COMSec, The App That Spanish Ministers Use On Their Mobile To Encrypt Calls And Messages

What application do Spanish ministers communicate with? Are you sending a WhatsApp? Do you use Telegram? Do you opt for Signal? Are they called by phone as we do other users? The truth is that, although the three applications mentioned above are quite well known in the technological world, in the case of political communications they are not used. In the mobile of the Spanish ministers, the default communications app is COMSec, and it is not from Facebook or Pavel Durov, but from the Indra company.

COMSec, as you can imagine, is a communications app that encrypts messages and calls (both voice and video) from end to end. It is one of the technological products certified by the National Cryptological Center, compatible with Android, iOS and Windows Phone, and protagonist of this text, in which we will know it better.

A virtual operator as an intermediary and end-to-end encryption


    Scheme of the operation of the COMSec system.

As Indra explains in its product catalog, COMSec uses end-to-end encryption, the Elliptic-curve Diffie-Hellman (ECDHE) protocol, AES256 (the same as WhatsApp) and a different random key for each call and session. That means that, basically, communications are encrypted at all times, but the calls are not made like normal calls, but another system is used.

The COMSec architecture is based on an IMS server (understand it as a virtual operator) and an app that really is a client. When a minister makes a call, only IP packets with "proprietary and encrypted protocols" are transmitted, which make "call tracking" almost impossible. That is, the management of the call is carried out by the IMS, not the mobile operator, which simply provides the network connection, because it really is a VoIP call.

Needless to say, conventional calls can also be made. Indra explains it this way: "With the Corporate Unified Telephony Server, the calls will be secure from the COMSec to the PBX (Private Branch Exchange) of the organization, and this without encryption to the destination, regardless of whether it is a GSM phone or a landline. "

Given the design of the app, it is possible to make calls and send messages from anywhere in the world where there is a data connection. It works in 2G, 3G, 4G, 5G and WiFi, in narrowband networks such as GPRS or Edge and is compatible with satellite networks such as Iridium or Inmarsat. They claim from the company that the establishment of calls is less than the second, "being even more agile than a conventional voice call."

Regarding the storage of messages and calls, India explains that the encrypted voice data is never stored and that the messages are stored encrypted on a server until they are delivered to the recipient, when they are deleted from it. The app is compatible with MDM or EDM (both equipment management systems) and it is not necessary to purchase a new mobile. The user, or in this case, the minister, can install COMSec in his terminal.

Indra interface and options.

Indra arrived at the government on January 18, 2019 after winning the tender. The contract was awarded on November 29, 2017 and the total amount was 14,994 euros. Beyond security, which is its main added value, the software has the functions that can be expected from a messaging app, such as group chats, etc. The difference is that the protocols are a bit more strict.

The National Cryptological Center published in October 2019 the "Safe employment procedure of COMSec" and in its item "5: Emergency procedure" the guidelines to be followed in case "the safeguarding of the COMSec system devices and the associated COMSec material (…) are the responsibility of the holder thereof and of the system manager ". The protocol to follow is as follows:

"When the user of a COMSec application has a reasonable suspicion that his mobile device has been compromised or manipulated, he must:
  Notify the System Administrator for instructions.
  Do not use the system again until authorized by your Administrator after making the appropriate checks.
  The System Administrator may decide to include as an protocol the realization of an emergency deletion as soon as possible, to do so, it would be necessary to go to the Settings, Logout section. Next, the terminal application will be uninstalled.
  In most cases, the recommended protocol will be to return the device to the Administrator or perform a factory reset of the mobile terminal, usually from Settings, Backup, Factory data reset (Android versions 6 and 7), or in Settings, System, Recovery options, Clear all data (Android 8 versions).
  If the device cannot be reset, the SecureFiles folder in the root folder of the device's internal storage must be deleted using a file explorer on the device itself. "

The possible problems of the IMS server are also contemplated, which, as we have said before, is responsible for managing the call:

"If the IMS server must be abandoned, both permanently and for a period of time in which its physical or logical security cannot be guaranteed, the emergency erase procedure must be applied on each of the machines on the server, by the execution of the IMSZeroing.bat scripts that have been prepared at the time of system installation.
  Backup copies of the IMS server must be made periodically for recovery against possible loss or damage of data, which will be guarded according to the applicable regulations. The period to make these copies will be defined by the person in charge of the system. "

What if they steal the phone? Beyond losing the device and the content stored in it, say photos, WhatsApp conversations, etc., the COMSec app starts with credentials that are supplied by the IMS server administrator. The thief could access the contents of the terminal if it is not protected by a fingerprint, a PIN or a password, but not COMSec.

Precisely because of this, the CNI guide states that "the user password must be known only to the user and must also be difficult to predict." It also states "the length of the user password must be at least 12 alphanumeric characters and must contain upper and lower case letters, numbers and symbols". Of course, remember that "the password policy does not allow predictable sequences, such as 1234 … or abcd …". In case of forgetting the password, the administrator can generate an OTP (One Time Password) to access again.