Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phil Zimmermann's 'Spy-Proof' Mobile Phone In Demand

Posted by Soulskill on from the protecting-against-all-but-the-dumbest-users dept.

An anonymous reader writes "BlackPhone was designed by Phil Zimmermann (inventor of PGP). The 4.7" display phone features a 2 GHz NVIDIA Tegra 4i ARM Cortex-A9 quad-core processor with 60 GPU cores, 1GB RAM and 16GB storage [more specs]. The OS is a customized version of Android called PrivatOS which offers encrypted calls, texts and emails that can't be unscrambled even by spy agencies. It also offers built-in resistance against malicious software which will be most welcomed for users worried about free Apps that are becoming increasingly invasive, if not pure data collection spyware for unknown 3rd parties. It's coming out this June, and many Fortune 50 companies have already ordered the phone to protect against industrial espionage."

17 of 107 comments (clear)

  1. Bootloader unlockable? by mlts · · Score: 2

    I wonder if the bootloader is unlockable so one can make their own ROM for it. The ideal is the ability to type in "fastboot oem unlock", flash a ROM, then relock the bootloader. That way, if someone wants to reflash, they have to re-unlock the bootloader (triggering an erase and TRIM cycle of the /data partition.)

  2. Spy-Proof; Not Court-Proof by ObsessiveMathsFreak · · Score: 5, Insightful

    You can develop all the security technologies you like. They'll be worth precisely nothing when the NSA sends a pup of an agent with a national security letter to seize your files, equipment, and force your co-operation under penalty of imprisonment. The courts remain the ultimate root-kit.

    --
    May the Maths Be with you!
    1. Re:Spy-Proof; Not Court-Proof by Anonymous Coward · · Score: 5, Funny

      Only third-world countries with no human rights operate like that.

    2. Re:Spy-Proof; Not Court-Proof by houstonbofh · · Score: 4, Insightful

      But you will know. They will not be able to listen in without you knowing. That is a big deal.

    3. Re:Spy-Proof; Not Court-Proof by Frosty+Piss · · Score: 2

      But you will know. They will not be able to listen in without you knowing. That is a big deal.

      I though everyone assumed that they were listening? Snowden, you know? Ever heard of COINTELPRO? They have been listening for a long long time.

      --
      If you want news from today, you have to come back tomorrow.
    4. Re:Spy-Proof; Not Court-Proof by tapspace · · Score: 4, Insightful

      Someone should enshrine that in some sort of high code of law upon which all other laws will be based in some sort of new democratic society...

    5. Re:Spy-Proof; Not Court-Proof by viperidaenz · · Score: 2

      That's not the problem this device sets out to solve. Nor is it a problem any communication device can solve. If you can't trust the person on the other end after you've verified who they are, technology can't help you.

    6. Re:Spy-Proof; Not Court-Proof by L4t3r4lu5 · · Score: 2

      I always say, It it's created by humans then it can be cracked.

      Yeah, but can it be easily cracked, or cracked within the time frame that the information is still useful? If a criminal can MITM my internet banking and get all of my savings, that is A Bad Thing. In 2006 we could crack Enigma in 4 days with then-modern home PC hardware and an optimised brute force routine. That is absolutely fine; The people who benefited from its use are mostly dead, the war is over, there's no need for the security anymore. In fact, Enigma was so good that almost all of the successful cracks were based on operator error; Enigma was unbreakable at the time when operated correctly.

      Just because something can be cracked doesn't mean it's not fit for purpose.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
  3. Re:And who makes the baseband? by Desler · · Score: 2

    Nvidia through their acquisition of Icera. It's a software modem.

  4. Re:Limited market by Charliemopps · · Score: 3, Informative

    It wont work.

    I use textsecure: https://play.google.com/store/...
    and redphone: https://play.google.com/store/...

    which encrypt text and calls to other people who use it. Which includes my wife... because I installed it for her... and that's about it. My paranoid friends that might use such things wont even get a smartphone so... yea...

    anyways, both applications are pretty good. I'm with Verizon and they have a TERRIBLE messaging app that they replaced the standard android app with. It literally crashes my phone it's so bad. So I replaced it with this. The only annoying bit is having to enter your password if you reboot the phone. Textsecure even sends the texts via the internet rather than using the cellular network to save you messages if the other users got it as well.

  5. Re:Limited market by geekoid · · Score: 3, Insightful

    Of course, what is the most used pieces of informaiton gathered from a phone? location and history of location.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  6. Re:And who makes the baseband? by viperidaenz · · Score: 3, Informative

    It's not directly connected to the microphone. That's connected to an audio codec controlled by the application processor.

  7. Re:open source? by Aaden42 · · Score: 5, Interesting

    It doesn’t (necessarily) need to be, though it would be nice. If the Android-level interface to the baseband is sufficiently limited, and if all “secure mode” operations (encryption) are handled purely in Android and passed off as a ciphertext stream through the baseband, a subverted baseband would have limited ability to cause issues.

    Problems for an untrusted baseband are:
    1) If the OS will (or can be forced to) accept any type of control from the baseband (rather than exclusively the other way around), the baseband can take over the “secure” OS.
    2) The baseband can leak private information passed through it to a third party.

    Note that as a special case of #1, audio stream communication between baseband and OS is often implemented as some variety DMA or shared memory. Care would be required to ensure the baseband was incapable of reading or writing any portion of system memory other than what was explicitly setup by the OS for DMA. A hardware MMU or even physically separate DRAM circuitry could ensure this.

    So long as the baseband has no avenue for exerting control over the OS, the OS can’t be tainted by a subverted baseband. If all information passed through the baseband in indistinguishable from entropy, the baseband funneling it off somewhere else has limited value absent some other attack on the crypto (including $5 wrench).

    The last remaining attacks would be location leaks (which can be carried out against even an untainted baseband with CellCo assistance anyway) and the possibility of injecting forged traffic that might trick the user into doing something insecure. Well-designed UI should ensure that cryptographically authenticated communications are always distinguishable from untrusted.

    Not saying having a fully open baseband wouldn’t be a really nice thing, but there are well established and sufficiently secure ways for sandboxing an untrusted baseband within an otherwise secure design.

  8. Re:open source? by currently_awake · · Score: 2

    What would be nice is if ALL external communications was on a separate processor. That way a security breach in your OS won't let the NSA intercept your data, and a security breach in your baseband won't let an attacker access your data/camera/microphone. The biggest issue is key handling/exchange. For you to talk with another phone you must share a key. How exactly do they manage that?

  9. Re:open source? by ameline · · Score: 2

    I think any designer of a "secure" phone needs to assume that the baseband is running hostile software.

    If the baseband has write access to application cpu ram, you're screwed.

    There needs to be uncompromised hardware enforced protection to ensure the baseband cannot write to application ram or to the flash memory of the application processor. I'd be very suspicious of DMA capabilities under control of the baseband unit.

    I'm not saying it's impossible to make a secure phone, but you as a creator of such should assume that every byte of code not under your control is out to get you. (including closed source graphics drivers).

    I'd also be nervous of the toolchain/compiler. That classic Thompson compiler attack (http://cm.bell-labs.com/who/ken/trust.html) is a worry.

    --
    Ian Ameline
  10. Re:open source? by Immerman · · Score: 3, Insightful

    >For you to talk with another phone you must share a key. How exactly do they manage that?

    Well if they both offer a rear-facing camera for video chat you could point the screens at each other for a moderately high bandwidth QR code based video stream. A few dozen bytes a frame (Version 3 QR code = 50 characters@5.5bits), times maybe 10 frames per second should be crude enough and slow enough to provide reliable data link, and it would be fast enough to communicate a 2048-bit key in under a second (2.75kbps)

    --
    --- Most topics have many sides worth arguing, allow me to take one opposite you.
  11. Re:open source? by Immerman · · Score: 2

    Indeed. Perhaps it could be designed so that the baseband communicates with all the normal DMA tricks to a minimalist flipphone-grade CPU+ram, which is then internally networked to a separate, trustworthy CPU/RAM/Flash - essentially making for two phones in one. As an added bonus standby power consumption could be potentially much lower - the second computer could be powered down completely except when manually activated or woken by the power-sipping flip-phone core.

    --
    --- Most topics have many sides worth arguing, allow me to take one opposite you.