October 25, 2013

How secure is the Merkel-Phone?

(Updated: March 30, 2015)

In an article by the German magazine Der Spiegel it was said that the NSA probably also eavesdropped on the mobile phone of chancellor Angela Merkel, which is dubbed Merkel-Phone in popular media. Der Spiegel provided little detail, but according to an article in Die Welt, the old cell phone number of Merkel was mentioned in a document provided by Edward Snowden.

Der Spiegel presented their evidence to the German government, which led to an investigation by German intelligence and security agencies. Apparently the material proved to be trustworthy and chancellor Merkel expressed her anger in the media and even in a phone call to president Obama.

Here we will take a closer look at how the official mobile phone of chancellor Merkel has been secured.

German chancellor Angela Merkel holding a secure BlackBerry Z10 in 2013
(photo: Nicki Demarco/The Fold/The Washington Post)

A new article by Der Spiegel says that a phone number of chancellor Merkel was on an NSA target list since 2002. The document doesn't say what kind of communications were monitored or whether actual content had been recorded.

German chancellor Angela Merkel using
her former Nokia 6260 Slide phone
(photo: dapd, March 1, 2011)

If NSA targeted Merkel's old cell phone number, it's likely the one that belonged to her former smart phone, a Nokia 6260 Slide. This phone was used heavily by Merkel from October 2009 until July 2013. Voice communications through this device were secured by a system called SecuVOICE, made by the small Düsseldorf based company Secusmart GmbH, which was founded in 2007.

Initially, the solution provided by Secusmart could only encrypt voice, not text messages (SMS) or e-mail. For encrypting text messages Secusmart introduced a separate solution called SecuSMS in 2010, which means that between October 2009 and the implementation of SecuSMS, it was rather easy for NSA to at least intercept the text messages from Merkel's official phone (maybe in the same way they collected text messages of the Mexican president).

Another easy option could have been the monitoring and/or intercepting of the non-secure mobile phone that chancellor Merkel uses, which was provided by her political party (so no government money is used for party politics) and which she apparently also uses for her private conversations. For convenience, many politicians often use their private cell phones for government business too.

On October 27, the German tabloid paper BILD revealed that according to anonymous intelligence officials, it was president Obama who ordered the monitoring of chancellor Merkel's communication and that NSA was apparently able to intercept her newest secure mobile phone (see below). Only the secure landline telephone in her office wasn't intercepted.

In an unusual rapid and specific response, NSA said that director Alexander "did not discuss with President Obama in 2010 an alleged foreign intelligence operation involving German Chancellor Merkel, nor has he ever discussed alleged operations involving Chancellor Merkel. News reports claiming otherwise are not true".

Already on October 24, the German paper FAZ learned that the Snowden-document seen by Der Spiegel mentioned the number of the cell phone provided to chancellor Merkel by her political party, which has no security features. There's no evidence that NSA targeted or even broke the encrypted communications from her secure mobile phone.

SecuSUITE @ BlackBerry 10

Since last July, chancellor Merkel uses the new BlackBerry Z10, which is equipped with the SecuSUITE system, consisting of SecuVOICE for encrypting voice, SecuSMS for encrypting text messages and some other applications for securing e-mail and sensitive data stored in the phone (SecuVOICE should not be confused with SecurVoice, the software which was used to secure Obama's Blackberry in 2009).

German chancellor Angela Merkel at the CeBIT 2013, showing
the BlackBerry Z10 with Secusmart encryption chip
(photo: Bundesregierung/Bergmann, March 4, 2013)

A new feature, which is standard available for this phone, is BlackBerry Balance. This enables users to keep both personal data and office work data securely separated in different partitions. In the personal section one can freely use social media and downloaded apps. These are separated from the business section, which can be automatically configured with business applications and e-mail through the Blackberry Enterprise Service 10 server. Users can easily switch from the personal to the business profile by entering a password. Stored user data are protected via 256-bit AES encryption.

For secure communications, the SecuSUITE application is added by inserting a Micro-SD card, called the Secusmart Security Card, in the memory card slot of the phone. This card contains a tamper-proof SmartMX P5CT072 crypto-controller made by NXP, with a PKI-coprocessor for performing the user authentication and a high speed coprocessor for encrypting voice and other data using the 128-bit AES algorithm. These encryption keys are transmitted using the Elliptic Curve Diffie Hellman (ECDH) protocol.

The microSD card used for SecuVOICE was specially developed for Secusmart by Giesecke & Devrient Secure Flash Solutions (G&D SFS), which is a joint venture of G&D and Phison Electronics Corporation. G&D is a major German manufacturer of SIM cards and related security products. Also contained on the micro-SD card is a 4GB flash memory, which allows users to store their data, like MS messages, contacts and calendar entries, in an encrypted format.

The BlackBerry Z10 with SecuSUITE application has been approved by the German government for use at the classification level Restricted (in German: Verschlussache - Nur für den Dienstgebrauch, abbreviated: VS-NfD). It's somewhat surprising that this is the lowest level, which might be explained by the fact that communications are encrypted using only 128-bit keys. Nowadays, it's generally advised to use keys with 256-bit length. Another reason is that a commercial available smart phone device is used, which is less secure than a custom made one.

For conversations at a higher classification level, German government and military officials are bound to dedicated landline phones, and conversations classified as Top Secret (German: Streng Geheim) may only take place from inside rooms that are secured against eavesdropping. Such high level voice and data communications are encrypted through the Elcrodat 6-2 system.

Nonetheless, the German federal government ordered 5000 secured BlackBerry devices, costing around 2500,- euro a piece. The new BlackBerry 10 with SecuSUITE was first presented by Secusmart at the IT business event and conference CeBIT 2013 in March:

The SecuVOICE solution is also available in the Netherlands, where it is (or was?) sold by Fox-IT and approved by the government for encrypting phone calls at the classification level Restricted (in Dutch: Departementaal Vertrouwelijk). NATO also approved SecuVOICE for usage at the level of Restricted.

In November 2014, the German government approved Blackberry's plan to take over Secusmart, which would mean the German crypto company wil become part of the canadian smartphone manufacturer. The German government examined whether this might pose a threat to its national security interests. Germany insisted that its Federal Office for Information Security (BSI) be granted certain access and control rights related to the code used in the Blackberry operating system.

SiMKo3 @ Samsung Galaxy

The secured BlackBerry 10 is not the only secure mobile smartphone approved for German government use.

There's also the SiMKo3 (the abbreviation of the German Sichere Mobile Kommunikation, Generation 3) solution from Deutsche Telekom, which comes with the Samsung Galaxy S III smart phone devices. Presently, this application is only approved for data communications at the Restricted level, but priced at 1700,- euro a piece, these phones are less costly than the BlackBerrys.

The SiMKo3 technique is similar to that of GD Protected, a system developed by General Dynamics to secure Samsung Galaxy S IV and LG Optimus smart phones so they can be used by high level government officials in the United States.

Links and Sources
- BILD.de: Obama wollte alles über Merkel wissen
- Spiegel.de: NSA-Überwachung: Merkels Handy steht seit 2002 auf US-Abhörliste
- T-Online.de: Mit welchem Handy hat die Kanzlerin telefoniert?
- Welt.de: Merkels Handy-Nummer in Snowdens Dokumenten
- WiWo.de: Sicherheitshandys: Blackberry sticht Telekom aus
- Heise.de: Technische Details zum Merkel-Phone 2.0
- ComputerWoche.de: Das können die neuen „Merkel-Phones“


Unknown said...
This comment has been removed by a blog administrator.
Anonymous said...

(IMN) - Inmarsat Mobile Number (satellite communications)

(PHIN), Personal Health Information Number

(RHIN) Refugee Health Information Number

P/K said...

Thank you, I added them to the listings!

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties