Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ars Takes an Early Look At the Privacy-Centric Blackphone

Posted by timothy on from the all-voice-calls-should-be-encrypted dept.

Ars Technica has spent some time with pre-production (but very nearly final) samples of the Blackphone, from Geeksphone and Silent Circle. They give it generally high marks; the hardware is mostly solid but not cutting edge, but the software it comes with distinguishes it from run-of-the-mill Android phones. Though it's based on Android, the PrivOS system in these phone offers fine grained permissions, and other software included with the phone makes it more secure both if someone has physical access to the phone (by encrypting files, among other things) and if communications between this phone and another are being eavesdropped on. A small taste: At first start up, Blackphone’s configuration wizard walks through getting the phone configured and secured. After picking a language and setting a password or PIN to unlock the phone itself, the wizard presents the option of encrypting the phone’s stored data with another password. If you decline to encrypt the phone’s mini-SD storage during setup, you’ll get the opportunity later (and in the release candidate version of the PrivOS we used, the phone continued to remind me about that opportunity each time I logged into it until I did). PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks.

21 of 67 comments (clear)

  1. Apps which require location? by by+(1706743) · · Score: 4, Interesting

    Obviously, if you're concerned about privacy, you should avoid apps which require location, etc., information. However, it would be neat if you could get PrivOS to spoof things like location (and possibly calls, contact lists, etc.).

    Location information could still be very useful for apps that need it, if you have a sane spoofing policy (either manual or automatic). If you, say, travel to another city for a week, you could have the OS spoof a single location in that city for the duration of the trip. The privacy implications of, "Bob is in San Francisco" are somewhat different than, "Bob is at 14th and Valencia."

    Of course, I didn't RTFA, so I have no idea if something like this is implemented/in the works/impossible...

    1. Re:Apps which require location? by Anonymous Coward · · Score: 3, Insightful

      But you give away your location by just connecting to a base station? (if anyone has solutions to this, please share!)

      Most countries track the location of your cell phone (mandated by law), and then shares the information gathered with intelligence agencies.

    2. Re:Apps which require location? by EmperorArthur · · Score: 2

      Take a look at Xprivacy. If you have a rooted android phone you can do that and more today. I think Cyanogenmod also has some sort of permission control built in now. Even Iphone's have basic permissions. The only thing that doesn't is stock Android and Windows.

      Google knows there's a market for it, but they're worried about ad revenue or apps breaking because it would be "too much of a burden" on developers to make sure there apps behave when permissions are denied.

      --
      So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
    3. Re:Apps which require location? by AHuxley · · Score: 2

      Re AC and "Most countries track the location of your cell phone (mandated by law), and then shares the information gathered with intelligence agencies."
      Thats the problem. At some hardware and software level all your text entry is fair game to the telco that allows you to connect to their gov granted network.
      You can run all the apps you want but your still walking around with a beacon that has a mic and other neat features to offer any interested city/state/federal/mil/.com

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:Apps which require location? by Travis+Mansbridge · · Score: 5, Informative

      The FBI has been able to listen to any cell phone mic, even when off (as long as it has battery power) for quite some time now.

    5. Re:Apps which require location? by qbast · · Score: 5, Interesting

      From Silent Circle homepage: "Silent Circle is a global encrypted communications service headquartered in Washington, DC [...] " . This is good enough to suspect that phone is backdoored (even assuming that Silent Circle is not simply NSA honeypot). Nice touch about putting blackphone homepage in .ch domain, it may actually fool somebody.

    6. Re:Apps which require location? by Anonymous Coward · · Score: 4, Informative

      The mic is not the main concern. Where I live, it is mandated by law that you have to show national ID card when you purchase any phone, and have the phone no and IMEI numbers associated with you.

      Meaning they are automatically tracking everybody, and indeed the police cameras routinely use cell phone location information (among others) to narrow down the face recognition hits. (Yes, this system exists and is publicly announced).

      It is harder to listen in to the mic on everyone all the time.

    7. Re:Apps which require location? by StripedCow · · Score: 3, Funny

      You just discovered an additional benefit of this method.

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    8. Re:Apps which require location? by Wootery · · Score: 3, Insightful

      Yes. I know. Let's try that again: so you're just assuming the existence of backdoors in the Blackphone specifically which make the mic accessible to *.gov?

      Unless I missed something, we don't know for sure one way or the other whether the techniques the FBI have used to do that to other phones, will work on the Blackphone.

    9. Re:Apps which require location? by fustakrakich · · Score: 2

      You need to assume the worse. Chances are that it will be true. There needs to be a way to verify how the hardware operates, or you just have to trust the manufacturer. Personally, I wouldn't.

      --
      “He’s not deformed, he’s just drunk!”
    10. Re:Apps which require location? by disposable60 · · Score: 3, Informative

      2 towers are enough.
      With the right software, 2 antennae on one tower are enough.

      --
      You're looking for quotes? See my journal.
    11. Re:Apps which require location? by Wootery · · Score: 3, Insightful

      There needs to be a way to verify how the hardware operates, or you just have to trust the manufacturer. Personally, I wouldn't.

      Agree. If Blackphone don't go down the hardware-checking road, that rather weakens their case. It'll take more than this. (I don't know what they mean by 'make', or even if they're correct in the first place.)

      A simple solution would be to have a physical mic/camera-disconnect switch...

  2. I say XPrivacy by johanw · · Score: 5, Informative

    "PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to"

    Those of us with a normal but rooted Android can do these things already with XPrivacy, an XPosed module. Fine grained control per system call, also for system apps (yes, that includes keeping pre-installed Facebook out of my address book and gps data). And I can choose to simply refuse, or tell it the address book is empty and I'm on the south pole.

    1. Re:I say XPrivacy by Gaygirlie · · Score: 2

      I didn't know of XPrivacy, I'd like to thank you heartily for mentioning it here! I'm not the kind of person who just installs everything that I come across on my phone and, actually, I only have a small selection of apps installed at all times, but still, should I need something I don't quite trust I would definitely like something like this between my data and the app.

  3. Gimme a keyboard by ptaff · · Score: 3, Interesting

    All fine, but can they (or someone else) release such a device with a keyboard? the point'n'grunt interface just gets so annoying for serious stuff (ssh with a soft keyboard, you're kidding me, where's the other half of my screen?). I mean this phone is not aiming for the 8-year old brat crowd, unlike most of what's on the market today.

    1. Re: Gimme a keyboard by AvitarX · · Score: 2

      I use it fairly regularly.

      With hackers keyboard.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    2. Re:Gimme a keyboard by Anonymous Coward · · Score: 2, Insightful

      Yes, let me buy a security-minded phone then get data into it over bluetooth.

      A secure phone MUST have a physical keyboard.

    3. Re:Gimme a keyboard by WaffleMonster · · Score: 2

      Gimme a break. Cell phone makers target most of the market, which ranges from 8 year old brats to serious business users. And now that we have decent touch screens, many people seem to prefer those over physical keyboards that take up a lot of space

      You know what takes up a lot more space? On-screen keyboards.

  4. Power and Performance by lancejjj · · Score: 4, Interesting

    Blackphone is MY only way to go.

    after all, how can I trust anything on any other device? The manufacturers and Google are very much interested in keeping a major part of their official ecosystems CLOSED SOURCE.

    I am putting the keys to my kingdom on them: on-line banking, SSH, VPN, and all sorts of other stuff is accessed by my phone. Just a tiny bit of mystery code could be slurping up all these credentials and key data and storing it on the device... only to transmit it later via covert means (DNS requests or whatever). How do I know this is NOT happening? I don't. I need to have faith in the multitude of vendors and app authors. Vendors that I have no reason to trust.

    Two factor authentication? HA! The second factor is ALSO on my phone. Sorry to say, that's ZERO FACTOR if someone already has code running as root on the device.

  5. While I appreciate what Silent Circle is doing... by mitcheli · · Score: 5, Insightful

    I have to seriously hope that the phone is more than just encryption and access control. What types of intrusion detection does the phone have? What types of behavioral analysis to determine unknown exploit vectors does the phone have? Does the phone have decentralized communication methods? One idea I have pondered but seriously don't have the time to get engaged in is to try an SVOIP concept using peer to peer wifi connections, a mesh network of sorts. If the communications are decentralized and segregated from infrastructure, then you can bypass many of the eavesdropping techniques. If you have some form of behavioral analysis, then you can start to identify techniques to exploit the phone at the operational level. Encryption goes a long way to help, and software based access control at the OS level (assuming it's secure and not hackable) is also a good start. But maleware is getting far more customized and attacks on the platform are getting much tougher to detect on a pattern based methodology.

    --
    Select from tblFriends where interesting >= 4;
  6. What is this supposed to accomplish? by silfen · · Score: 2

    If you want to build good security, you need to know what threats you are trying to protect against: NSA spying? Thieves stealing your financial information? European spying? Chinese industrial espionage? Jealous wife? Corrupt prosecutor? MPAA fishing expeditions? Depending on the threat, the security solutions look rather different. Which of these use cases is the phone actually suitable for?

    And there are plenty of open questions about the security this phone claims to provide. How do we know we can trust the employees of the companies involved? Which jurisdictions apply to the phone, the software, and the services? Who can push updates? Which parts of the software did they audit and how and who? Did they close off any attacks against the baseband processor or is that still wide open?

    I think if you want a secure mobile setup, you're far better off going with something simpler: get a dumb phone, a mobile hotspot, and a Linux laptop; run VPN and VoIP from the laptop. You're going to get better security and a much more transparent system than Blackphone.