Posted: April 6, 2016
Subject: Wi-Fi vs Cellular Network Debate
Before we begin, both type of networks are secured from eavesdroppers as we fully encrypt our communications end-to-end within our applications; specifically Triple Elliptical Curve Diffie-Hellman Ephemeral 25519 (ECDHE) key exchange with AES 256 cipher in CTR mode and HMAC-SHA256. Our EncroChat platform is further protected by deploying X.509 certificates in conjunction with Transport Layer Security (TLS) protocol on both our clients and servers. This verifies that the services our client devices are attaching to are indeed who they are supposed to be and is designed to prevent eavesdropping and tampering. We also do not rely on any third party Certificate Authority (CA) to validate our X.509 certificates (rather EncroChat is its own private CA); so there is no chance of an outside agency corrupting the certificate process. As additional steps, in our EncroChat application you can personally verify the remote user you are communicating with is indeed who you are talking to and that there is no man-in-the-middle (MITM) attack in progress. This is a situation where an attacker secretly relays and possibly alters the communications between two parties who believe they are communicating directly with one another.
In a nutshell, we regard both Wi-Fi and the Cellular networks as hostile and do not trust either communication method to not be completely compromised when using (in fact we assume so). However, there are still some advantages in using one network over the other (especially with regards to tracking).
a) A Wi-Fi modem utilizes much less power than cellular modems; therefore, less range. A standard smartphone will average around 32mW (15dBm) with a range of about 100M. A cellular modem can transmit as much as 2000mW and its range is about 35kms. If someone is tracking you, it is much more difficult with Wi-Fi versus the cellular network due to the much weaker signal.
b) Both Wi-Fi and cellular data modems transmit unique identifiers to their respective networks. Wi-Fi transmits a MAC address to the Wi-Fi router and the cellular modem transmits an IMEI and IMSI to the cellular tower. It is not legal to change an IMEI and it is usually "burned" to the phone so you can always be tracked by the cellular carrier. With Wi-Fi you can change the MAC address legally and as often as desired; thereby effectively rendering you invisible. EncroChat recently implemented random MAC address and random hostname functionality into our operating system through an over-the-air (OTA) update.
c) Wi-Fi networks are heterogeneous networks and cellular networks are homogenous. Wi-Fi networks are a hodgepodge of many varied devices, with no central control, and no licensing is required as they are public spectrum environments. The cellular network is licensed and controlled by a handful of entities all government regulated. They are required to provide government agencies with access to subscriber information, including location and metadata upon request. Most, including ourselves, believe government agencies have unfettered access to these networks.
d) Wi-Fi devices generally are assigned private IP addresses when connecting to Wi-Fi routers and are NAT'd (network address translation) to a single public IP address when communicating with the Internet. Someone attempting to track a subscriber on the Internet can only trace back to the Wi-Fi router. In a large area, with several people all linked to the same Wi-Fi router, it becomes very difficult to locate the exact device transmitting. With cellular networks, the IP address assigned to each subscribing client can be tracked to the exact physical device quite easily as the IP address is linked to the IMEI and IMSI. Using the cellular network, they can triangulate location and even change the power settings on the subscriber cellular modem to help them geographically isolate the device to within a few meters.
e) Wi-Fi routers generally employ Wi-Fi Protected Access II (WPA2) for encryption which has its own fairly decent security for transmitting data to the Wi-Fi router. With cellular modems, it was discovered that the largest SIM card manufacturer was hacked by US and British spy agencies. All data transmitted from client devices was open to them since at least 2010.