Ars Takes an Early Look At the Privacy-Centric Blackphone 67
Ars Technica has spent some time with pre-production (but very nearly final) samples of the Blackphone, from Geeksphone and Silent Circle. They give it generally high marks; the hardware is mostly solid but not cutting edge, but the software it comes with distinguishes it from run-of-the-mill Android phones. Though it's based on Android, the PrivOS system in these phone offers fine grained permissions, and other software included with the phone makes it more secure both if someone has physical access to the phone (by encrypting files, among other things) and if communications between this phone and another are being eavesdropped on. A small taste: At first start up, Blackphone’s configuration wizard walks through getting the phone configured and secured. After picking a language and setting a password or PIN to unlock the phone itself, the wizard presents the option of encrypting the phone’s stored data with another password. If you decline to encrypt the phone’s mini-SD storage during setup, you’ll get the opportunity later (and in the release candidate version of the PrivOS we used, the phone continued to remind me about that opportunity each time I logged into it until I did).
PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks.
Apps which require location? (Score:5, Interesting)
Location information could still be very useful for apps that need it, if you have a sane spoofing policy (either manual or automatic). If you, say, travel to another city for a week, you could have the OS spoof a single location in that city for the duration of the trip. The privacy implications of, "Bob is in San Francisco" are somewhat different than, "Bob is at 14th and Valencia."
Of course, I didn't RTFA, so I have no idea if something like this is implemented/in the works/impossible...
Re: (Score:3, Insightful)
But you give away your location by just connecting to a base station? (if anyone has solutions to this, please share!)
Most countries track the location of your cell phone (mandated by law), and then shares the information gathered with intelligence agencies.
Re: (Score:3)
Thats the problem. At some hardware and software level all your text entry is fair game to the telco that allows you to connect to their gov granted network.
You can run all the apps you want but your still walking around with a beacon that has a mic and other neat features to offer any interested city/state/federal/mil/.com
Re:Apps which require location? (Score:5, Informative)
Re:Apps which require location? (Score:4, Insightful)
Yes. I know. Let's try that again: so you're just assuming the existence of backdoors in the Blackphone specifically which make the mic accessible to *.gov?
Unless I missed something, we don't know for sure one way or the other whether the techniques the FBI have used to do that to other phones, will work on the Blackphone.
Re: (Score:2)
You need to assume the worse. Chances are that it will be true. There needs to be a way to verify how the hardware operates, or you just have to trust the manufacturer. Personally, I wouldn't.
Re:Apps which require location? (Score:4, Insightful)
There needs to be a way to verify how the hardware operates, or you just have to trust the manufacturer. Personally, I wouldn't.
Agree. If Blackphone don't go down the hardware-checking road, that rather weakens their case. It'll take more than this [twitter.com]. (I don't know what they mean by 'make', or even if they're correct in the first place.)
A simple solution would be to have a physical mic/camera-disconnect switch...
Re: (Score:2)
If that's important enough, you must assume they do until proven otherwise.
Re:Apps which require location? (Score:5, Interesting)
Re: (Score:2)
This is good enough to suspect that phone is backdoored
Disgree. It's not enough.
Nice touch about putting blackphone homepage in .ch domain
Any idea why they did that? Just to try to distance themselves from America? Weird.
Re: (Score:1)
Access to the mic is "guarded" (*) by the phone's software, which is presumably secure. That's of course a key point, but if the software is leaky, you are going to have lots of other problems.
(*) I put that in quotes because it's not actually *guarded* by the software, but essentially there is no way for the FBI or anybody else to access the mic *other than* through software/firmware/microcode which accepts a connection from them and routes data from the mic to that connection.
So -- beacon, yes. With a uni
Re:Apps which require location? (Score:4, Informative)
The mic is not the main concern. Where I live, it is mandated by law that you have to show national ID card when you purchase any phone, and have the phone no and IMEI numbers associated with you.
Meaning they are automatically tracking everybody, and indeed the police cameras routinely use cell phone location information (among others) to narrow down the face recognition hits. (Yes, this system exists and is publicly announced).
It is harder to listen in to the mic on everyone all the time.
Re: (Score:2)
Therefore, you should always use a tor-like algorithm to connect to the cell tower.
Re: (Score:2)
Therefore, you should always use a tor-like algorithm to connect to the cell tower.
How does this help when the tower has to know how to bill the call?
Re:Apps which require location? (Score:4, Funny)
You just discovered an additional benefit of this method.
Re: (Score:2)
Re:Apps which require location? (Score:4, Informative)
2 towers are enough.
With the right software, 2 antennae on one tower are enough.
Re: (Score:2)
The tower knows where you are when the phone part is enabled. Otherwise, it doesn't. You could use an AP at the starbucks to make a VOIP call for example.
Re: (Score:3)
Take a look at Xprivacy [xda-developers.com]. If you have a rooted android phone you can do that and more today. I think Cyanogenmod also has some sort of permission control built in now. Even Iphone's have basic permissions. The only thing that doesn't is stock Android and Windows.
Google knows there's a market for it, but they're worried about ad revenue or apps breaking because it would be "too much of a burden" on developers to make sure there apps behave when permissions are denied.
Re: (Score:2)
I just use "Fake GPS" on my Android stick and the phone I use around the house for SIP. It uses the simple gmaps interface to let you select a location. Whether you want to lie about your position or just don't have a GPS, it's fairly small and it works.
Nice heads up on Xprivacy though, I do have xposed on my actual phone, along with a grip of modules. App Settings is a peach.
Re: (Score:2)
Re: (Score:2)
Does a "dumb phone" exist? Wouldn't it be more accurate to call them weak computing devices with few _user_ accessible features?
Re: (Score:2)
Does a "dumb phone" exist?
Sure. The Qualcomm QCP-1900 I bought in 1998 still works great.
Re: Apps which require location? (Score:2)
I love the idea of poisoning "their" databases with bogus info. I used a WiFi app to poison databases at malls that offer free WiFi just to track people (can't remember name)
I say XPrivacy (Score:5, Informative)
"PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to"
Those of us with a normal but rooted Android can do these things already with XPrivacy, an XPosed module. Fine grained control per system call, also for system apps (yes, that includes keeping pre-installed Facebook out of my address book and gps data). And I can choose to simply refuse, or tell it the address book is empty and I'm on the south pole.
Re: (Score:3)
Re: (Score:2)
Unless there's some fundamental changes to the OS that isn't included in the press reporting, I'm not really seeing anything that great about Blackphone other than the bundled services. My Nexus 4 has exactly the same protections: Baked-in permission control, including system apps, and VPN connectivity to my home / third party VPN service, or Tor network
Gimme a keyboard (Score:4, Interesting)
Re: (Score:2)
Re: (Score:2)
The idea that serious people want a physical keyboard is something that even people in the Blackberry boardroom no longer believe in. At our firm, BBs disappeared almost overnight as soon as corporate mail was made available on iPhone and Android..
I've seen that too; the mass exodus from BB to iPhone/Android. The full touchscreen was probably the shiny reason to move away; connecting to multiple email accounts (multiple Exchange account at that) and having a consolidated inbox was probably the major reason for the switch, however. From an IT Administration standpoint, the elimination of the BES because EAS (Exchange ActiveSync) is good enough for maybe 90% of organizations was a primary factor: no more buying extra BES licenses when someone new com
Re: (Score:2)
connecting to multiple email accounts (multiple Exchange account at that) and having a consolidated inbox was probably the major reason for the switch
iOS & Android still can't match the BB for email support so I can't fathom what you are talking about here. I have at least six email accounts on my BB and can open them in a consolidated folder or individually. iOS 7 has dramatically improved over previous versions but it's still not on par with BB. I remember my first iOS device and discovering that you couldn't delete a calendar once it had been added to the device even if you deleted the existing email account without wiping the device! I think they
Re: (Score:2)
connecting to multiple email accounts (multiple Exchange account at that) and having a consolidated inbox was probably the major reason for the switch
iOS & Android still can't match the BB for email support so I can't fathom what you are talking about here.>
That's certainly true now; my new BB Curve has all those features too.
But I'm talking a few years ago; in the Bold 9000 era. BBOS at that time (4 point something or other) could only do email via BES; one account only and no POP3 / IMAP (unless you had a 3rd party client; even then it got messy because of no unified inbox and increased battery drain). The iPhone with iOS4 and most Android phones at the time could do unlimited email accounts - and iPhone could have multiple Exchange accounts, which was qui
Re: (Score:2)
BBOS at that time (4 point something or other) could only do email via BES; one account only and no POP3 / IMAP
Perhaps you weren't aware of how to set them up but the ability was there. I had my Yahoo account set up via POP3 on my 7230 with BB OS 4.x in 2004.
Re: (Score:2, Insightful)
Yes, let me buy a security-minded phone then get data into it over bluetooth.
A secure phone MUST have a physical keyboard.
Re: Gimme a keyboard (Score:2)
tempest is easier than breaking bt crypto.
Re: (Score:3)
Gimme a break. Cell phone makers target most of the market, which ranges from 8 year old brats to serious business users. And now that we have decent touch screens, many people seem to prefer those over physical keyboards that take up a lot of space
You know what takes up a lot more space? On-screen keyboards.
Re: (Score:2)
Take all the existing costs and yield problems of a touchscreen phone, then add a few dozen mechanical parts under a region-specific text overlay, and attach them to that phone with even more moving parts.
It's probably best for a niche device like this to start off with a design that minimises risks.
Re: (Score:2)
ssh on an android phone sounds masochistic.
Get a laptop and tether!
Re: Gimme a keyboard (Score:2)
I use it fairly regularly.
With hackers keyboard.
Re: (Score:2)
You should try using a swipe keyboard. Once you get used to it you won't miss physical keyboards any more. The standard Google keyboard is pretty good and supports swiping.
Re: (Score:2)
That's not much good when you're pressing special characters and modifier keys all the time. I've hacked together regexes on an iPad before, using my favourite terminal app which brings up a bunch of useful shortcuts to special symbols and the modifiers, but it was still quietly horrific.
Re: (Score:2)
I think your mistake was trying to do regexes on a device that isn't designed for anything more than email and web browsing. Maybe a Surface would be more suitable?
Re: (Score:2)
The sentence makes perfect sense either way ;)
Re: Gimme a keyboard (Score:2)
Sounds like you should update your skills, or get a Bluetooth mini keyboard or something. You are not most people. Save your grumpy mood for the wife
Binary processes running with root privileges... (Score:1)
Binary deliverables does not cut anymore. 100% source like these guys: tearcomm.com
Power and Performance (Score:5, Interesting)
Blackphone is MY only way to go.
after all, how can I trust anything on any other device? The manufacturers and Google are very much interested in keeping a major part of their official ecosystems CLOSED SOURCE.
I am putting the keys to my kingdom on them: on-line banking, SSH, VPN, and all sorts of other stuff is accessed by my phone. Just a tiny bit of mystery code could be slurping up all these credentials and key data and storing it on the device... only to transmit it later via covert means (DNS requests or whatever). How do I know this is NOT happening? I don't. I need to have faith in the multitude of vendors and app authors. Vendors that I have no reason to trust.
Two factor authentication? HA! The second factor is ALSO on my phone. Sorry to say, that's ZERO FACTOR if someone already has code running as root on the device.
Re: (Score:2)
Maybe I'm missing something here.
While I appreciate what Silent Circle is doing... (Score:5, Insightful)
Re: While I appreciate what Silent Circle is doing (Score:1)
Behavior analysis does not work. Since the attacker has access to the same algorithm they simply can test various methods until they get through, like how spammers use spamassassin to test their spamscore.
Secured with secret source (Score:2)
How can anyone take them seriously when they use proprietary closed source drivers...
They are just a gimmick.
What is this supposed to accomplish? (Score:2)
If you want to build good security, you need to know what threats you are trying to protect against: NSA spying? Thieves stealing your financial information? European spying? Chinese industrial espionage? Jealous wife? Corrupt prosecutor? MPAA fishing expeditions? Depending on the threat, the security solutions look rather different. Which of these use cases is the phone actually suitable for?
And there are plenty of open questions about the security this phone claims to provide. How do we know we can trust
CyanogenMod much?! (Score:2)
Nothing that the article says can't be done with CyanogenMod, except maybe some hardware stuff that seems vague. Just flash your phones with CM, people. (Sent from a z1 compact flashed the day of purchase)