Dismiss Notice
Welcome to IDF- Indian Defence Forum , register for free to join this friendly community of defence enthusiastic from around the world. Make your opinion heard and appreciated.

Iaf's New Defence: Hack-proof Smartphones For Personnel

Discussion in 'Modern Warfare' started by Anees, Oct 26, 2016.

  1. Anees

    Anees Lt. Colonel ELITE MEMBER

    Joined:
    Jan 14, 2012
    Messages:
    5,694
    Likes Received:
    3,268
    Country Flag:
    United States
    These are special smart phones that the IAF is in the process of providing to all its 1.75 lakh personnel which are hack proof as they connect only with the Indian Air Force internal network.

    [​IMG]
    Ajit Kumar Dubey | Posted by Ashna Kumar
    New Delhi, October 25, 2016 | UPDATED 07:18 IST




    SPECIAL SMART PHONES

    "All IAF personnel from airmen to officers are being provided these smartphones, which can protect our communication from getting intercepted and also prevents our data from being leaked to hackers who are always on the prowl for classified defence-related information," an IAF officer said here. The phones are equipped with facilities of video calling and voice calling but they do not have any apps like other general smartphones. "In future, we may develop and provide apps which can be of help for the air warriors like if they need any information immediately about their salary or any other issue," the officer said. The phones also provide end-to-end connectivity at all times and at all air bases - from the world's highest battlefield Siachen Glacier to Andaman and Nicobar Islands.

    The smartphone sets are being provided to the officers right after their commissioning, where the service number is put in as the last five or six digits of their official mobile number and "can be also be used to establish their identity". The phones won't bother the personnel when they are on leave as they can connect to the air force network only inside or near the air bases. "Even if some officer involved in the running of an airfield is not on seat, he can be contacted immediately at his location," the officer said.

    The IAF invested more than `300 crore for the creation of an exclusive mobile phone network.

    Also read: Twitter account hacked, spurious tweet sent with malicious intent: Ratan Tata

    There have been cases where phones and computers of service personnel have been compromised by hacking groups backed by Pakistani spy agency ISI and Chinese hackers.

    Personal laptop of an Army officer posted under the Andaman and Nicobar Command was compromised and spy agencies were alerted after they tracked the source of the leakage. However, by then, classified information had already been compromised by hackers.

    http://indiatoday.intoday.in/story/...k-proof-smartphones-smartphones/1/794730.html
     
    Inactive, nik141993 and Austerlitz like this.
  2. Anees

    Anees Lt. Colonel ELITE MEMBER

    Joined:
    Jan 14, 2012
    Messages:
    5,694
    Likes Received:
    3,268
    Country Flag:
    United States
    Now a days its hard to believe something hack proof???
     
    Inactive likes this.
  3. Inactive

    Inactive Guest

    The AFNET connection. Provided no one connects AFNET server to a civil internet:cheers:

    IA has the AWAN and MCCS network program, the former with data and latter for Tactical mobile communication on similar lines. Although a bit slow in unrolling, the Digital India push by present GoI will allow IA to tap into BSNL Fiberoptic Network to increase accessibility and service provision. A win win situation for both as in remote areas, Army will be able to provide the necessary support to BSNL for all India cover.:india:
     
    Abingdonboy likes this.
  4. Technofox

    Technofox Geeky fox MILITARY STRATEGIST

    Joined:
    Oct 24, 2016
    Messages:
    49
    Likes Received:
    177
    Country Flag:
    Norway
    Still touchable. Keeping sensitive martial or networks air gapped from civil or unsecure systems is still a best practice, but against the world's top cyber techs like ProjectSauron? Or Equation? Completely touchable.

    Over the last few years, the number of “APT-related” incidents described in the media has grown significantly. For many of these, though, the designation “APT”, indicating an “Advanced Persistent Threat”, is usually an exaggeration. With some notable exceptions, few of the threat actors usually described in the media are advanced. These exceptions, which in our opinion represent the pinnacle of cyberespionage tools: the truly “advanced” threat actors out there, are Equation, Regin, Duqu or Careto. Another such an exceptional espionage platform is “ProjectSauron”, also known as “Strider”.

    What differentiates a truly advanced threat actor from a wannabe APT? Here are a few features that characterize the ‘top’ cyberespionage groups:

    • The use of zero day exploits
    • Unknown, never identified infection vectors
    • Have compromised multiple government organizations in several countries
    • Have successfully stolen information for many years before being discovered
    • Have the ability to steal information from air gapped networks
    • Support multiple covert exfiltration channels on various protocols
    • Malware modules which can exist only in memory without touching the disk
    • Unusual persistence techniques which sometime use undocumented OS features
    It's a proven capability too. Not just speculation or theoretical. For sensitive information it's best to encrypt, observe EMSEC principles and COMSEC and educate the common man on how to use their equipment. You can have the best IT security around, but if Bob in accounting leaves his computer logged into Facebook one too many times you're going to get bit. In the military, government or security agencies it's no different, Everyone needs to be aware of the security practices, or else air gapping, encryption and network monitoring, among other defenses, are going to be crippled by a common user error. And unfortunately it's those types that are most common.

    Still, it's a great initiative, but don't get stuck in the trap of "hack proof". I'm sure someone's already lining up to prove that wrong.

    Sometimes I wish Sven were still around on the internet... unless here's already hereo_O? He'd be the perfect person to ask about this stuff.

    ...

    There is no such thing as "hack proof". Even the vaunted Quantum Encryption can be broken, and has been:

    https://www.wired.com/2013/06/quantum-cryptography-hack/

    http://www.popsci.com/technology/ar...ck-quantum-encryption-scheme-leaving-no-trace

    http://www.techrepublic.com/blog/it...ptography-works-and-by-the-way-its-breakable/

    http://arstechnica.com/science/2011...-cryptography-by-faking-quantum-entanglement/

    From lasers to methods to guess the encryption key with 80% accuracy, to picking the pocket of the poor sod reading the plain text, because it does need to be translated into text humans can read. We can't read it in its quantum state. There are plenty of methods that can and have been used to break the "unbreakable".

    Unhackable is a gimmick. Observe the best practices and you'll be fine. It's when you stray from them that you run into trouble.
     
    Last edited: Oct 27, 2016
    R!CK, Abingdonboy, Anees and 2 others like this.
  5. Inactive

    Inactive Guest

    @Technofox

    Thanks for the wonderful input. This is just for tactical communication. Thanks to slow pace of automation, luckily, majority of communication of critical importance is based on verbal communications only.
     
  6. GuardianRED

    GuardianRED Captain FULL MEMBER

    Joined:
    Oct 13, 2016
    Messages:
    1,048
    Likes Received:
    1,601
    Country Flag:
    India
    Guess this is why the Russian to going back to the old Typewriter!
     
  7. Inactive

    Inactive Guest


    That is what we are also geared to use in case of hostilities, along with a human messenger to deliver the messages by fastest means possible.
     
    GuardianRED likes this.
  8. Technofox

    Technofox Geeky fox MILITARY STRATEGIST

    Joined:
    Oct 24, 2016
    Messages:
    49
    Likes Received:
    177
    Country Flag:
    Norway
    Typewriter you say? Keystroke acoustic analysis. Yup, there are ways to monitor typewriter emanations too.

    :mrgreen:
     
    kiduva21 and GuardianRED like this.
  9. GuardianRED

    GuardianRED Captain FULL MEMBER

    Joined:
    Oct 13, 2016
    Messages:
    1,048
    Likes Received:
    1,601
    Country Flag:
    India
    [​IMG]

    Really this?
     
  10. Inactive

    Inactive Guest


    Fox, you are welcome to visit. You do not know the Indian Army!!!!:biggthumpup:
     
  11. Technofox

    Technofox Geeky fox MILITARY STRATEGIST

    Joined:
    Oct 24, 2016
    Messages:
    49
    Likes Received:
    177
    Country Flag:
    Norway
    Really. I'm not sure if the link posted correctly, they're hard to miss sometimes, but here it is again - click "again".

    It's a fascinating piece on how using acoustic classification methods, one can read a typewriter message as it's being typed. It requires certain conditions to be met, but you don't have to be in the same room either. Using lasers, Russian espionage/counter-espionage teams were able to gather information from a US consulate from few blocks away by beaming the windows of the building and measuring their minute vibrations, vibrations that are caused by typing, conversations or other factors.

    This particular method is called the Laser Microphone.

    I don't know the Indian Army, true. But I do know that there are plenty of methods to gather information and the Indian Army has not accounted for all of them. The Russians, the Chinese, the Americans, they struggle with this too. Don't put yourselves on a pedestal or it'll make the fall not only hurt, but be embarrassing too.

    These phones will help establish a secure line to HQ, but they are not "hack proof". Period.
     
    Last edited: Oct 27, 2016
  12. Inactive

    Inactive Guest

    Au contrarie, the quip of mine was to underscore the fact that IA is very low tech! Hence, it was in response to keystrokes acoustic analysis post of yours.

    I, for one, prefer hand written notes to be used for communication.
     
    Abingdonboy likes this.
  13. Technofox

    Technofox Geeky fox MILITARY STRATEGIST

    Joined:
    Oct 24, 2016
    Messages:
    49
    Likes Received:
    177
    Country Flag:
    Norway
    :lol: Well that's a problem in of itself on today's battlefield, but one that is partially being rectified. But if true that the Indian Army is starting from a low base, that makes what I've been writing all the more applicable and necessary as established or ingrained protocols wont yet exist or be widespread enough.

    I've been issued a Blackberry by my work. By default it is end-to-end encrypted. The model is a "workized" version of the Z10 shown here.

    [​IMG]

    But that doesn't go far enough because while the encryption may be secure, from all but the most qualitative attackers, it's attacks from other sources like Spearfishing or connecting the phone to a compromised system, like an infected USB port that represent the most prominent thread.

    We adhere to best practices too to support encryption and lessen the chances of an "own goal", such as attaching the phone to a compromised network. Don't use your Blackberry for unauthorized purposes, such as browsing Facebook. Don't let any unauthorized persons use it. Don't leave it unattended. Don't plug it into, or anything into it that isn't authorized. Don't alter the settings without support and authorization from tech teams. Don't connect to public internet or unsecure networks. Don't use it for non-work phone or messaging.

    It's these, on top of encryption that make a "hack proof" phone and if the Indian Army is starting from such a low base, these are practices that need to be instilled in soldiers and enforced, because just one weak link, just one soldier misusing their phone, and the entire chain is compromised. Civilians don't do this stuff so they aren't going to be common practices for your basic soldier who's not coming from a career military background, but a civilian one where they most likely had a smartphone, but it is very important for militaries. Simply calling something "hack proof" and leaving it at that doesn't help anyone.

    I do too and hand deliver messages to my coworkers if I need to transmit secure or sensitive information. And it may work within intelligence agencies or intra-office communications at the Indian Air Force's network HQ. But on the battlefield? In today's high paced, high tech, highly integrated militaries? Not so much. You'd always be a step behind and in an open environment like a war or conflict zone, hand delivered messages aren't secure either.
     
    R!CK, GuardianRED and Inactive like this.
  14. GuardianRED

    GuardianRED Captain FULL MEMBER

    Joined:
    Oct 13, 2016
    Messages:
    1,048
    Likes Received:
    1,601
    Country Flag:
    India
    An example of hand delivery orders

    [​IMG]
     
    Inactive, R!CK and vstol jockey like this.

Share This Page