunes and Google Play Store. The applications are pre-installed on the phones he sell, pretending to sell "stealth phones"
• The scammer mislead people about real phones capabilities, seriously endangering buyers personal security
• There is no "version 4" Samsung stealth phone, being only a hilarious marketing trick used by the scammer to fool uninformed and naive buyers
  
• The scammer has been caught previously, counterfeiting Samsung G600 IMEI stickers, misleading and fooling buyers about "stealth phones" he sell. More info here
  
• All scammer eBay accounts has been successively closed down due to buyers complaints
  
• This scammer has started his mobile phones scams since 2006
  

More blog entries about the scams on antitap.com, imeichanger.com and gsmsecret.com:

1. Another seller, busted: fake stealth phones for sale 
2. Anonymous SIM card scam
3. A comprehensive view on stealth phones scam                               

Please note that most of the screenshots below has been taken from gsmhosting.com forum and few other websites where the scammer is pretty active.

The amateur scammer behind antitap.com, imeichanger.com and secretgsm.com websites is an italian guy that lives in Monaco, sometimes reported in Swiss. He uses the nickname "cryptone" on most forums since 2008, and sometimes "Luca" only on italian forums.

Early years
In his early years he has started his scams as spy-phone software dealer, on the black market. Back in 2008 he deals the illegal software only on italian forums and websites, taking advantages on italian people that - as you probably know from your trips or interactions - are pretty ignorant when it comes to english language. So, they had to pay a price for that ignorance, buying spy-phone software at high rates. As you know, selling and using spy-phone software is considered to be illegal in most of the countries, even when it comes to spy your own wife or child.

Then in 2008 he has discovered gsmhosting.com forum, starting to post offers for spy-phone software.

Like now, the scammer has used in the past multiple sites for selling illegal software:
nokia-spy.com/index.html
bberryspy.com
spyphonegenerator.weebly.com

In case you weren't already convinced of a certain model of Nokia 1100's can be used for bank fraud by reprogramming the phone in a way that allow the attacker to extract your mobile transaction authentication number -- provided you live in a country like Germany or Holland that use mTANs -- and use it to get into your bank account and transfer funds.

So, this opportunity sounds good enough to the scammer to get involved in it, making some money by fooling people. When he first hear of this scam, posted on gsmgosting.com forum that he want to know more about this scam:

In a short time the scammer realize that he can exploit the market demand for Nokia 1100 by buying cheap Nokia 1100 which are not RH 16-18 series, and counterfeit the software or even the backside IMEI label:

Because he didn't succeed to counterfeit Nokia 1100 RH by software means, he has simply counterfeit the backside IMEI label:

And then he just start selling counterfeit Nokia 1100 on forums, web shops and eBay:

You probably know that the scammer behind antitap.com, imeichanger.com and secretgsm.com is posing now in a security professional, running a bunch of websites and selling high grade security related products pretending that he knows how that products work and how cell phone interception work.
Just to have fun on his approach, vision and knowledge regarding cell phone interception, please have a look below, on how he name an IMSI Catcher or GSM interceptor: "IMEI phishing machine". We think this is self explanatory and need no more proofs about his "professionalism". Do you expect professional customer support when buying and using a stealth phone from this illiterate when it comes to cell phone interception? We hope not.

Then suddenly he have heard somehow about dynamic IMEI phones made by XCell Technologies. He couldn't probably afford to buy one to start replicate it, presuming that he know how to do it (which we doubt). So, he started to ask round for similar but cheaper ones:

Decided to make money from nothing by fooling people, the italian scammer wants to sell even phones that apparently change IMEI (only on phone screen) and not in a real mode. This is yet another proof of the scammer intentions to fool people:

The real story of antitap.com, imeichnger.com and secretgsm.com:

At this stage, from our records comes out that he contacted a Bulgarian hacker and together they put money and bought an XCell dynamic IMEI phone, whose firmware was hacked and extracted by the Bulgarian hacker. The hacker name is Zlatin Penchev from Stara Zagora, and we have his complete story about how he cracked and extracted the XCell firmware and how starting to sell the cracked (and non working) firmware together with the italian scammer. In fact even the italian scammer admits he worked with a Bulgarian hacker:

Obviously, he didn't lose the Bulgarian hacker contact: the hacker has dumped the scammer just because the scammer has no idea about how stealth phones should be replicated and sold to make some pocket money. So, the scammer has started to figure out by himself how to flash the cracked XCell firmware on a phone, in order to clone a real XCell stealth phone. But seems like his attempts to counterfeit XCell stealth phones were unsuccessful at first, because the scammer does not have the necessary knowledge nor quite right tools.

Fake it to make it: please note that the same scammer has been caught in the past using fake G608 IMEI stickers on his fake G600 stealth phones, just to create the appearance of a genuine XCell stealth phone. More about that fake IMEI stickers, here.

Because of using a cracked and non working firmware installed on the wrong platform (Samsung G600 instead of G608), there are a lot of malfunctions and bugs that starts from the moment of flashing (installing) the firmware on the phone:

After his own statements, the italian scammer use the same empirical tool (Onenand downloader) to flash the cracked firmware on the phones, as the other scammer sells on eBay along with the cracked firmware (click here for details). So, no wonder that he got burned out his phones:

Despite the fact that the italian scammer sell counterfeit non working stealth phones, he start advertising on forums about his scam:

He also sell counterfeit stealth phones on his main web shops: antitap.com, imeichanger.com and secretgsm.com.

An interesting fact that demonstrates on antitap.com, imeichanger.com and secretgsm.com are being sold counterfeit non working stealth phones: please have a look on the thread dates: since 2013 the scammer sell stealth phones, but in 2014 he still ask for help in flashing stealth firmware on his counterfeit stealth phones. No need for more proofs, scammer own declarations are more than enough to demonstrate the scam.

Buy cheap, sell high. This seems to be the the guideline followed by the italian scammer. Nothing bad up here, the wrong things and the scam starts when he consider himself nothing but a "legit producer", making confusions between producer and seller. We will not analyze his marketing strategies nor price policy since is not our business. But we will have a look on the products he sell.

Anonymous SIM card scam
We have posted already our conclusions on so called anonymous SIM card, on a previous blog entry. Click here for more details.

Other so called "stealth phones" that he sell
Before talking about other scams, you should know that all Android cell phones that he sell as "stealth phones" are not at all stealth, as scammer claims. The scammer is taking again advantages on unskilled and
unknowledgeable people that have no clue about how cell phone works, how and what a software application can do, selling simple Android phones that the scammer has pre installed several free software applications that can be easily found in abundance on Play Store, by anyone.

Stealth Samsung S4 Duos scam.
What the scammer did? Well, he simply installed on a standard Samsung S4 phone, a free app called Private Text Messaging & Calls. This app can be downloaded and used for free, from Play Store. Click here. Why paying more to a scammer since you can have all this for free, on your Android phone?
What else he did? By using copy/paste, he added some text to his website, copied off the Play Store app page. This is how he launched his product called "Samsung S4 stealth Phone". Pretty easy, right? But not smart enough. We really wonder how many naive people he managed to fool until now.

Please note that the phone does not have ANY anti tapping capabilities nor detection of call interception.

Stealth Samsung S5 scam.
The same scam as above. The scammer has installed the same app (Private Text Messaging & Calls) on a standard Samsung S5. And nothing more. Download for free the app: click here.

Please note that the phone does not have ANY anti tapping capabilities nor detection of call interception.

Encrypted smart phone scam
This is actually a very cheap China made cell phone called DOOGEE TITANS DG150 3.5" (can be bought from here with only 75$) which is not encrypted at all, by default. The phone can be encrypted by the user, as any other Android device, for free.
On this device, the italian scammer has installed the same free app called Private Text Messaging & Calls which can be downloaded from Google Play. Click here.
The scammer is selling this device with 450€, making a good profit on ignorant people.

Please note that the phone does not have ANY anti tapping capabilities nor detection of call interception.

Entry level dual sim burner phone: a scam.
This is actually a cheap NGM feature phone called Stealth, that can be bought with only £91.00 from here. The italian scammer is selling the device with 250€.
Please note that the device will not alert you when your calls and messages are being intercepted. The scammer just sell lies to you.

Please note that the phone does not have ANY anti tapping capabilities nor detection of call interception.

Stealth iPhone 5 scam
Italian scammer is selling ordinary iPhone 5 phones which he installed a free application called CoverMe Private Texting Messenger, which is similar to
Private Text Messaging & Calls, available for Android devices, being released by the same developer - CoverMe Inc.
You can download and install for free CoverMe Private Texting Messenger for iPhone: click here - iTunes link.
No need to pay 650€ for an ordinary iPhone 5.

Please note that the phone does not have ANY anti tapping capabilities nor detection of call interception.

Ultra Tough Anti Tapping Phone: scam
The so called Anti Tapping phone sold by the italian scammer on his websites (antitap.com, imeichanger.com and secretgsm.com) is actually a cheap Android device made in China by OINOM, which can be purchased with only 299$ from Aliexpress.com: click here. Scammer price: 550€.
The scammer has installed on this phones the same free app called Private Text Messaging & Calls which can be downloaded from Google Play. Click here.

Please note that the phone does not have ANY anti tapping capabilities nor detection of call interception.

VHF Stealth Dual SIM Anti Tapping Phone: scam
This so called Anti Tapping phone is actually a China made Android phone called Snopow M8 which can be bought from Aliexpress.com with only 199$: click here.
Scammer price: 390€.
The scammer has installed on this phones the same free app called Private Text Messaging & Calls which can be downloaded from Google Play. Click here.

Please note that the phone does not have ANY anti tapping capabilities nor detection of call interception.

ZOPO anti interception phone ZP1000 Android: scam
This so called "anti interception" phone can be bought for only 172$ from Zopo store: click here.
Scammer price: 399€.
The scammer has installed on this phones the same free app called Private Text Messaging & Calls which can be downloaded from Google Play. Click here.

Please note that the phone does not have ANY anti tapping capabilities nor detection of call interception.

All three examined websites are selling counterfeit and/or non working phones (claimed to be stealth phones), along with free software applications for which the scammer asks for money.
We strongly advise you to keep away from all three websites: antitap.com, imeichanger.com and secretgsm.com. There is nothing that you can buy for your privacy and call security, but only scams and lies.
in case that you been a scam victim on these sites, you might contact us for further assistance.

Our advice: always buy the original. As we did, in the end of the day.