Wednesday, January 15, 2014

Blackphone

What if you could get an NSA proof smartphone?

Look I know you think you already have one... but you don't.  Not even Blackberry.  That's not to say that Blackberry is an easy target... but the NSA has broken through on occasion.  When they want to... they get it done.

Well... now it seems the stakes have been raised.

Blackphone claims to be NSA proof.  They claim from the ground up... to the silicon level the hardware is secure.  The details are sketchy on just how its secured... other than we know it uses a VPN.

I don't know about  you but I will be buying one as soon as its available if the security is even close to what they claim.

If you know anything about this product and what the security features actually are I bet a lot of folks would love to hear more.

11 comments:

Res Ipsa said...

The best part is the data that we will be "hiding" is still going to be: "can you take Johnny to football", "please pick up an extra gallon of milk on your way home" and "hey man let's meet at the tavern for a beer and the game". The government always makes things harder than they have to for them selves. They wouldn't need to listen to everyone's phone calls if they would just say to Muslims "sorry you aren't welcome here" and turn them away at the border.

Nate said...

racis.

Flannel Avenger said...

A good idea, but I would imaging that this thing runs this security through a common server. I would prefer to run my own before considering it "secure"

Res Ipsa said...

racis.

Not true. I don't care what color the skin is, I think we need to stop letting them in the country and kick out the ones we have. There are a number of people that need to be removed from the USA, it has noting to do with the color of their skin and everything to do with the content of their character. I don't think we need to unduly harm them, just deport them.

Nate said...

I know its not true. it was sarcasm.

cheddarman said...

MOAR ATF!!!

Are you on this friday, Nate?

Nate said...

yeah we're on Cheds

WaterBoy said...

Nate: "If you know anything about this product and what the security features actually are I bet a lot of folks would love to hear more. "

Not a lot of actual details on either their website or articles about them from other sources. However, they have said that the Android-based OS, PrivatOS, would be open source, as well as related app source code.

With the Blackphone, it looks to me like they are just adding secure hardware and the PrivatOS to their existing software products, Silent Text and Silent Phone. In fact, they already have that stuff posted on GitHub: Silent Text, a secure IM app and Silent Phone, a secure video and voice phone app. Both apps require a subscription with Silent Circle to ride on their Silent Network -- probably the VPN previously mentioned. And even though the Blackphone is supposed to work on any GSM network, it's still probably going to require an additional fee to Silent Circle for the VPN access.

This automatically brings a few potential vulnerabilities to mind:
- Open source means the NSA can also search it, looking for potential exploits
- The possibility of VPN spoofing
- The SCIMP protocol uses 128-bit encryption; I didn't dig far enough to find out about the phone app, though it's probably the same. And even though the company doesn't hold the keys (encryption is done peer-to-peer), it's likely that such level of encryption will eventually become easily broken by the NSA. Of course, SC can then just up the encryption level, but they would first have to know (or suspect) that their current scheme had been broken. In data security, nothing is worse than believing that your system is secure when it actually isn't.

No doubt their engineers have already considered such things and have taken steps to eliminate or mitigate the risks. But they're only human, and are also capable of making mistakes.

I look forward to the unveiling next month.

Outlaw X said...

Ya'll got to watch this.
California reporter comes to Texas.

http://www.youtube.com/embed/4CDFxeB7Y-s

WaterBoy said...

Oh, another vulnerability to consider: be careful what other apps you subsequently download and install on your secure phone -- it's conceivable that the NSA could embed trojan horses inside their own developed "normal" free apps, especially since it's open source and Android-based.

Caveat emptor.

WaterBoy said...

Nate: "I will be buying one as soon as its available"

Keep in mind that the secure comm features will only work between like phones...meaning it will work between you and Dr. Who (if you buy her one, too), but not between you and JACIII (if his is a normal phone).

Until it becomes ubiquitous, your communications will be just as vulnerable as what you have now. And by then, the price is likely to have come down, too. It's the early adopters who typically pay the most for new technology...which doesn't make much sense in this case, due to the limited functionality in the beginning.