Phil Zimmerman Launching Secure "Blackphone"

judgecorp writes "Famed cryptography activist Phil Zimmerman is set to launch Blackphone, a privacy-oriented phone which allows secure calls and messages. The phone is a joint venture between Zimmerman's Silent Circle communications provider and Geeksphone, the creator of the first Firefox phone, and will run PrivatOS, a secure version of Android. Zimmerman says the venture will be taking orders for the devices from February 24, after it is unveiled at Mobile World Congress in Barcelona."

Wow, what a man!

First he blows away that obnoxious black kid, now he's going to blow us away with a black phone!

Switzerland

An interesting choice. I guess it is only logical, since Zimmerman had to shut down his encrypted e-mail service SilentCircle in the US. I hope that more businesses will move their operations outside the US, it seems to be the only language the United States government understands.

Almost. there.

[leuk_he]

Hardware feature I would like to see:
-LED on when camera is taking pictures/recording.
-LED on when microphone is recording.
-Looking like a normal phone, If it screams PRIVACY phone, one might think ik have somthing to hide.

Software features:
-Restrict apps to a sandbox without telling them that. (feed apps fake data instead)
-Some kind of firewall/virtualiszation between apps i use at home and work and real private part.
-Secure boot. rootkit prevention. Including option by bypass the secure boot for open source mods.

Marketing features i would like to see:
-Real use cases. (like work/home phone virtualisation.)
-privacy is always a tradeoff. being online means giving away some of your data. what trade offs are made?
-Access to some more technical details HOW the pricay part is implemented and what has not been implemented.
-Respected names from the pricacy industy who did have to do something in the design/implementation phase. trust is important.

and ... open source... so useful parts can be reviewed and ported to populars android mods.

Re:Almost. there.

[mrchaotica]

You forgot the most important feature:

The main SoC controls the baseband processor (and can firewall the rest of the system off from it), not the other way around. Or better yet, the baseband is Open Source.

Re:Almost. there.

[oodaloop]

The LED is on the right track, but if someone can hack your phone to turn the camera on, they can also turn the LED off. How about a physical shutter over the camera? I'd like a neon orange small plastic shutter to close over the cameras on my phone. I'd be able to quickly check that they're still on and not worry about someone hacking my phone.

Re:Almost. there.

[necro81]

if someone can hack your phone to turn the camera on, they can also turn the LED off

This is not necessarily true if you design this feature into the board. For instance, you can have the LED hard-wired to the camera's power supply - anytime the camera has power, the LED will be on. When the firmware wants to save power by turning the camera off, it must well and truly be off (i.e., no power applied), and not just a sleep mode.

Alternately, depending on the communications bus between the camera chip and the SoC, you can have an LED tied to one of the communications lines through some sort of buffer circuit - chip select, camera Tx, etc.

One would think that this was the way it was always done - some unambiguous way to know when the camera is active that was baked in at the board level - but apparently not.

Re:Almost. there.

[melikamp]

and ... open source... so useful parts can be reviewed and ported to populars android mods

This is not the main reason why it should be open source, nor is "open source" enough, unless we are using a definition compatible with the free software definition. In fact, both hardware and software should be free, documented, and open in order to justify the basic security and privacy claims the manufacturer is making.

As for "open source", the freedom to distribute modified copies (which is not clearly implied) is paramount to anything aspiring to be secure. If a bug is discovered, and a patch is available, the software will remain insecure if the authorized distributor refuses to apply the patch. Free software does not have this problem.

As for the order of your list, all the things you named are very useful indeed, but they are not worth crap unless the entire thing is free software, and the hardware is open and certified by third parties without special interests. One binary blob makes all security and privacy claims a lie, plain and simple. Not an honest mistake, not a misunderstanding: these people surely understand security, so when they start selling "secure" binary blobs, they will be lying through their teeth.

The providers are a bigger problem than the phone.

[therealkevinkretz]

Even if the phone is as secure as claimed, one of the biggest violations of privacy is the collection of location data. And no security feature on the device will prevent Verizon/AT&T/etc from knowing what tower it has contacted, or providing that to any agency it wishes to.

Re:Is he also launching a new carrier and network?

[gmuslera]

There are levels of communications that can be secured even with an hostile/insecure carrier. It can know where are you, but maybe not what you are sending and to who, (at least as pure data stream, if not as plain phone calls). Anyway, regarding hostile carriers or not, it should be safe against hostile/insecure sim cards too.

Useless, or doomed to fail.

[Shadows]

I posted these same thoughts last time I saw a "secure" phone on slashdot. Apparently it was long enough ago that it's no longer in my post history?

Regardless, there are two options I am aware of: 1) end to end encryption or 2) insecure messages/communication

The problem with #1 is that it requires secure devices on BOTH ENDS of the communication. You get very little bonus security if your device is secure, but the text messages, emails, phone calles etc. go unencrypted over the wire. That's fine, but now I have to persuade my parents and all my friends to get THIS exact phone, understand how it works well enough to set it up, and actually use those features.

I have a lot of respect for Zimmerman, but I'm extremely skeptical.

Re:Open Source?

[FriendlyLurker]

If it is not Open Source then we can pretty much can forget about this. Limiting the product to a very small set of customers Vs the wider android market means that just by using this product you would be advertising yourself as a target for investigation. To be truly secure the majority need to be using encryption, not just a small subset of paying customers.

Maybe not going after the right target

[CanadianMacFan]

While I'm all for privacy and the government sticking it's nose out of my business I don't see how this phone really addresses the problem of privacy. The huge problem lately has been the governments sweeping up the meta data. So while your message may go through the system encrypted with this phone it's still going to leave a plain trail for everyone to see.

And placing the servers in Switzerland doesn't fill me with confidence for keeping the data safe either. They certainly caved pretty easily recently when it came to banking information so how fast is the government going to fold when the US wants the information to find terrorists and child molesters instead of tax cheats.

Re:Maybe not going after the right target

[TubeSteak]

They certainly caved pretty easily recently when it came to banking information

They only caved when it was shown that Swiss bankers were actively helping their clients to avoid taxes and break (inter)national laws.

But more interestingly, the nature of their caving varies from country to country.
The banks agreed to remit taxes for UK-based account holders, but without disclosing the account holder's identity.

I'd trust it, just one kink,you don't get just one

[Trax3001BBS]

If Phil Zimmerman were involved in it I'd trust the security of the phone, it's just you don't just purchase one, but for everybody you call as well. One ain't going to do you any good.

That's not the use case!

[Medievalist]

You're misunderstanding the purpose of the technology, I think.

The government can use MIB on the rooftops with parabolics, this phone doesn't and can't protect you from their minions.

"Evil people" avoid detection by using disposable phones and in-group jargon to avoid detection - they simply don't need or want this technology. They already buy cheaper, low profile generic phones with cash and just throw them away if they get known.

But this technology prevents the Sun from printing your conversation with the sexy nanny on page one. It prevents your neighbor from listening to your calls to your bookie on his scanner or baby monitor, too. Get it now? It's a big market segment... people who want a little privacy from nosy neighbors and service providers.

Need a deadman's switch

[Quila]

They have to have an indicator somewhere saying they have not allowed any government access. Since it's their phones, maybe broadcast the fact of no-contact every day to all phones, and have the phones alert when they haven't received the notice.

Also, may want to to hash the binaries at their web site and make it available as a web service, and have a program to hash binaries for that version on the phone and check online. Make it SSL with certificates to avoid spoofing. This way, people can know if their individual phones may have been compromised.

Re:The providers are a bigger problem than the pho

[greenbird]

http://www.oneluckyelephant.com

Layer one and two are the problem. Tor helps with layer 3 and 4. Your cell phone radio (layer one) has to give identifying information to the cell tower so the cell tower can authenticate it and link it to the network (layer 2). This is done continuously while the cell radio in the phone is on through the command channel. It's constantly checking in with all the cell towers within range so it can be determined which cell is the best for data connections and handing off to the optimal tower. So regardless of if and/or what your doing data wise they can triangulate based on the cell towers your phone is talking to and get a reasonable close location. Text messages also go through the command channel rather than a data channel explaining why you can often send a text message even when you can't get a call through.

Re:How Can They Guarantee Privacy?

[aissixtir]

How can they not when they can get so many clients with a nice name (blackphone) and privacy promises (after the latest NSA leaks). The thing is, even if this project is not as privacy-oriented as they try to make it seem, the market is developing towards more privacy and that is good.

Re:Open Source?

[Lumpy]

"Privacy is dead for the uneducated, deal with it."

FTFY... Privacy is very possible if you have the education and IQ to do it.

I can set up a 100% private voice call to a friend right now that the Feds would have serious trouble cracking. If my pal and I took extra steps, they would not even know we were talking right under their noses. It's not hard to do, just tedious and requires education.

Re:I'd trust it, just one kink,you don't get just

[Trax3001BBS]

Sound security isn't based on trusting a name. Show us the source if you expect to be trusted. I don't understand how Zimmerman still doesn't get that.

Phil Zimmerman fought back as best he could, coming out with updates to PGP, as they kept charging him with something for years until one day they dropped all charges. Now MIT where you downloaded PGP from, I don't. I've still got PGP 2.6.2 g which was released years before MIT sold out to NSA.

If you have to trust someone for me it would be Phil Zimmerman, just as I do (cough) Google.

There may be a flaw in my thinking :} but it's that or just quit the Internet, using a phone, or filling out forms.

The backdoors mentioned is old news and due to MIT. Now I don't trust cloud storage ( “Swiss cloud”).