Slashdot Mirror
Inside Boeing's New Self-Destructing Smartphone
mpicpp writes "It looks thicker than most of the phones you see at Best Buy, but Boeing's first smartphone isn't meant to be used by the average person. The company that's known for its airplanes is joining the smartphone game with the Boeing Black, targeted at people that work in the security and defense industry. One of its security features is self-destructing if it gets into the wrong hands, although not quite in the Mission Impossible sense. According to the company's letter to the FCC, the phone will have screws with a tamper-proof coating, revealing if a person has tried to disassemble it. 'Any attempt to disassemble the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,' writes Bruce Olcott, an attorney for Boeing."
Oh, and you generally don't do a tamper 'proof' coating on screws, you do a 'tamper-evident' coating.
Want your own tamper evident coating? Buy a bottle of the cheapest, cheesiest glitter nail polish you can find. Coat the screws with a layer. Take a high resolution picture of each screw. Suspect tampering? compare the current coating with the picture.
As for deleting the data off the device, I'd probably simply encrypt everything on the device, with the key stored in a specific chip designed to dump said key if anything triggers it. No Key = No Data.
I don't read AC A human right
Probably. But if you try installing a custom firmware, it will literally explode.
I can see a lot of carriers warming to this idea.
Will it run Slashdot Beta?
The self-destruction mechanism uses Slashdot Beta code to perform the operation.
"screws with a tamper-proof coating, revealing if a person has tried to disassemble it"
I'm pretty sure I would notice if someone took a dremel to my phone.
How would it go if it were chilled right down, liquid nitrogen or colder so the electronics stopped working and then disassembled. (I don't know if it's possible, just kicking the idea around.)
I see they're using the same battery technology they used in the Dreamliner then.
A hundred and twenty characters ought to be enough for anyone...
When I worked in the ATM industry we already had that feature built into the keypad (EPP). If you tried to extract the keys any number of ways (freeze spray, remove back cover, cut front cover, etc.) it would dump the memory and leave the attacker with nothing. All you have to do is contact one of the companies that built those EPP's and they can guide you into a LOW COST hardware method of dumping everything. You don't need to go with a fancy "custom coating" that might fail or have alternative issues. I would not buy this phone as it is over-priced, and I can do the same thing with a common android smartphone and a little software and hardware tweaking. Epoxy is your friend for keeping people out of things they don't need to see, as is encryption with delete upon failure to decrypt. What a joke, but they will sell a bunch of them to Gov. and "special" people.
will it blend?
"screws with a tamper-proof coating, revealing if a person has tried to disassemble it"
I'm pretty sure I would notice if someone took a dremel to my phone.
No you wouldn't. You'd just know your phone was gone. And you'd believe that at least your data was safe, because the self-destruct would have been triggered when the thief removed the screws. Except it wasn't.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
But it can damn sure run as soon as it notices rapidly dropping temps.
Dropping it in something really cold doesn't make it instantly cold, it'll take some time (even if that time isn't very long) and thats long enough to nuke itself if need be.
Its not like they're going to trigger self destruct based on a case screw or two being removed.
Unless its a joke, they would have multiple safe guards in place to destroy the device if need be. Rapidly failing temp that is well below human standards? Kill! Any one of multiple case pressure springs goes offline? Kill! For every way you can find to open it, I can add a way to stop you, and I'm not doing this for a living every day.
The question is, can they figure out a combination that you can't figure out how to work around.
And for reference to all the armchair spooks on slashdot ... if you were so good that they actually worried about YOU getting into this device, you wouldn't be talking about it on slashdot or we'd already know your name. (/me looks for Bruce, just in case) As I have to say here so often ... you aren't half as clever as you think you are.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
And if it actually does what Boeing claims, you aren't going to find any articles telling you how it works; that, in and of itself is part of its security.
In the real world, people take advantage of security through obscurity. That doesn't mean they rely on it, but theres nothing wrong with throwing something in front of the attacker to slow them down even if its only temporary as long as thats not your only attempt at security.
Nothing is secure given enough time.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
The biggest issue with this phone is not weather it can be tampered with without the owners knowledge, but that anyone that has one of these phones will be instantly noticeable as a high value target. The only people that this device makes sense for are public figures, senators, congressmen, CEO's of large defense contractors, ... Everyone else will be better protected by following simple security precautions and not carrying around a large flag that says I'm worth the effort.
Knowledge = Power
P= W/t
t=Money
Money = Work/Knowledge so the less you know the more you make
I really doubt it is actually meant to blow itself up though.
If they used the right kind of battery it could ;-)
The simplest way to self-destruct data on the device is to simply encrypt it using a large key stored in CMOS embedded in the SoC's hardware crypto-engine and clear it (either with an actual reset signal or simply killing power) if tampering is detected to instantaneously render all stored data useless. The next time the boot-loader runs if the device is ever powered up again before being restored to factory specs, it can generate a new encryption key and start erasing storage to make the data completely unrecoverable.
I would not be too surprised if they only implemented the device encryption part of this with managed encryption keys so devices can be decrypted if ever recovered.
FIPS-140 (and 140-2) address exactly this. http://en.wikipedia.org/wiki/F...
At FIPS-140 Level 4, the crypto keys are stored on a unit that actively monitors for attack by environmental, electromagnetic, and physical methods.The physical is usually handled by a mesh of gridwires over the die.
The problem, of course, is Boeing is in bed with the government for Billions (Trillions) of dollars worth of military hardware, so don't think they'd sell you an Android phone before having a friendly chat with their friends at [A-Z]{3}.
Or $629 if you bothered to read...
Yeah, because obviously they'd design a secure, self-destructing phone to be trivially abusable over USB. I bet it even has autorun enabled by default.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
That would not necessarily work: it would definitely fry the IO front-end but most of the NVRAM matrix would likely remain intact and recoverable by stripping the top encapsulation and top metal layers then scanning the NVRAM cells with a magnetic force microscope.
Also, if the devices self-destructs through high voltage, someone who has already dissected one of these phones before would know where the high-voltage components are, how they operate, how they are triggered and would likely be able to come up with a way to prevent the high voltage pulse from reaching the NVRAM chips such as using a pneumatic framing nailer to destroy/short the high voltage circuitry faster than it can be triggered by tamper sensors.
So, even with physical destruction built-in, you would still need strong device-level encryption as a fail-safe.
The most beautiful thing about having a decryption key embedded in a secure microcontroller managing tamper-proofing sensors (which is itself embedded in the SoC running the rest of the device's functions) is that disabling tamper-proofing is impossible to do without disabling the secure micro-controller and disabling it either physically or by cutting power kills the decryption key just like tripping tamper-proofing sensors would.