I really wanted Jolla to go big in the secure smartphone space. As it stands I can have absolutely 0 faith in the technology I use and it makes me feel like we are being treated as a slaves.
Haha, i was also somehow expecting this article to be about the fact that he used a Nokia that could conveniently only store 20 text messages, turning his message history into unobtanium.
Cisco gear, including this specific IP phone model, is riddled with high severity vulns frequently. If they wanted, the main nation state actors could pretty fluidly infiltrate the NATO IT infrastructure if they deemed it useful (which they probably would.)
I'd have thought that the phone itself isn't connected to the Internet? Rather it would be connected to a series of secure routers/switches, which themselves would have rather limited Internet connectivity as well (preferring government-private connections and interconnects). I have no evidence for this; just that I'd have thought the security of a single end-user device probably shouldn't be _that_ important to the security of a high-security network.
FTA: "The red labels on this phone indicate that it is used for secure calls. As this phone has no encryption capability itself, it is connected to a dedicated Voice over IP network with bulk network encryptors that encrypt the outgoing and decrypt the incoming traffic."
It also says, of the same phone (Cisco 8865), that "a similar model, for example, is in the Oval Office on the desk of the President of the United States".
Of course it's possible that the user whose comment you replied to has a better understanding of opsec than both NATO and US 3 letter agencies, but I strongly suspect they're vary aware of the security related to their Cisco products and are either confident that they're secure, or they only use them for non-confidential conversations and have a separate secure line for anything important.
reply