BlackPhone, In Wake of Gemalto Fallout, Receives $50 Million In Funding

An anonymous reader writes The BlackPhone, a $600-plus encrypted Android handset designed to keep the prying eyes of criminals and the government out of mobile communications, is now fully owned by Silent Circle thanks to the company raking in investment cash. Terms of the buyout deal with Spanish smartphone maker Geeksphone, the phone's hardware manufacturer, were not disclosed. Silent Circle said Thursday that it has raised $50 million and plans on showing off an encrypted 'enterprise privacy ecosystem' at World Mobile Congress next week. A BlackPhone tablet is on the way, too.

NSA involvement ?

[Alain+Williams]

I have to ask: is there secret NSA involvement in this ? An inside man who will put a couple of back-doors in the 'phone.

I have absolutely no knowledge that this is the case, but the NSA certainly has the resources & motivation to do so. It seems to have done this sort of thing in the past.

Re: NSA involvement ?

Considering who owns Silent Circle and his history with the NSA I highly doubt that there is any NSA collaboration or back door.

Re:NSA involvement ?

[chihowa]

Silent Circle was partially founded by Philip Zimmermann, so that's supposed to lend some credibility to the operation. The company, and PZ in general, still operate on the premise that trust in them should be enough for anybody, so the operation will be opaque and the source closed.

I really respect a lot of what Zimmermann has done, but we're finding out more and more that our trust in institutions was ill placed. I don't think his model works in our current world. Finding out in twenty years that Silent Circle was an NSA front wouldn't really surprise me that much, despite Zimmermann's involvement. "Trust me, I'm one of the good guys," doesn't fly anymore.

Re:NSA involvement ?

[Alain+Williams]

Zimmermann might well be good and honest ... but how well does he know the people who he will employ to help him ? What if one of them has a problem: financial/drugs/marital/... that allows the NSA to put pressure on them (''help them out of their sticky situation'') in return for ''something that is in the best interests of the USA'' ?

In mitigation: they do publish their source code for review. I don't know how easy it is to check that that is what is installed on the phone that you buy.

Re:NSA involvement ?

[aaarrrgggh]

Sure... Publish the software. What the hell, publish the firmware too. You could even publish the schematics for all the chips.

How would you as an end user validate that the nefarious bits aren't actually in the chips, transparently altering the firmware and bypassing protections in software.

Sadly we are in a post-trust mode now. Nothing can be trusted no matter the source or your due diligence. It starts to feel a lot like the secret police watching your every move.

Just to make things interesting, you are being watched by your own country's secret police, other countries' "spies," companies, and criminals.

This really has the potential to completely alter our society in short order, and I am not excited about the prospects.

Re:NSA involvement ?

This is a perfect point. If anyone feels threatened enough concerning their family's or own well being, that will eventually sell out.

Re:NSA involvement ?

East Germany is the prototype.

Great, fully owned by Silent Circle

[viperidaenz]

A company with offices in USA, under the jurisdiction of the FBI's NSL's

Re: Great, fully owned by Silent Circle

A company whose headquarters are in Geneva and complying with any secret order would violate Swiss constitution and make executives personally liable with guaranteed jail time.

Re: Great, fully owned by Silent Circle

Look up crypto ag. Switzerland can easily be buLlied.

Re: Great, fully owned by Silent Circle

My you are naive.

The Swiss are more flexible than a ballerina. As for executives going to jail ... ha!

Re: Great, fully owned by Silent Circle

Hardly easy and a great source of PR from a company perspective if they refuse to comply with orders. You need to read machiavelli. How fantastic for sales would it be if you're the only company that's proven to tell the US to fuck off.

Also note Zimmermann's involvement. The guy who stood up to the US in the 90s. These guys will go to jail before being bullied. No backdoor is their only right to exist.

Re: Great, fully owned by Silent Circle

Really if by flexible mean holding out for decades until the largest economic power threatens to bankrupt your primary industry... If you want to talk about naive, think about what people have to lose and what they have to gain by publicizing an attempt at coercion. I bet if the warrant canary at Silent Circle were taken down, or any actual demand leaked, sales would go through the roof.

Bring it on.

Re: Great, fully owned by Silent Circle

Not these days. The world changed after Snowden sold the NSA out, and European countries have a different relationship with the US these days.

The Swiss would absolutely laugh at any US influence now along these lines.

Re: Great, fully owned by Silent Circle

[IamTheRealMike]

The issue with Silent Circle isn't their jurisdiction. It's that their code is of deeply questionable quality. They recently had a remote code execution exploit that could be triggered just by sending a text message to their phone. It's been literally years since one of these affected mainstream software stacks, so how was that possible?

Well, they wrote their own SMS parsing code, in C, and used JSON to wrap binary encrypted messages and there was a bug that could cause memory corruption when the JSON wasn't exactly in the form they expected.

The amount of fail in that sentence is just amazing. They're a company which justifies its entire existence with security, writing software to run on a smartphone where the OS itself is written in a memory safe language (Java) and yet they are parsing overly complex data structures off the wire ..... in C. That isn't just taking risks, that's playing Russian roulette over and over again. And eventually it killed them. Remote code execution via SMS - ye gods.

After learning about that exploit and more to the point, why it occurred, I will strongly recommend against using Silent Circle for anything. Nobody serious about security should be handling potentially malicious data structures in C, especially not when the rest of the text messaging app is written in Java. That's just crazy.

Re: Great, fully owned by Silent Circle

do they own their own fabs? and other manufacturing facilities?

Re: Great, fully owned by Silent Circle

[fustakrakich]

Remote code execution via SMS - ye gods.

By itself, it's bad enough, but how it got past 'the crowd' is the issue to study.

Re: Great, fully owned by Silent Circle

The strict banking laws were supposed to protect depositors also, but the banks and government caved to US pressure.

Re: Great, fully owned by Silent Circle

RTFA. It's not SMS. Silent Circle's product doesn't use SMS for message delivery.

I bought the fully encrypted phone

[invictusvoyd]

and then installed this funny app which makes fart sounds . It asked for pemissions to my storage ,camera , mic , browser and girlfriend .

Re:I bought the fully encrypted phone

You need an app for that?

Re:I bought the fully encrypted phone

[linkdude64]

...and girlfriend .

Don't you already operate the phone with your hand? I kid, you make a valid and important point.

Re:I bought the fully encrypted phone

[itzly]

Don't you already operate the phone with your hand?

Most people have more than the average number of hands.

Re:I bought the fully encrypted phone

What in the fuck does this even mean?

Re:I bought the fully encrypted phone

[invictusvoyd]

i'm not as flatulent as u

Re: I bought the fully encrypted phone

Due to the presence in the community of amputees and other people who have lost hands, the average number of hands is less than 2, but most people have two hands.

You're welcome.

Why is this a thing?

I seriously don't get what justifies this-- I don't understand what Blackphone offers beyond what a well-patched Android phone-- especially one built from existing ROM project sources--does not already have. Okay, blackphone has encryption (but that's standard on Android), a "security center" which I don't see as being much different from the privacy settings in CyanogenMod (is it?), some pre-installed wifi apps you can get elsewhere... whisper systems-like encrypted chat and redphone-like functionality... anything else?

If I'm reading the reviews right, these are all pre-bundled together for the lazy and perhaps the very very trusting... but is that really worth a $50m investment? Isn't this available for free?

If you don't like closed-source stuff getting rid of gapps is good but.. . are the phone's binary blobs for sensors, camera, radio, gpu, etc open sourced and audited too? Are the accelerometer privs removed from normal apps? Is this phone resistant to exploitation via stolen OTA keys?

How is this $50m better than Jacob Appelbaum's $100 modified Modified Moto e?

Re: Why is this a thing?

Why is redhat a thing? I mean Linux is free right? How could anything free have value in an enterprise setting?

Simply put it has value because it does a lot more than a cyanogen phone (this is being typed on one). Blackstone is far more hardened and setup for enterprise rollout with the appropriate integration and support. The security center is also a lot more advanced than the one on cyanogen.

Re: Why is this a thing?

I guess- I didn't mean to suggest that there's no economic value in free-as-in-speech software... I'm asking whether there is $50m of value here above what's easily available elsewhere-- which may be the case if they've uniquely addressed the binary blob and other privacy concerns.

Re:Why is this a thing?

It's not that they are doing something that you can't do yourself, it's that they've done it for you so that you don't have to.

Re: Why is this a thing?

The problem with android phones is that you can't secure them fully. Period. There is no way. The baseband is a mysterious black box chip that has shared access to the system RAM and nothing short of a fully open source implementation of LTE or GSM or whatever will fix that.

The black phone sequesters the baseband and only powers it up when it's being used.

There is no way to achieve that with even the most tin foil totting custom ROM on a standard handset.

Re: Why is this a thing?

[bulled]

The problem with all phones is that you can't secure them fully. Period. There is no way. The baseband is a mysterious black box chip that has shared access to the system RAM and nothing short of a fully open source implementation of LTE or GSM or whatever will fix that.

The black phone sequesters the baseband and only powers it up when it's being used.

There is no way to achieve that with even the most tin foil totting custom ROM on a standard handset.

FTFY

Re: Why is this a thing?

There's billions in value there. How much is Ubuntu worth? Also free...

Re:Why is this a thing?

[mlts]

Since the SoC functions are still a black box, I rather just go with a ROM on a moddable handset like the HTC One M8 with XPrivacy installed, where even if a basic fleshlight app demanded every priv under the sun, it won't get it. When it comes to phones, having the ability to block apps from phoning home is a major security feature.

Even better, why can't a company work on virtualization on a handset? That way, one can have a VM for web browsing, one for work stuff, one for home/personal, and one for clients? This is more important and would be more useful (especially if the hardware supported two SIM cards) then yet another black box phone. With online deduplication and having the hypervisor do the encryption, decent security can be maintained on a device without much fuss from the user.

Re: Why is this a thing?

[Damarkus13]

If the baseband is powered down all the time, how do you receive phone calls?

What *is* their market?

[msobkow]

Given that iOS and Android can and do encrypt user data now, and that web device communications encryption is largely a question of whether a site uses SSL/HTTPS, what is the distinguishing feature of these phones that would make them marketable?

To me it looks like pure marketing hype, not a real benefit compared to other devices now that they've started using encryption.

Re: What *is* their market?

[bsDaemon]

End to end encrypted communications and the concept of circle of trust. The original creator of PGP is involved, but this product seems to be much easier to operate (although they still haven't fixed the problem of me convincing friends or family to also want one, therefor justifying my purchase as a personal device. They are therefor the BlackBerry of the Android world)

How to determine a phone's security

[Demonoid-Penguin]

Proportional to the number of forum flooding (trolling and stupid questions) : relevant posts ratio (?)

baseband?

[wbr1]

Unless and until baseband code/chip is open, you will never fully know what the phone leaks. Ever.

Re: baseband?

Has anyone ever audited the linux source code? How about android? Or do we just trust that someone CAN audit the source?

False sense of security

[Macfox]

This phone might be suitable for thwarting most criminals, however it would be susceptible to OTA attacks against the baseband (blackbox), which is now even more easily done with the compromised SIM private keys.

But it's still Android.

Has it not been shown over and over how Android is one of the most insecure pieces of the puzzle.
So what does it matter if the phone has end to end encryption when the phone can be pawned?

Re: But it's still Android.

Please link to a zero day exploit in Android.

visit us

http://topexclusive.net

A gift to intelligence service middle management?

[Limekiller42]

If I'm running a nation-state intelligence service unit devoted to mobile device intelligence gathering, I'm thinking BlackPhone is pretty awesome if it gets a solid adoption rate of people who are concerned about privacy. I'm going to get a pretty large subset of people who I probably want to spy on in the first place standardizing on a particular platform where I just need to develop one or two decent exploits. It allows me to concentrate my team's efforts on a much narrower technological problem than before and I'm looking good for getting an awesome annual performance review.

Who's chips do they use?

If they use Gemalto chips in their phone, then.....they're stupid, and still fucked.

Re:Who's chips do they use?

[Anne+Thwacks]

Given that the SIM is supplied by the carrier, and we don't know where our carrier gets his SIMs, - they probably all get them from the same place, we are all fucked.

If you have a secret, I do not recommed using a mobile phone to discuss it.

Or indeed, telling anyone about it at all.

Re:Who's chips do they use?

[aaarrrgggh]

Or writing it down anywhere... or thinking about it.

Re:Who's chips do they use?

Never write anything down that you wouldn't shout down the hall.

Re:Who's chips do they use?

[F.Ultra]

Isn't Blackphone to Blackphone voice and messingen supposed to be end to end encrypted? If so then it doesn't matter that the NSA has access to the GSM encryption code from the SIM since the phone encrypts the data before it is encrypted by the SIM.

Mobile Devices Are Spy Devices

[Limekiller42]

The fundamental truth of our time when it comes to mobile devices is that they are spy devices. It's a device that had a camera, microphone, GPS abilities, and we frequently use to communicate our most private thoughts with other people. If you want true privacy for particular content, don't use a mobile device.

Re: Mobile Devices Are Spy Devices

Silent Circle is a fucking joke. I could understand a high one time fee for the device, but the REAL problem is the subscription based service for his BS secure software. First off, to be truly effective, EVERYONE would have to own his phone, or either, pay his rediculous Rx fees and AS WELL own an android or compatible device. Since we all all know neither will ever happen, phil and his jerkoff phone, aps, and Rx fees are nothing more than toys for stupid fucks pretending they are the difference. Unless everyone adopts FREEly available hardware AND Rx free aps for secure communications, the few who do, whether they pay a monthly fee or not, won't amount to shit in the fight to regain our privacy. What I say or do for that matter with another person is NOONES business but mine and the person I communicate with. PERIOD mofos

Re: Mobile Devices Are Spy Devices

Worse yet, the region1 (worldwide coverage) phone is not even available to u_s customers. What a fucking joke. For $629 + tax & shipping and then they still want to charge rx fees for a substandard piece of (garbage) hardware. My Z3 is worldwide, has full encryption, it's very own mailbox, better hardware, and access to FREE apk's requiring NO rx fees. Gee, what's NOT to like about blackphone? Oh, my z3 was ~$630 to my door with bootloader unlocked.

Re: Mobile Devices Are Spy Devices

FUD. I have a region one and am a US customer. I've been all over the world with it. And where are these rx fees you keep frothing about? Not mentioned on the site and I haven't got charged for anything but the phone since I got it last June.

Criminals Intercepting My Phone

[MissNoItAll]

Gosh, I thought digital cell phone voice packets ARE encrypted? What case has occurred where criminals have listened to cell phone voice calls? OK, OK, that leaves the NSA and of course no other foreign governments (which we all know, aren't listening). Given all of this to be true, how can we complain when we now know we can pick up our phone and speak directly to someone in the NSA? For this, we can thank Mr. Snowden and I would sorely miss this feature if I bought some super phone that only those despicably nosey creatures on Vega could listen in on. My phone calls are very important and I want the right people paying attention to what I have to say.

BlackPhone?

That's only going to sell if it is available in gold.