Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlackPhone, In Wake of Gemalto Fallout, Receives $50 Million In Funding

Posted by timothy on from the small-steps dept.

An anonymous reader writes The BlackPhone, a $600-plus encrypted Android handset designed to keep the prying eyes of criminals and the government out of mobile communications, is now fully owned by Silent Circle thanks to the company raking in investment cash. Terms of the buyout deal with Spanish smartphone maker Geeksphone, the phone's hardware manufacturer, were not disclosed. Silent Circle said Thursday that it has raised $50 million and plans on showing off an encrypted 'enterprise privacy ecosystem' at World Mobile Congress next week. A BlackPhone tablet is on the way, too.

17 of 59 comments (clear)

  1. NSA involvement ? by Alain+Williams · · Score: 4, Insightful

    I have to ask: is there secret NSA involvement in this ? An inside man who will put a couple of back-doors in the 'phone.

    I have absolutely no knowledge that this is the case, but the NSA certainly has the resources & motivation to do so. It seems to have done this sort of thing in the past.

    1. Re:NSA involvement ? by chihowa · · Score: 2

      Silent Circle was partially founded by Philip Zimmermann, so that's supposed to lend some credibility to the operation. The company, and PZ in general, still operate on the premise that trust in them should be enough for anybody, so the operation will be opaque and the source closed.

      I really respect a lot of what Zimmermann has done, but we're finding out more and more that our trust in institutions was ill placed. I don't think his model works in our current world. Finding out in twenty years that Silent Circle was an NSA front wouldn't really surprise me that much, despite Zimmermann's involvement. "Trust me, I'm one of the good guys," doesn't fly anymore.

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
    2. Re:NSA involvement ? by Alain+Williams · · Score: 2

      Zimmermann might well be good and honest ... but how well does he know the people who he will employ to help him ? What if one of them has a problem: financial/drugs/marital/... that allows the NSA to put pressure on them (''help them out of their sticky situation'') in return for ''something that is in the best interests of the USA'' ?

      In mitigation: they do publish their source code for review. I don't know how easy it is to check that that is what is installed on the phone that you buy.

  2. Great, fully owned by Silent Circle by viperidaenz · · Score: 3, Informative

    A company with offices in USA, under the jurisdiction of the FBI's NSL's

    1. Re: Great, fully owned by Silent Circle by Anonymous Coward · · Score: 5, Insightful

      A company whose headquarters are in Geneva and complying with any secret order would violate Swiss constitution and make executives personally liable with guaranteed jail time.

    2. Re: Great, fully owned by Silent Circle by Anonymous Coward · · Score: 5, Informative

      Look up crypto ag. Switzerland can easily be buLlied.

    3. Re: Great, fully owned by Silent Circle by IamTheRealMike · · Score: 4, Interesting

      The issue with Silent Circle isn't their jurisdiction. It's that their code is of deeply questionable quality. They recently had a remote code execution exploit that could be triggered just by sending a text message to their phone. It's been literally years since one of these affected mainstream software stacks, so how was that possible?

      Well, they wrote their own SMS parsing code, in C, and used JSON to wrap binary encrypted messages and there was a bug that could cause memory corruption when the JSON wasn't exactly in the form they expected.

      The amount of fail in that sentence is just amazing. They're a company which justifies its entire existence with security, writing software to run on a smartphone where the OS itself is written in a memory safe language (Java) and yet they are parsing overly complex data structures off the wire ..... in C. That isn't just taking risks, that's playing Russian roulette over and over again. And eventually it killed them. Remote code execution via SMS - ye gods.

      After learning about that exploit and more to the point, why it occurred, I will strongly recommend against using Silent Circle for anything. Nobody serious about security should be handling potentially malicious data structures in C, especially not when the rest of the text messaging app is written in Java. That's just crazy.

    4. Re: Great, fully owned by Silent Circle by fustakrakich · · Score: 2

      Remote code execution via SMS - ye gods.

      By itself, it's bad enough, but how it got past 'the crowd' is the issue to study.

      --
      “He’s not deformed, he’s just drunk!”
  3. I bought the fully encrypted phone by invictusvoyd · · Score: 4, Insightful

    and then installed this funny app which makes fart sounds . It asked for pemissions to my storage ,camera , mic , browser and girlfriend .

    1. Re:I bought the fully encrypted phone by Anonymous Coward · · Score: 3, Funny

      You need an app for that?

    2. Re:I bought the fully encrypted phone by linkdude64 · · Score: 2

      ...and girlfriend .

      Don't you already operate the phone with your hand? I kid, you make a valid and important point.

    3. Re:I bought the fully encrypted phone by itzly · · Score: 2

      Don't you already operate the phone with your hand?

      Most people have more than the average number of hands.

  4. What *is* their market? by msobkow · · Score: 3, Insightful

    Given that iOS and Android can and do encrypt user data now, and that web device communications encryption is largely a question of whether a site uses SSL/HTTPS, what is the distinguishing feature of these phones that would make them marketable?

    To me it looks like pure marketing hype, not a real benefit compared to other devices now that they've started using encryption.

    --
    I do not fail; I succeed at finding out what does not work.
    1. Re: What *is* their market? by bsDaemon · · Score: 3, Informative

      End to end encrypted communications and the concept of circle of trust. The original creator of PGP is involved, but this product seems to be much easier to operate (although they still haven't fixed the problem of me convincing friends or family to also want one, therefor justifying my purchase as a personal device. They are therefor the BlackBerry of the Android world)

  5. Re: Why is this a thing? by bulled · · Score: 2

    The problem with all phones is that you can't secure them fully. Period. There is no way. The baseband is a mysterious black box chip that has shared access to the system RAM and nothing short of a fully open source implementation of LTE or GSM or whatever will fix that.

    The black phone sequesters the baseband and only powers it up when it's being used.

    There is no way to achieve that with even the most tin foil totting custom ROM on a standard handset.

    FTFY

  6. Re:Who's chips do they use? by Anne+Thwacks · · Score: 3, Insightful
    Given that the SIM is supplied by the carrier, and we don't know where our carrier gets his SIMs, - they probably all get them from the same place, we are all fucked.

    If you have a secret, I do not recommed using a mobile phone to discuss it.

    Or indeed, telling anyone about it at all.

    --
    Sent from my ASR33 using ASCII
  7. Re:Who's chips do they use? by aaarrrgggh · · Score: 2

    Or writing it down anywhere... or thinking about it.