Forgot your password?
typodupeerror
Cellphones Communications Encryption Handhelds Privacy Security Hardware

Ars Takes an Early Look At the Privacy-Centric Blackphone 67

Posted by timothy
from the all-voice-calls-should-be-encrypted dept.
Ars Technica has spent some time with pre-production (but very nearly final) samples of the Blackphone, from Geeksphone and Silent Circle. They give it generally high marks; the hardware is mostly solid but not cutting edge, but the software it comes with distinguishes it from run-of-the-mill Android phones. Though it's based on Android, the PrivOS system in these phone offers fine grained permissions, and other software included with the phone makes it more secure both if someone has physical access to the phone (by encrypting files, among other things) and if communications between this phone and another are being eavesdropped on. A small taste: At first start up, Blackphone’s configuration wizard walks through getting the phone configured and secured. After picking a language and setting a password or PIN to unlock the phone itself, the wizard presents the option of encrypting the phone’s stored data with another password. If you decline to encrypt the phone’s mini-SD storage during setup, you’ll get the opportunity later (and in the release candidate version of the PrivOS we used, the phone continued to remind me about that opportunity each time I logged into it until I did). PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks.
This discussion has been archived. No new comments can be posted.

Ars Takes an Early Look At the Privacy-Centric Blackphone

Comments Filter:
  • by Anonymous Coward on Monday June 30, 2014 @04:13AM (#47348505)

    But you give away your location by just connecting to a base station? (if anyone has solutions to this, please share!)

    Most countries track the location of your cell phone (mandated by law), and then shares the information gathered with intelligence agencies.

  • by mitcheli (894743) on Monday June 30, 2014 @08:12AM (#47349103)
    I have to seriously hope that the phone is more than just encryption and access control. What types of intrusion detection does the phone have? What types of behavioral analysis to determine unknown exploit vectors does the phone have? Does the phone have decentralized communication methods? One idea I have pondered but seriously don't have the time to get engaged in is to try an SVOIP concept using peer to peer wifi connections, a mesh network of sorts. If the communications are decentralized and segregated from infrastructure, then you can bypass many of the eavesdropping techniques. If you have some form of behavioral analysis, then you can start to identify techniques to exploit the phone at the operational level. Encryption goes a long way to help, and software based access control at the OS level (assuming it's secure and not hackable) is also a good start. But maleware is getting far more customized and attacks on the platform are getting much tougher to detect on a pattern based methodology.
  • by Wootery (1087023) on Monday June 30, 2014 @09:57AM (#47349761)

    Yes. I know. Let's try that again: so you're just assuming the existence of backdoors in the Blackphone specifically which make the mic accessible to *.gov?

    Unless I missed something, we don't know for sure one way or the other whether the techniques the FBI have used to do that to other phones, will work on the Blackphone.

  • by Anonymous Coward on Monday June 30, 2014 @10:53AM (#47350231)

    Yes, let me buy a security-minded phone then get data into it over bluetooth.

    A secure phone MUST have a physical keyboard.

  • by Wootery (1087023) on Monday June 30, 2014 @12:31PM (#47351071)

    There needs to be a way to verify how the hardware operates, or you just have to trust the manufacturer. Personally, I wouldn't.

    Agree. If Blackphone don't go down the hardware-checking road, that rather weakens their case. It'll take more than this [twitter.com]. (I don't know what they mean by 'make', or even if they're correct in the first place.)

    A simple solution would be to have a physical mic/camera-disconnect switch...

Life. Don't talk to me about life. - Marvin the Paranoid Anroid

Working...