Slashdot Mirror
Sirin Labs Launches Solarin, a $14,000 Privacy-Focused Smartphone (venturebeat.com)
An anonymous reader writes from a report via VentureBeat: Sirin Labs has launched its high-end Android smartphone called Solarin. The company's mission is to create the Rolls-Royce of smartphones -- an advanced device that combines "the highest privacy settings, operated faster than any other phone, [and is] built with the best materials from around the world." Solarin promises "the most advanced privacy technology, currently unavailable outside the agency world." It has partnered with KoolSpan to integrate chip-to-chip 256-bit AES encryption, which is similar to what the military uses to protect its communications. As for the specs, Solarin features a Qualcomm Snapdragon 810 processor, with support for 24 bands of LTE, and "far superior" Wi-Fi connectivity than standard mobile phones. There's a 23.8-megapixel rear camera sensor and a 5.5" IPS LED 2K resolution display. The phone goes on sale June 1st for nearly $14,000 ($13,800 to be exact).
...and then the Facebook app gets installed. Game over.
At this price tag and if they really enforce security it should come with a private app store where everything is verified thoroughly by the constructor. 256-bit AES encryption won't do any good when the user starts installing malware...
Needless to say, at this price point they're targeting what I would like to call "celebrity-grade" security.
Yeah. This thing smells of snakeoil like those $50k gold audio cables.
Well Ennetcom produced a PGP phone, they even marketed it to lawyers as secure enough for lawyer - client privileged conversations. It was built ontop of Blackberry's platform.
The Dutch police raided it, seized its servers claiming the phone was being used by criminals hence it had the right to close it down as a tool of crime. It looked a bit from the timing like the Dutch police wanted to influence the iPhone encryption court case.
So we were sure it actually WAS secure only after this (blatantly illegal) police action.
And in turn we're also sure the Blackberry phone is backdoored, because police are very happy with that phone and make no attempt to raid Blackberry servers these days, and Blackerry CTO says they take a more balanced approach to end to end encryption than some of their competitors (i.e. Apple).
So we won't know that this phone is secure, till its shutdown by an out of control police force.
A supposedly secure minded phone with screen with 178 viewing angle... genius!
You may scape the NSA but you will not scape the prying eyes of your neighbor.
> Then again, gotta start somewhere.
Definitely. And (even as a free software zealot I am) I won't spank, e.g. Purism for using Intel chips, although we have a rough idea of what is in them, and it ain't pretty.
But I expect them to be up-front on it. Especially on those mass-produced SOCs, where the processor controlling the boot and having access to all of RAM isn't the one you see (it's the graphics proc or the baseband proc or whatever) and is running a firmware you don't see, which most probably is OTA upgradeable with yet another blob even the phone manufacturer has no say in.
A step in the right direction? Possibly. But don't let marketing paper over the big holes. Not when your game is security.
I guess (and I am by no means qualified to say) that as a secure appliance, this sort of solution might have something going for it. However, if you think about the threat landscape that a mobile phone has by definition to operate in, then isn't this an awful lot of money to pay for a minimal reduction in exposure? For example, here is a hastily-thought-up list of threats/attacks that even the most perfectly secure handset cannot shield you from:-
1. The remote phone numbers that you call, or, if themselves for mobile devices, send SMS messages to.
2. Potentially, the phone numbers that call you.
3. Your location, as determined by triangulation from cell towers [assuming that you don't have a compromised GPS sensor in the handset.
4. The duration of the calls you make and/or receive, plus your location, time of day, etc, whilst those conversations happen.
5. The superset of data relating to you - that is: the location and activities of the counter-parties you communicate with, the on-chain communications that *they* participate in...
6. All of your web and email activity [unless you have an effective S/MIME solution, and/or have a remote proxy server that you can configure into your phone browser.
In other words, it is trivially easy to gather so much additional data from even the most secure handset that it simply isn't possible to disguise the activities you perform through a handset. EVEN IF YOUR OBSERVER CAN'T CRACK YOUR HANDSET.
I would be very reluctant to dismiss this handset as the mobile phone equivalent of snake oil, but I wonder if clients are fully aware of the inherent limitations of the solution they are being offered, and if they think it's still worth $14,000?
I know next to nothing about security, but I do know that mobile phones aren't secure no matter how your design them. Their entire purpose it to interconnect with other phones and networks. Once you enter an non-secure network you are not secure.
Pretty sure it will have a backdoor with a hard coded password like Niralos1234. These kinds of things usually do.
Seven puppies were harmed during the making of this post.
From twitter:
Farewall, $14,000 phone. We hardly knew ye.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
And why does the submitter keep other figures at 3 significant digits? For consistency it should be:
"AES encryption above 250 bits (256 bits to be exact)"
"a nearly 24-megapixel rear camera sensor (23.8 megapixels to be exact)"
So I'm supposed to depend on some company I've never heard of, who doesn't own the intellectual property involved, who clearly doesn't have the resources to evaluate the code or audit the hardware properly, is "partnering" with other companies I've never heard of (who the F is Koolspan?), and who wants to sell me a phone "focused on privacy" (whatever that is supposed to mean) for an outrageous amount of money? For a piece of hardware that even if it makes it to market will be obsolete faster than the milk in my refrigerator will spoil.
Umm, ok. What a deal.... [/sarcasm]
You really do know next to nothing about security, it seems.
I'm wondering at what point we'll have a phone that is a hypervisor or physical cluster under the hood, capable of delivering a virtual environment or separate physical environment for secure access.
All the insecure shit like Facebook or other dubious software applications could go in its own VM or on the "insecure" side, along with the baseband hardware. It'd be nice to be able to deploy multiple VMs for multiple VMs for various security levels.