SMS 007
Software for communication protection – a short user's manual

You can view this manual online, or you can download it in PDF format, which is suitable for press.

Contents

Introduction

„SMS 007“ is software for mobile phones, based on Java (J2ME) MIDP-2.0 platform. It does not use any features specific for special mobile phones, and therefore it should run on any phone supporting standards MIDP-2.0 and WMA (Wireless Messaging API). Most current mobile phones support those standards.

This manual does not describe installation of the product. You will find installation information on WWW site www.sms007.cz.

SMS 007 system exists in several releases, which are numbered. Later releases may contain new features. Such features are marked as such in the manual.

An overview of releases:

1.0.2Private alpha-testing release.
1.0.3The first public release, Sept 12, 2005.
1.0.4Improved release, Sept 30, 2005.
1.0.5Extended release, Oct 14, 2005 – support of Motorola Vxxx phones.
1.0.6Version SMS 007 Manager, Jan 10, 2006
1.0.7SMS 007 Basic release (for international market), Feb 8, 2006

Encryption

Not only the messages sent, but all of the sensitive data1, which the SMS 007 system saves into the phone, are protected by encryption. That will protect your data against compromise, should your phone be stolen and the saved information examined.
To encrypt the data, symmetric cipher AES is used.
Hash function SHA-2 is used to derive keys from passwords.

A note on application GUI

Each screen of the application has some commands which perform actions (like „Back“ or „Send“). A standard phone can display three commands at a time – one to the left button, one to the middle one (if there is a middle button), and one to the right one. If there are more than three commands, only some of them are mapped directly to the phone buttons, and the rest is moved to a menu. Different phones have different ways of accessing the menu. For example, most of the Nokia devices will show „Options“ on the left button. Nokia Communicators have a special key „Menu“ located on the lower right side of the keyboard.

A phone can add its own special commands to a screen. The most typical command is switching of T9 (on and off) on the screen for composing of a message. Another example is Nokia 6230, which adds command „Insert smiley“ to some screens. The authors of software have no control over these phone-specific commands. Neither can they exactly determine distribution of commands to buttons. It may happen that the commands are distributed in a strange way on some devices.

Siemens devices of series 65 map commands to the middle button, but do not display the full text of the command – only the first letter is usually seen.

Phone-specific commands are not described in this manual.

Startup and exit of the application

After the installation, the application is stored in the phone together with other applications. For example, in Nokia Series 40 devices, this is in Applications menu. In order to start the application manually, you have to find it in the phone menu, move the cursor over it and press „OK“ or similar button.

The running application can be at any time closed with the red button (hangup of a call), but this should not be done. If you use the red button to close the app, it is similar to Ctrl-Alt-Del restart of a normal computer: data loss is possible (for example, the fresh messages could be lost). The only situations where closing with the red button is not harmful, are the following:

  1. 1.if you haven't logged in yet (you haven't entered the right password)
  2. 1.or if you really need to 'kill' the application instantly (for example, someone is looking at your secret messages over your shoulder etc.)

In all other situations the exit of the application should be performed as follows: return to the main menu of the application and select the „Close“ item. You will be prompted for confirmation, confirm.

After the application startup, one of the two following screens shows up:

  1. setup password screen
  2. login screen

Setup password screen will be shown if the password has not been set up yet. In this case, choose a password at least 8 characters long and enter it into both textfield. Then choose OK (may be hidden in „Options“). If the two entered passwords differ, the application will inform you and return to the screen.

Be sure that you remember your password well! In case you forget it, all your data is lost forever.

Login screen will be shown, if the password has already been set up. Enter the correct password and choose OK. If you enter wrong password, the application will not let you continue. Number of tries is not limited.

If you do not want to login now, press the red button and the application will exit.

If you enter the right password, the application will decrypt saved data and the main menu will be shown.

The main menu of the application

The main menu of the application consists of the following items:

List of contacts

This is the entry point to the list of contacts. Use this item, if you want to:

A detailed description will be given in chapter "List of contacts".

Messages

This is the entry point to reading of the messages and some other functions. Use this item, if you want to:

A detailed description will be given in chapter „Messages“.

Settings

This is the entry point for setup of application behavior. Use this item, if you want to:

A detailed description will be given in chapter „Settings“.

Close

By pressing this item you correctly exit the application. You will be asked whether you want to exit the application or no; if „Yes“, the application will save data and exit, otherwise you'll return to the main menu.

This is the preferred way of closing the application.

List of contacts

In a normal phone, it is not possible to access the standard list of contact from within a Java application. Only phones supporting so-called PIM are an exception; they are very rare.

That is why SMS 007 keeps its own private list of contacts. This is also advantageous for additional security. The private list of contacts is encrypted, therefore a person who would get your phone, cannot determine its contents – so, the people that you communicate secretly with will not be revealed.

You can view the list of contact by selecting „Contacts“ in the main application menu. The list of contacts contains contacts sorted into groups. After fresh installation, the list is empty and only contains an empty group named „All“.

In the list of contacts, the following commands are available:

Default group „All“

Group „All“, which is always on the top of the list, is the default group, and all contacts will be always contained in this group. This group cannot be deleted, but it can be renamed.

More groups

You can create up to 60 more groups. The only requirement is that the new group must have a name different from all already existing groups. Names of groups can contain diacritics and special national characters.

After being created, the new group is empty (does not contain any entries).

You can rename or delete an existing group. The only limitation of renaming is that the new name must not be equal to name of any other existing group (no two groups can have the same name).

Insertion of a contact into groups can be performed upon creation or editing of the contact. One contact can belong into any subset of groups.

Opening and closing the groups

Groups can be opened or closed by clicking. This is a useful feature for orientation in long list of contacts.

Closed group of contacts is denoted by „bars“ in the icon, open group does not have them.

Creating a new contact

You can create new contact by using command „Add“ in the list of contacts. A screen will emerge, which contains a form to be filled. Entries in bold are required:

If there are any user groups available, a list of them will appear at the end of the form, with a possibility to choose from them. You can create a new group on this screen as well (command New group).

The password is the communication password, which will be used to derive keys for communication between you and your contact. You must agree upon this password with the contact, and fill it into your applications on both sides. The passwords must match on both sides, otherwise you will not be able to decrypt the messages. We recommend to choose different passwords for different contacts. You do not have to remember those passwords; the application will save their encrypted hashes (they are protected from illicit reading by encryption with the main application password).

The more complicated communication password, the better. For example, „6jmaS%sdkjbz“ is better than „rollingstone“. Since you do not have to remember the communication passwords, choose them as complicated as possible.

If you do not enter the international prefix (+420 in case of the Czech Republic), the application will try to add it and will give you a warning. In this case, please check whether the prefix is correct and save contact again.

If you try to create a contact with an already used phone number, the application will inform you about this. This is a protection against having the same number listed under two different contacts.

After you enter the details, you create the contact by pressing „OK“. If you want to leave the screen without actually saving the contact, press „Back“.

A note on recommended password lengths

The communication passwords are very important for your security. An attacker that sits on the network and intercepts your communication will have to guess your password, otherwise the message is unreadable.

Since you do not have to remember your communication passwords, you should choose them as random as possible – never ever use common words from any language or meaningful expressions! They should include capital letters, small letters and numbers at least, and a few special characters (like %, #, !) can be added. Do not use accented characters (like Czech or Finnish), as they might be represented differently in various devices (and such a difference would prevent your communication).

In this way, each character in your password can be one of roughly 64 candidates (27 capital chars, 27 small chars, 10 numeric chars and a few special ones; we use 64 as an estimate, since it is a power of 2, and as such, it can be used comfortably for mathematical calculations; the real number will be about 70).

If an attacker chooses to attack your message by trying all possible passwords, it is called a brute-force attack. Probability of success depends on the number of all possible passwords, and this depends on the length of your communication password. Basically, each extra random character will increase the security of the password 64 times. For example, a 6-char communication password gives 64*64*64*64*64*64 = 68 719 476 736. This looks as a big number, but if the attacker's computer can try 1 million passwords each second (which modern computers definitely can), the attacker will get to your password in 68 719 seconds – less than a day.

On the other hand, 12-char password gives 64*64*64*64*64*64*64*64*64*64*64*64 = 4 722 366 482 869 645 213 696 options. A computer which can try a million passwords per second would need 149 745 258 years to check all the possible 12-char passwords. This is the time which has elapsed since the era of the dinosaurs.

Special-purpose computers can be built, which will verify more than a million passwords per second – for example, a million million passwords. But even these computers will fail when confronted with really long passwords.

So, what are the reasonable lengths of a password in SMS 007? In the following table, we will assume that the passwords are generated randomly, and have 64 possibilities per each character.

Password length An example Number of possibilities Comment
6 chars 5aYz1e 68 719 476 736

Do not use such short passwords in serious communication.

Good enough against your sister, husband or neighbor, provided that he is not Bond, James Bond.

10 chars q303cnOS7a 1 152 921 504 606 846 976

The minimal reasonable size for serious use, if your adversary is a small to medium organization and/or does not possess expertise know-how and a lot of money.

Passwords of this length can be cracked using special hardware (which must be designed and – expensively – built for this purpose), or by a massive Internet - based distributed attack involving millions of computers.

Use at least this length if you are a mid-sized businessman (say, the assets that you protect are no more than a million USD worth).

Remember that in 2015, there well may be computers that will be able to crack 10-char passwords as easily as the current computers are able to crack the 6-char passwords. So, if you want to protect your messages even against future attackers, choose longer passwords than 10-char.

15 chars kdhU82Bz02rdaIj 1 237 940 039 285 380 274 899 124 224

Safe against any current adversaries, with a possible exception of the NSA (American security service).

Use at least this length if you want to be really secure – if you are an important politician or a big businessman, for example.

Should be secure for at least 15 years into the future.

22 chars tzl3ianh1s63jndpj1rnm8 5 444 517 870 735 015 415 413 993 718 908 291 383 296

The largest reasonable password for SMS 007. As the underlying cipher (AES) uses 128-bit keys, longer passwords will not give you additional security.

Use this length if you want to achieve the maximum security from SMS 007.

Should be safe against anyone on the planet and for many years into the future.

Choice of good communication passwords is essential to your security!

Editing an existing contact

You might want to edit a contact, when the person changes phone number, or if you want to sort the contact into groups, or if you want to change any details, or if you want to setup a new communication password with that person.

In this case, place the cursor over the contact in the contact list and select „Edit“. A screen for editing will appear. Update the values (if you want to change the communication password, do it with command „Password setup“ on that screen).

If you want to save the changes, press „OK“, otherwise press „Back“.

Sending a message to a contact or to a group

You can send messages to people in the contact list, or to whole groups. To start writing a message, place the cursor over the desired group or contact and select „Send“ from menu. Clicking on a contact works the same way. Clicking on a group does not (it opens or closes the group instead).

More details about writing and sending messages can be found in chapter „Messages“.

Sending a contact

You can send a contact from your list to another person. The contact will be sent by a special SMS, which can be encrypted. The following information will be sent: Name, Phone number, E-mail and Note. No other data (passwords etc.) will be sent!

If you want to send a contact using SMS, place the cursor over the desired contact in the contact list and select „Send contact“. Sending itself is identical to sending any other message – see chapter „Messages“.

Deleting a contact

You can delete a contact from a group, or from all groups.

If you place the cursor over a contact in a group other than the default group (the highest one, „All“), and select „Delete“ from the menu, you will be prompted whether you really want to delete contact from this group or no. If you confirm, the contact will be deleted from that group, but will stay in all other groups that it was in.

If you place the cursor over a contact in the default group (the highest one, „All“), and select „Delete“ from the menu, you will be prompted whether you really want to delete the contact definitely. If you confirm, the contact will be deleted from all groups that used to contain it. The contact will be lost and cannot be undeleted.

SMS 007 Manager – extended options in list of contact

SMS 007 Manager version gives to the user two more options in list of contacts – call a contact, and import a contact from the list of contacts present in the phone into the internal application list.

If you want to call some of your contacts, place the cursor over it and select „Call“ from the menu. Beware! This voice call will not be protected by encryption!

If you want to import contacts from within the phone contact list, select „Add from contacts“ from the menu. You may be asked to choose one of the contact databases; in such case, select your preferred database. However, many phones have one database of contacts only; in such case, you will not be asked to choose and you will directly proceed to the list of contacts.

Now, the list of contacts read from your phone will be displayed. You can search this list by using the Find command in menu, or you can choose one of the displayed contacts directly. Reading of the contact list takes some time; please wait until it is finished.

You can search the list of contacts using the „Find“ command. If you choose „Find“, a screen with one textfield appears. There you can enter name or its part, and select the „Find“ command. The system will show you contacts which correspond to the entered name. The search is case insensitive, and special characters can be used (like Czech, Russian or Chinese)

Now, select the contact that you wish to add to your internal contact list. A screen for adding of a new contact will be displayed, with name, phone number and e-mail already filled in. Now, only the password for communication must be set up.

Messages

The core of „SMS 007“ system is sending and receiving of encrypted text messages. The messages can contain at most 200 characters, including special characters for languages other than English. You will get into the list of messages by selecting „Messages“ item from the main application menu.

After a „fresh“ installation the list of messages is empty, save the default group „All“. The default group cannot be deleted, and is always placed on the top of the message list. However, the default group can be renamed at will.

The groups in list of messages have the same properties as groups in list of contacts. They can be created, opened, closed, renamed and deleted. Maximal number of message groups is 60. One group may be sorted into any number of groups.

The only difference between groups of contacts and groups of messages is their icons. An open group of messages has an icon of an open drawer with a letter inside; a closed group has an icon of a closed drawer.

List of messages, message status and corresponding colors

Messages are sorted by time. The most recent message will be always on top of the list. Icons of messages differ in color according to their status.

Mass deletion

Since release 1.0.4, an option of „Mass deletion“ is available in the list of messages. Using this command, you can quickly empty the list of messages, leaving only the most recent messages. You can select to keep last 3, 5, 7 or 10 messages. This „mass deletion“ does not remove „Archived“ messages, which must be either de-archived, or removed manually.

Composing a new message

There are two ways of composing a new message. Either you choose the recipient in the contact list, or you select „New message“ command in the list of messages. A screen with a textbox will appear. The maximal length of a new messages is 200 characters. We will call the screen „Screen for message composition“.

Available commands at the „Screen for message composition“ differ according to whether the message being composed already has an addressee specified, or no.

In case that the message has an addressee specified, the commands are as follows:

In case that the message does not have an addressee, the commands are as follows:

A message without an addressee cannot be sent. Before sending a message, you must specify an addressee – see chapter „Selecting an addressee“.

Selecting an addressee

If you want to send a message which does not have an addressee, you must specify an addresee. This is done with command „Add addressee“ on the „Screen for message composition“.

There are two options available:

Choose one of the two options and select „Continue“ command.

If you have chosen „Select from contact list“, your contact list will appear. Move the cursor over the desired contact or group, and select „Continue“ command again. You will be returned to the „Screen for message composition“, with the addressee set.

If you have chosen „Enter new“, the number provided will be checked for the international format and you will be returned to the „Screen for message composition“, with the addressee set.

Sending a message

If you have finished writing your message, and the message has an addressee, you can send it with the command „Send“.

A screen will appear with a question whether you want to encrypt the message, and with a question „Send as top secret?“ The options are as follows:

If you choose „Send as top secret“, the message will be sent as „Top secret“ - see section „Top secret messages“.

Unencrypted messages cannot be „Top secret“.

Top secret messages

If a message is denoted as „Top secret“, it will not be saved to the phone's memory. The message will be deleted from the list of messages on the sender side as soon as it is sent successfully. On the receiving side, the message will be kept in the list of messages only until it is open and read. Immediately after reading, the message will be deleted on the receiving side as well.

The addressee is warned about this status on the screen displaying the message. See section „Message reading“.

Maximal length of the message and number of messages

In current releases of SMS 007, the maximal length of a message is 200 characters. In transport, the message will be split to 1 or 2 submessages, which will be charged separately by the operator. Also, some control checksums are included. Therefore, sending a long encrypted SMS may cost twice as much as sending a single normal SMS.

The splitting and recombination of the messages being sent and delivered is performed automatically by „SMS 007“ system. The user will never notice any splitting, the whole message, even a long one, is always displayed at once.

Reading of messages

Received, sent, saved (etc.) messages can be read in the list of messages. Either you click on the desired message, or you select „Edit“ in the menu.

A special screen will appear, listing the following information:

This screen will not appear, if the message cannot be decrypted. This can happen for example with messages from unknown numbers (not in your contact list), or after you have changed the communication password with someone, and you attempt reading an older message still encrypted with the older password.

In this case you will be prompted for the right password. If you input correct password, the message will be decrypted and the above-mentioned screen will appear.

Once the screen with the message text is displayed, you can read the message and also perform some operations.

You can sort the message into groups (press „OK“ for the changes to be saved), or you can select some of the commands available in the menu. Available commands differ by the status of the message, and include the following:

Not all of the options are available at once, their availability depends on status of the message.

Sorting a message into groups

This is analogous to sorting a contact into groups.

Archived messages

If you want to protect a message against automatic deletion, you can set it as archived (by selecting Archive command). This status can be canceled again by selecting Do not archive command.

Settings

By clicking the „Settings“ item of the main menu, a submenu is displayed. It has a variable number of items, depending on version and release of the SMS 007 system.

Application password

Here you can change the application password. Enter the current password once, then twice the new password, having at least 8 characters, and press OK.

Knowledge of the current password is required as a security measure, to prevent an attacker who would get access to a phone with currently running application from changing it.

Messages

Here you can set up the automatic removal of old messages. The factory setting is: automatic removal on, maximum age of a message 1 week. This interval can be changed with use of a gauge, the possible values are 1 day, 3 days, 1 week, 14 days and a month (30 days). If you want to change the settings, choose the settings and select „OK“. If you want to discard changes, select „Back“.

Automatic deletion of messages protects your phone's memory from overload, so we do not recommend turning it off. If you want to protect a particular message from automatic deletion, set it as „Archived“ (see chapter „Messages“).

Memory

Nothing can be set up here currently. The screen only displays information about number of saved contacts, messages, and about memory space taken (in kilobytes).

If you do not use automatic message deletion, you should follow the information and delete messages by hand, if their number exceeds 50 (or 32 kilobytes, respectively) – this number must be lowered for slower devices.

Some phones (like Nokia 6230) do not implement memory operations correctly, therefore the amount of memory space taken and free is not reliable. There is no way how to circumvent this error programatically.

Application startup

This subitem is only present in „Settings“ since 1.0.5 version, and only in some editions (like the edition for Nokia Communicator). You can setup the application behaviour upon automatic start here.

If a message is received, the application will start up automatically. However, at some devices, this startup is silent, therefore the user has no way of knowing that an encrypted message has arrived. This may be advantageous at times, but bothering at other; so, in this subitem, the user can choose whether a short MID should be played upon automatic startup, and whether the phone should vibrate. Note that some devices, like Nokia 9300, do not have a built-in vibrator; therefore setting up of a vibration does not make any difference.

In SMS 007 Manager version the options under Application startup are extended with another option – play your own melody. Melodies MIDI can be played, if they are shorter than 30 kilobytes. The melodies are loaded from a directory, which is listed at the end of the list (for example, in Nokia Communicator, it is directory My Files/Tones). You can play the melodies to test them. The selected melody will then be played upon automatic startup.

Reading of the list of melodies takes some time, so please wait for a while for finishing.

About

This item, when selected, will show name of the application, name of the corporation and WWW address of the corporation.

Since release 1.0.4, the „Download Key“ is also displayed here. If the application was installed from Chariot online store, the „Download Key“ is the one that was used during installation. It is a 10-character string of numbers and small chars.

Prior to the 1.0.7 release, this item was placed in the main menu of the application.

Help

This item is present only in some variants of the SMS 007 system, and only since release 1.0.6. It can set up the running help.

There is a space (called „ticker“) on the upper edge of the screen, where short help can run (i.e.: „Input old password and then new password twice“). This running help can be very useful to a beginner.

On the other hand, advanced users may wish to turn this help off, not least because the display of the running help slows down the system. This is done on this screen. This change can be performed as often as necessary.

Local settings

This item is available only since release 1.0.7.

When phone numbers are filled into forms, SMS 007 can complete the phone numbers with international prefixes. International prefixes are required for the system to run.

The default prefix from vendor is +420 (the Czech Republic). If you live in another country, you may wish to change this prefix. You can set the desired prefix here and click „OK“; the entered prefix will be used for automatic completion from now on.

Final remarks

Phone vendor errors

Some phones have certain errors in their firmware. These errors can demonstrate themselves as faults in Java program run. For example, Nokia 7650 cannot connect by HTTP, and Nokia 6230 has problems saving data to persistent memory.

As far as we can, we have tried to circumvent those known errors to ensure correct behavior of the „SMS 007“ system. However, there may be errors and problems concerning some devices or just firmware revisions, that we do not know of.

Closing the application

It is highly recommended to close the application using „Close“ item from the main application menu. The „red button“ should serve to close the application only before login, or in case of serious trouble (like someone watching texts on your display without your consent). Closing the application by the „red button“ is violent and can damage the saved data.

Different devices have different reactions onto „violent“ close of the application (using the red button). For example, Nokia 6230 and 6230i tolerate it very well, some Siemens devices not-so-well. Anyway, at least loss of freshly received messages is probable.