Some time in mid-March, authorities across Europe started arresting seemingly unrelated groups of criminals. The connection? They all used the same encrypted phone service: EncroChat.
Described by Motherboard as a "WhatsApp for gangsters," the company sold modified phones that claimed to have a variety of security features, including multiple profiles and end to end encryption.
The phones would start at $1150 for the device, with a yearly fee of $3400 to keep it operating. The criminals who used them, as the series of raids in the months following the compromise of EncroChat's systems would reveal, were among the wealthiest and most dangerous in Europe.
They talked openly about drugs, violence, and other criminal activities, with the belief that this communication was truly secure.
So how did so many otherwise very sophisticated criminals get caught up in this? A combination of an attractive offering and snake-oil sales.
The phone that EncroChat offered, according to their UK site, included a bunch of privacy-focused features. The list is a combination of valuable features and gimmicks... the kind of gimmicks that help sell those devices. But the vast majority of these features, including the most valuable ones, are all included in iOS. Apple doesn't advertise the security features, but they are well thought out.
- "Guaranteed Anonymity" - No way to associate device or SIM card to customer account. On iOS: Register the iCloud account to an anonymous email and address.
- "Customized Android Platform" - Fully encrypted from power on. Focus on security and privacy. Simplified user settings. Yiiikes. Android is generally less secure than iOS, and a customized platform is just inviting exploits. iOS has an efficient and secure operating system, and a team dedicated to making sure it is up to date with the latest attacks—much harder to do for a small company like EncroChat.
- "Dual Operating System" - Subscribers can now launch either a standard Android OS or the EncroChat OS. Two distinctive Operating Systems packaged with each device. This is one of those more gimmicky features. While it sounds cool, it doesn't add any functional value.
- "Over-The-Air (OTA) Service" - Enhancements, patches, and features. This is basics, and is the same way that iOS ?(and almost every software) updates.
- "Messaging Protocol" - The electronic equivalent of a regular conversation between two people in an empty room. The "empty room" pitch is compelling—it's also wrong, as the latest breach reveals. Anyone who promises you digital communication this secure is ignoring the risks of any digital messaging system. Signal on an iPhone, connected to an anonymous phone number with disappearing messages is as secure as it can get at the moment. Additionally, it's open source, allowing the security community to analyze it for flaws. EncroChat's was not, and was consequently hacked by the French government.
- "Hardware" - Specially tailored to harden security. Removal of camera, microphone, GPS, and USB data port. This feature is actually valuable, if primarily because it stops the user from being stupid and giving away permissions, as well as very sophisticated attacks. It's possible to do this on iPhone. A guide for the mic can be found here, and one could cover the camera with tape. The GPS would be harder, but a faraday bag could deal with that, and if you wanted to get really complicated, I suppose you could take an iPhone with wireless charging, fill the lightning port with some sort of metal or epoxy, and then charge it wirelessly.
- "Factory Restore" - A user can now securely wipe subscriber device and rebuild it in the field. A basic feature, available on iOS.
- "FIPS 140-2 Certified" - An EncroChat device can not be brute forced to mount the encrypted data partition. Apple's devices meet this security too. This is a fancy-sounding technical qualification, but not unique to EncroChat.
- "Simplified Verification" - Using our Notary verification process vastly simplifies the complexities of encryption for end users. There's not much publicly available about what this "notary" process actually is. It seems to be a feature of their end-to-end encryption, a feature which Signal also provides.
- "Messages that Self-destruct" - With our advanced burn a user can force wipe their own messages from another user’s device using a timer countdown. The disappearing messages feature in Signal.
- "Panic Wipe" - From screen lock a user can type in a PIN and instantly wipe device’s data. This is kind of a cool feature, but I have my doubts about its practical use. If you have a locked-down iPhone with a secure password, you shouldn't need to panic wipe it.
- "Password Wipe" - After a set amount of password attempts on device all data is wiped. Apple has a feature that you can enable to erase all data after 10 failed login attempts.
- "Secure Boot" - Upon boot, the device internally checks itself to ensure no one has tampered with the system files. iOS also has a secure boot process.
- "Tamper Proofing" - Attack surfaces such as ADB connectivity and recovery mode have been removed. Secure boot is a part of this. You can read more about how Apple handles this here, but this is not a feature unique to EncroChat.
- "Updates & Live Support" - Frequent application updates direct. Includes live support. This is where Apple really shines. Apple is known for being very good about quickly releasing security updates, and has employees focused on keeping the OS up-to-date, as well as a community of researchers trying to break into it, and a bug bounty program. EncroChat just doesn't have the resources or community to compete.
- "Global Service" - Quad-band GSM, UMTS and CDMA all supported. Unlimited international SIM included +120 countries. A basic feature, on almost every phone.
As you can see, almost every single feature EncroChat offers can be replaced by a locked-down iPhone with Signal. If you want more details on how to secure an iPhone, I highly recommend Michael Bazzel's Extreme Privacy book.
Imagine a company like EncroChat that was worth over 1.5 trillion dollars, a strong security team with lots of experienced employees, a large community of security testers, and great device security, with secure open source messaging apps.
That company is Apple.