Slashdot Mirror
Sirin Labs Launches Solarin, a $14,000 Privacy-Focused Smartphone (venturebeat.com)
An anonymous reader writes from a report via VentureBeat: Sirin Labs has launched its high-end Android smartphone called Solarin. The company's mission is to create the Rolls-Royce of smartphones -- an advanced device that combines "the highest privacy settings, operated faster than any other phone, [and is] built with the best materials from around the world." Solarin promises "the most advanced privacy technology, currently unavailable outside the agency world." It has partnered with KoolSpan to integrate chip-to-chip 256-bit AES encryption, which is similar to what the military uses to protect its communications. As for the specs, Solarin features a Qualcomm Snapdragon 810 processor, with support for 24 bands of LTE, and "far superior" Wi-Fi connectivity than standard mobile phones. There's a 23.8-megapixel rear camera sensor and a 5.5" IPS LED 2K resolution display. The phone goes on sale June 1st for nearly $14,000 ($13,800 to be exact).
Do they even *know* what's in the Snapdragon SoC? I mean, even with an (hypothetical, but thanks to LowRISC perhaps reachable) open design SoC you'd have to trust the foundry to not play shenanigans on you [1], but blindly buying from Qualcomm/ARM and whatever other parties are in there, with a mutual assured destruction level of NDAs between them?
Hmmm.
[1] http://static1.1.sqspcdn.com/s...
...and then the Facebook app gets installed. Game over.
At this price tag and if they really enforce security it should come with a private app store where everything is verified thoroughly by the constructor. 256-bit AES encryption won't do any good when the user starts installing malware...
"...The phone goes on sale June 1st for nearly $14,000 ($13,800 to be exact)."
Still cheaper than the "Rolls Royce" Apple Watch models.
C'mon, you can do better than that for people who have money to burn. Where's my solid gold option? This smartphone is only the price of a car. Surely you can figure out a way to charge as much as a house would cost for an electronic device that will be obsolete in 3 years.
Sirin, did you not learn anything from Apple?
is less secure than 128bit. So that's how to construct the safest phone out there, by missing this fact? Nice start.
https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
This overpriced heap of junk uses a Qualcomm Snapdragon baseband, It is dead on arrival.
https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf
https://www.youtube.com/watch?v=fQqv0v14KKY
Qualcomm often designs their basebands to have shared memory access to the RAM of the Application Processor that runs your Android/OS
Qualcomm is one of the worst from a security and privacy standpoint.
The Neo900 http://neo900.org/ is going to be much more secure, and much cheaper
Well Ennetcom produced a PGP phone, they even marketed it to lawyers as secure enough for lawyer - client privileged conversations. It was built ontop of Blackberry's platform.
The Dutch police raided it, seized its servers claiming the phone was being used by criminals hence it had the right to close it down as a tool of crime. It looked a bit from the timing like the Dutch police wanted to influence the iPhone encryption court case.
So we were sure it actually WAS secure only after this (blatantly illegal) police action.
And in turn we're also sure the Blackberry phone is backdoored, because police are very happy with that phone and make no attempt to raid Blackberry servers these days, and Blackerry CTO says they take a more balanced approach to end to end encryption than some of their competitors (i.e. Apple).
So we won't know that this phone is secure, till its shutdown by an out of control police force.
All that is needed is a pure android with some added functions to detect when you are on a government or police fake cellphone tower and other crud that leaks information.
no need to build any hardware as a nexus unlocked phone or even a oneplus unlocked phone will do what is needed. it is simply a clean install of android with no added bullshit shovelled in and some extra tools.
Do not look at laser with remaining good eye.
Then again, gotta start somewhere. Custom hardware is Expensive[tm] to fabricate and "privacy" so far is just about the smallest of niches, even somewhere behind encrusting diamonds on a gold leaf-clad boring old mainstream phone that'll be obsolete within two years.
My first thought is to ask how they're planning to do the air interface. Is that open, including all firmware? If not, it doesn't matter what you do for a SoC, the game remains unwinnable.
A supposedly secure minded phone with screen with 178 viewing angle... genius!
You may scape the NSA but you will not scape the prying eyes of your neighbor.
I know next to nothing about security, but recently I watched presentation about security of various chips. Turns out you can eavesdrop on CPU, registers, communication between soldered components etc. without hooking directly into the device - just by measuring EM fields, heat signatures and similar stuff. I imagine that if your north bridge can't trust south bridge than assuring identity and secure channel between them requires quite different (i.e. more expensive) components. Maybe this is the case here?
It reminds me of the Dilbert where the PHB does layoffs by declaring that "due to weather, all nonessential personnel can leave early", and then simply watches who leaves.
If you run out and buy a special uberprivacy phone, you a) are self-identifying as having something to snoop and b) wasting your money.
Did they mention that you can iron your clothes with this phone? (http://arstechnica.com/gadgets/2015/04/in-depth-with-the-snapdragon-810s-heat-problems/)
is dog shit
I guess (and I am by no means qualified to say) that as a secure appliance, this sort of solution might have something going for it. However, if you think about the threat landscape that a mobile phone has by definition to operate in, then isn't this an awful lot of money to pay for a minimal reduction in exposure? For example, here is a hastily-thought-up list of threats/attacks that even the most perfectly secure handset cannot shield you from:-
1. The remote phone numbers that you call, or, if themselves for mobile devices, send SMS messages to.
2. Potentially, the phone numbers that call you.
3. Your location, as determined by triangulation from cell towers [assuming that you don't have a compromised GPS sensor in the handset.
4. The duration of the calls you make and/or receive, plus your location, time of day, etc, whilst those conversations happen.
5. The superset of data relating to you - that is: the location and activities of the counter-parties you communicate with, the on-chain communications that *they* participate in...
6. All of your web and email activity [unless you have an effective S/MIME solution, and/or have a remote proxy server that you can configure into your phone browser.
In other words, it is trivially easy to gather so much additional data from even the most secure handset that it simply isn't possible to disguise the activities you perform through a handset. EVEN IF YOUR OBSERVER CAN'T CRACK YOUR HANDSET.
I would be very reluctant to dismiss this handset as the mobile phone equivalent of snake oil, but I wonder if clients are fully aware of the inherent limitations of the solution they are being offered, and if they think it's still worth $14,000?
Which is today, so just PM me for my address and have them ship it on over.
Let's see if we can improve this summary by just removing some dead weight characters:
"Sirin Labs launched its Android phone called Solarin. The company's mission is to create a device that combines privacy settings, materials. It has 256-bit AES encryption. Solarin features a Qualcomm Snapdragon 810 processor, 24 bands of LTE, and Wi-Fi a 23.8-megapixel rear camera and a 5.5" IPS 2K resolution display. The phone goes on sale June 1st for $13,800."
That wasn't so hard. Imagine how much better it would read if I added or re-arranged a few characters too? Maybe slashdot should employ some people to do this kind of thing for us... we could call them editors! /s
Can't wait to hear about these turning up on the black market after being casually misplaced by agents. Your tax dollars hard at work!
It is unfortunate that the phone's design is the Ford Focus of smartphones.
... that some half-wit web/mobile developer n00b can find a hack for this in under 30 minutes.
Another 100 Euros that any small Linux PC set up by a decent admin with Ekiga Voicechat over SSH is a bazillion times safer and way harder to crack for ye 3-letter agencies.
We suffer more in our imagination than in reality. - Seneca
Unless they own the fabs, they can't guarantee the TLAs won't pown the very silicon laid down by their industry buddies. Remember when GCHQ wanted certain parts of The Guardian's laptops smashed to bits? Yeah.
From twitter:
Farewall, $14,000 phone. We hardly knew ye.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
“‘Cyberattacks are endemic across the globe,” said Tal Cohen, CEO and cofounder of Sirin Labs. “This trend is on the increase. Just one attack can severely harm reputations and finances. Solarin is pioneering new, uncompromising privacy measures to provide customers with greater confidence and the reassurance necessary to handle business-critical information.’
Better get it so you don't fall prey to Israeli Anonymous?
Cunts. You going to call somebody on their flip to plan some dastardly deeds?
This is a top tier phone for dickheads. gtfo.
Now that's a very verbose way to say "$13,800"
Sounds like a marketing scam to me, or perhaps just a scam.
I'd suspect the market for a $14,000 phone is kinda slim. Unless it lets me talk to my future self in my domed habitat on Mars, I'll pass.
I'd also suspect that anyone buying a $14,000 "privacy" phone will immediately go on a heightened surveillance list because, you know, terrorism.
In addition, who's to say it's not a front company for the CIA/FBI/DHS floated out there as a way to lure in the suckers who want a secure phone to conduct illegal business? Buying one is like sticking a bright orange patch on your back that says "WATCH ME CLOSELY, I'M UP TO NO GOOD".
Just cruising through this digital world at 33 1/3 rpm...
an advanced device that combines "the highest privacy settings, operated faster than any other phone, [and is] built with the best materials from around the world." Solarin promises "the most advanced privacy technology, currently unavailable outside the agency world."
"It's gonna be UUUGE." Solarin proclaimed.
So I'm supposed to depend on some company I've never heard of, who doesn't own the intellectual property involved, who clearly doesn't have the resources to evaluate the code or audit the hardware properly, is "partnering" with other companies I've never heard of (who the F is Koolspan?), and who wants to sell me a phone "focused on privacy" (whatever that is supposed to mean) for an outrageous amount of money? For a piece of hardware that even if it makes it to market will be obsolete faster than the milk in my refrigerator will spoil.
Umm, ok. What a deal.... [/sarcasm]
How fucking much? I'll take two, one for Sundays.
For that price, it had better come with a beautiful girl who blows you every time you make a phone call.
If telephones are outlawed, then only outlaws will have telephones.
But cyptography and marketing don't really mix. The marketing subtext is that because this uses the very best chips and is too expensive for ordinary people to own, it's secure. But of course that's nonsense. Security is a system property. It's not the chips or algorithms, it's how you use them. And it costs money to figure out how to use them securely, an expense that you amortize over the total number of units sold.
And at number of units you'll sell at a unit price of $14K, the gross revenues you have to lavish on really serious engineering (as opposed to Lego style snap-together system integration) is pretty small.
Look at the iPhone 6. At about $700 retail, an iPhone 6 costs about 1/20 of the phone in question. At $14K, how many of these things do you think Sirin will ship? Well, whatever that gross units sold may be, people were talking at the end of last year about a slowdown in iPhone sales because Apple shipped "only" seventy-four frickin' million of them in the last quarter. What can you do with big economies of scale? You can design something like the A8 chip, which puts a pretty serious crypto-coprocessor on the CPU die so that sensitive information like encryption keys can't be read off the system bus. Does that make the iPhone 6 more secure than the an Bernadino iPhone 5 the FBI hacked? Not necessarily, because security is a system property. But it shuts off entire lines of attack where you analyze the phone in an EE lab. That's like putting a massive steel back door on your house; it's no guarantee you didn't leave a first floor window open.
There's really only one way something like this is likely to end up more secure than an iPhone 6 with encrypted storage, and that's monkeying with the security/convenience trade-off. The impressive thing about the iPhone 6's security isn't how tough it is to break (which nobody can be sure of until they try), but how much thought went into securing it without imposing any kind of user experience cost. If you're willing to impose some inconvenience on users, that would enable you to add security without assembling a committee of genius crypto and UX experts. For example you could replace a four digit user-chosen PIN with a seven digit randomly chosen PIN.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Step one in making a secure phone. Do not use android based system. You the manufacturer / developer will have to vet all code.
Step two, the cellular radio must boot up after the OS is fully online w/ security up. Signal system seven by default trusts whatever is closest and strong.
Step three look left towards,,,,,, http://www.wilderssecurity.com...
if TL/DR applies "securing a mobile phone is near impossible."
I'd suspect the market for a $14,000 phone is kinda slim
Well, the market for cell phones is in the billions. If they only sell to 0.01% of the richest and stupidest of possible customers, that's a billion dollars of sales.
Heck, if they just sell seventy or eighty of them, that's a million dollars. Not bad for a hundred dollars worth of hardware and some coding that none of the users are likely to understand anyway.
I'm wondering at what point we'll have a phone that is a hypervisor or physical cluster under the hood, capable of delivering a virtual environment or separate physical environment for secure access.
All the insecure shit like Facebook or other dubious software applications could go in its own VM or on the "insecure" side, along with the baseband hardware. It'd be nice to be able to deploy multiple VMs for multiple VMs for various security levels.
Yes, and the encryption will be broken because of a sloppy implementation...
At $14k you'd think they would round off the corners, but instead they made them taper into points. I see complaints of them wearing hold in Armani's suits left and right.
Before you can even begin to talk about security you need to have the complete set of source code for the device. This includes the source code for things like the modem firmware and similar. You might be able to design an semi-intelligent messaging device to work around some of the issues with cellular technology in general by only connecting to the network at particular places at particular points in time such that it obfuscates the tracking. However if the modem firmware has control over the rest of the device (and the typical phone does) then the design is fatally flawed from a security perspective. For this to work the modem must be isolated from the rest of the device and it must be possible for the central device to cut power to the modem.
Toss out all the "valuable" materials (I don't give a shit if the phone is out of brushed steel or plastic, what matters is that I notice if it's been tampered with), lose the camera (privacy also means no picture), lose the insane resolution screen (it's a phone. As long as it can display numbers and letters we'll be fine). Then we're talking about a device for the security conscious, not yet another toy for people with more money than brains.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The only way to secure a modern smartphone is to shut it off, remove the battery, and then snap the thing into two pieces and then run the pieces through a shredder.
And even then I'm not so certain about it being secure.
Let's face it: once you make a call, at least the carrier and most likely the NSA, has metadata on your call. Does the phone come with a secure carrier that answers to no one? Didn't think so. Then there's GPS tracking. Then there's looking over your shoulder at the screen. Then there's the OS itself, Android, which is full of holes.
Then there's downloaded Apps phoning home information about you. You could have a $14,000 phone, but if you download Facebook you're borked security-wise. Or do you use Uber? Forget security at that point.
In short, what they are selling is a fraud. There's no way to really secure a smartphone, and anyone selling you an expensive bauble claiming security is either lying to steal your money, or is too stupid to know they are lying.
If telephones are outlawed, then only outlaws will have telephones.
Selling a secure phone (whatever that even means) but with such weeping, drooling, confident marketing speak... Well, they are just begging to be a target. This is assuming they have written their own super-duper security software version 1.0. Either this is total bullshit or they will end up with egg on their via courtesy of their hubris. Hell, if I can bypass the lock screen on an encrypted BlackBerry...
Second comment
A fool and his money are soon parted.
Brought to you by Carl's Junior.
built with the best materials from around the world
If they aren't using Monster cables, I'm not buying it.
A lot of people say they value privacy. Now this expensive phone says it provides privacy (let's just accept that statement at face value for the moment).
How much is your privacy worth to you? Is it worth $14,000? I'll bet for most people, it isn't worth that much. And untold millions gave up their privacy for free when they signed up for Twitter, Facebook, Google, MS Office Online, ...
..to read about the guy with more money than sense who buys this phone and then accidentally drops it down the toilet during a call.