back to article PGP wiz Phil Zimmermann and pals tout anti-snoop mobe – the Blackphone

A smartphone that tries to thwart eavesdroppers will be launched this summer by Spanish smartphone maker Geeksphone and Silent Circle – the secure chat firm started by the inventors of PGP encryption. Dubbed Blackphone, and featured in the video above, the handset runs a hardened version of Android called PrivatOS that has …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Not sure if I trust this....

    ...but if it is true, it has my support.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not sure if I trust this....

      Carrying one ensures that you're going to get a thorough internal search at the airport.

    2. Fred Flintstone Gold badge

      Re: Not sure if I trust this....

      Do something simple: look up the MX record (mail exchange) so you know which server handles their email, then run a geo location on it.

      ; <<>> DiG 9.8.3-P1 <<>> blackphone.ch mx

      ;; ANSWER SECTION:

      blackphone.ch. 600 IN MX 10 mail.blackphone.ch.

      As with Silent Circle, you'll end up in the US. Game over. If a company cannot be bothered to take care of its client's privacy in EVERY detail, I'm not interested, and I predicted the manner of closing of Silent Circle before they even went live: US law.

      It may be good technology they're developing, but as long as there is even a whiff of US involvement around this it's worth avoiding. All you'll do is mark yourself as a target.

    3. Anonymous Coward
      Anonymous Coward

      Re: Not sure if I trust this....

      It's still a flavour of Android though - a very insecure foundation to build a 'secure' phone on...

      1. Anonymous Coward
        Anonymous Coward

        Re: Not sure if I trust this....

        It's still a flavour of Android though - a very insecure foundation to build a 'secure' phone on...

        Opinions vary on that topic.

        Against:

        - it's designed by an entity whose entire focus is on data acquisition, and who appears not too bothered about bending or ignoring a couple of rules along the way

        - it has fairly primitive app access controls

        For:

        - it's relatively open, although I haven't been following Android closely enough to know if really ALL source code has been published (happy to hear updates)

        - its openness allows security researchers to load apps that can go quite a bit further in mining possible risks

        From a security perspective that seeks proof I think a Linux (rather than Android) phone might be the way to go, but there are precious few of those. That is, unless Blackberry has an aha moment and opens up - QNX is quite an impressive platform, but to allow Android apps on a platform that was formerly sold on its security credentials feels like inviting thieves to the jewellery store. Such apps can form a bridgehead to start chipping away at the security of the QNX side of things.

        Anyway, there's now enough dust flying to make a secure phone a viable business concept and there are plenty of wannabees who haven't quite worked out what dangerous waters they're about to wade into...

  2. fidodogbreath
    Big Brother

    Right. NSA-proof, as long as you don't use it as a phone

    They still harvest metadata about all your calls -- including tower / GPS info -- from the service providers. If they know everyone you call, when you call them, call duration, your location at the time of the call, etc., then protecting the content of the calls is of limited value.

    1. Anonymous Coward
      Anonymous Coward

      Re: Right. NSA-proof, as long as you don't use it as a phone

      > then protecting the content of the calls is of limited value.

      I am guessing that the market for this product are businesses vulnerable to industrial espionage. I can see at least one of my clients providing one of these to every employee and ensuring that company-internal calls can only be made through them.

      1. Turtle

        Re: Right. NSA-proof, as long as you don't use it as a phone

        "I am guessing that the market for this product are businesses vulnerable to industrial espionage. I can see at least one of my clients providing one of these to every employee and ensuring that company-internal calls can only be made through them."

        I'm guessing that Los Zetas would like them too. Using these phones in conjunction with their private cellphone networks will really give them the privacy they need.

      2. Bloakey1

        Re: Right. NSA-proof, as long as you don't use it as a phone

        "I am guessing that the market for this product are businesses vulnerable to industrial espionage. I can see at least one of my clients providing one of these to every employee and ensuring that company-internal calls can only be made through them."

        Currently the PGP Blackberries are very nice. The only huge issue is user education i.e. do not make non encrypted calls on it to say good night to the babies. Do not carry it with your normal mobe as once they track the other they know you have the black one. Turn it off an hour before travelling to the airport with battery out. Turn it on an hour after landing and clear of airport. get someone else to create PGP key as plausible deniability is a wonderful thing. Be aware that once you go through security at English airports (and other international ones) UK law does not necessarily apply. Change it every 6 months and destroy phone and Sim. Make sure you have a six month package covering all calls and data and pay for it in cash [1.]

        Not only businesses but journalists, lawyers, traders, mercenaries cough, err i mean security contractors, whistle blowers, tax dodgers, hookers and old uncle Tom Cobbley and all could benefit from these devices.

        1. Grrr, what is wrong with cash? why do people need to pay for very cheap items with a credit card?

      3. I. Aproveofitspendingonspecificprojects

        The first customers will be governments

        I'm guessing that the first customers will be governments. I would insist that the first and second editions are sold in large batches at very high prices until those with the money have a surfeit.

        After that they can bring the prices down so the people they sold the expensive ones to can't hear the people they sold the cheaper ones to. That way the bad guys will pay for the R&D.

    2. Martin Eddington

      Re: Right. NSA-proof, as long as you don't use it as a phone

      That's why it doesn't work like that.

      Voice -> app -> encryption -> phone -> mast-> internet -> "Silent Network"

      "Silent Network" then sends data to the receiving phone's App over IP; you don't just call each other up...

      So the metadata will only really show that you send packets to Silent Network ...

      Obviously that's as long as Silent Networks calling system is as safe as they say it is...

  3. Anonymous Coward
    Anonymous Coward

    pointless

    This is a pointless exercise. It bears repeating that what the agencies want most of all is the metadata - whom is talking to whom. Once they determine that you are connected to a 'person of interest' they can, if so desired, bring nation-state resources to bear in finding out what you talk about. In that match up my money isn't on you.

    1. Anonymous Coward
      Anonymous Coward

      Re: pointless

      > This is a pointless exercise.

      Have you sent your visit card to them yet? I am sure that a team of experienced engineers and business managers like these bunch will find no end of use to your insightful advice.

    2. Turtle

      Re: pointless

      "This is a pointless exercise."

      That would seem to depend in what you want to achieve. If you want to conceal the metadata, then yes but if you want to conceal the actual conversation, then it would appear to be fit for purpose.

      1. Anonymous Coward
        Anonymous Coward

        Re: pointless

        "If you want to conceal the metadata, then yes but if you want to conceal the actual conversation, then it would appear to be fit for purpose."

        I agree, although there is a flaw in that proof is not needed if you're dragged in front of one of the secret "courts" that our governments now run. In that case, the metadata will probably be enough (and, to be fair, they'll probably lock you up even without that much evidence, as so many people in Guantanamo have discovered). The fact that we're being governed by secret organizations is at least as big a problem as anything the terrorists are doing not least because these secret organizations are largely responsible for recruiting and motivating more terrorists. Without Blair and Campbell's minuteless meetings of "Intelligence Heads" there would have been no 7/7 bombings in London.

        1. amanfromMars 1 Silver badge

          Just desserts, an unnecessary evil or great force for good?

          I agree, although there is a flaw in that proof is not needed if you're dragged in front of one of the secret "courts" that our governments now run. In that case, the metadata will probably be enough (and, to be fair, they'll probably lock you up even without that much evidence, as so many people in Guantanamo have discovered). The fact that we're being governed by secret organizations is at least as big a problem as anything the terrorists are doing not least because these secret organizations are largely responsible for recruiting and motivating more terrorists. Without Blair and Campbell's minuteless meetings of "Intelligence Heads" there would have been no 7/7 bombings in London. .... Robert Long 1 Posted Thursday 16th January 2014 08:55 GMT

          What do you think terrorists will do whenever they learn that the likes of a Blair and a Campbell are directly responsible for their plight, Robert Long 1? And should they do whatever they would propose to do?

          And here be something today, about something from ages ago, which agrees wholeheartedly with your post ...... http://www.zerohedge.com/news/2014-01-15/guest-post-america-plunging-kafkas-nightmare

          It be an inescapable fact, that whenever that which be perceived and/or named by the system to be an enemy of states and/or the status quo, knows the system, does the system leadership have zero chance of surviving in anything like its present phorms with current players.

          1. dogged

            Re: Just desserts, an unnecessary evil or great force for good?

            I understood that.

            Are you ill?

            1. amanfromMars 1 Silver badge

              Re: Just desserts, an unnecessary evil or great force for good? ... @dogged

              Re: Just desserts, an unnecessary evil or great force for good?

              I understood that.

              Are you ill? .... dogged Posted Thursday 16th January 2014 12:54 GMT

              Doing just fine, dogged. Thanks for asking.

              I like to think that one is getting smarter whenever one starts to understand things that before may have been incomprehensible to one. :-)

              And as more and more information is dumped around the world in an instant, for anyone with any number of increasingly simply complex devices to pick up, is intelligence bound to dramatically improve and spread, and cause any system which has stupid dirty little secrets to hide to self-implode and collapse.

              Such is only natural.

  4. Zacherynuk

    A secure phone OS.

    A secure voip application.

    A secure interconnect.

    All seems to good to be true. All from from ONE provider. Suddenly seems less secure.

    Secure comms is a very difficult field indeed. Csipsimple over a VPN to a private PBX is near perfect but sluggish. Cellcrypt is expensive and frankly.. private. Redphone is very good, but Twitter involvement and no open source server is worrying (No disrespect meant to moxi who is frankly pretty awsome) - though with willpower the redphone can be made to work with your own UDP infrastructure.

    Until general android security is made more robust, then all is moot. What follows should be interesting; the powers that be may well have to pay an awful lot of companies an awful lot of money for Sssshh money.

  5. JeevesMkII

    I wouldn't hold your breath...

    Geeksphone can't even ship their own damn phones. My guess is this'll launch some time around the 20th of never.

  6. This post has been deleted by its author

    1. amanfromMars 1 Silver badge

      Softly softly, catchee everything ..... is a sharp double edged sword.*

      This is what BlackBerry needs to be doing right now. .... JBarry Posted Thursday 16th January 2014 01:00 GMT

      What makes you not think that they have already done it, JBarry?

      It is not as if it would be anything anyone clever would be telling the world and his dogs of war about, is it?

      * To spin the yarn and try to create the impression and perception that one is collecting base source and analysing all metadata and reprogramming everything in light of what one is supposed to have discovered, delivers one's intelligence services capabilities, or lack of intelligent service capability, to all and sundry in the universe by means of what the browser displays as new news to consider [such as the likes of the tales shared here on El Reg] for each and every new day with its attendant breaking zeroday vulnerabilities to exploit. It is the gift which just cannot stop itself and just keeps on giving.

    2. Bloakey1

      "This is what BlackBerry needs to be doing right now"

      There is an implementation out there and the spooks, soldiers etc. are using it.

      Servers are non US, encrypted messages delete after a few hours and PGP running sweet as.

      All down to the user as to how secure it is NSA allowing.

  7. John Savard

    Potential Legal Problems

    A cellular phone is a radio transmitter. In the United States and Canada, without very special permission, it is illegal to transmit encrypted signals over the radio. That hasn't been enforced in the case of people visiting secure web sites from their smartphones, but I think they'd find that law again when people started trying to put SIM cards in smartphones with an encrypted voice capability.

    1. eldakka

      Re: Potential Legal Problems

      The GSM standard includes encryption, see the A5/1, A5/2, A5/3 ciphers. Therefore that would make all telco's that support the GSM standard criminals?

      1. Anonymous Coward
        Anonymous Coward

        Re: Potential Legal Problems

        The problem with this light encryption is legalintercept (included with all telco equipment, disabled by default unless they pay the license fee). Encryption does exist but is not end to end. It is end to telco, then unencrypted telco to telco, and finally encrypted telco to end.

        A5/1 is broken, any individual with 2 terabyte 'berlin rainbow tables' can listen in if they are smart enough for about 500 quids worth of computer and phone handset hardware.

    2. Bronek Kozicki

      Re: Potential Legal Problems

      Well that might explain why the development of this phone happens in Europe. Perhaps US is not a good market for security concious after all (unless you define "secure" by "owning a gun"). I think the rest of the world will be happy to throw a spanner into spying activities of US agencies, and if privacy is denied to US residents, that is something they should sort out themselves.

      1. TheVogon

        Re: Potential Legal Problems

        "unless you define "secure" by "owning a gun"

        Owning a gun doesnt make you secure. Quite the opposite in fact:

        http://aje.oxfordjournals.org/content/160/10/929.full

    3. JaitcH
      WTF?

      Re: Potential Legal Problems

      @ John Savard:

      May be you are correct about US regulations BUT CANADA doesn't block encrypted communications, based on hardware or software, I know companies that use encryption. Encrypted non-government mobile communications has been used for years.

      Additionally, the Blackberry/RIM was encrypted and no one complained about them, either.

      Even authoritarian governments, such as VietNam, permit software encryption on any communications in the country. Not that it's easy to tell the difference over the air.

      Too many people think Canada is the 51st State and slavishly follows the USA. We don't. We even have government-run drug shoot-em up store fronts in Vancouver, that went ahead even though the US tried to stop them.

    4. tom dial Silver badge

      Re: Potential Legal Problems

      Could someone please provide a cite fior this?

      I always thought WiFi, with WEP or WPA was radio transmission.

  8. Anonymous Coward
    Anonymous Coward

    If I was the NSA

    I would nobble the chips to radiate more EM (Spread Spectrum Clocking to pass FCC regulations I'm sure helps with this). Then with 24/32bit interleaved high speed ADC's I would just read the data of the chips RF as they process it.

    The metadata they collect already is enough to see who they "should" be spying on, then if they really need to see the data they can spend big money and track with humans and mobile antennas arrays. It does not matter how high you build your fence if a government wants to spy on you, as an individual, they will. There is little you can do to block them.

  9. Anonymous Coward
    Anonymous Coward

    "custom encryption algorithm designed by PGP guru Zimmermann"

    Ha. Anyone remember BassOmatic? No thanks.

    Give me well-known and well-evaluated encryption algorithms which are (a) subject to scrutiny, and (b) can be implemented on multiple platforms.

  10. 02X7Cm

    Trust? LoL

    Let's see, Android -> Google -> American = check. Phil Zimmerman -> Silent Circle -> American = check.

    So you're telling me they don't have to comply with what their own government wants in a secret court / backdoor dealing. I respect Phil for creating PGP, I'm pretty confident in him, but he is still an American citizen.

    I might consider giving a phone some trust if it was made by a Swiss in Switzerland based off FreeBSD/Debian.

    1. Gordon 10
      FAIL

      Re: Trust? LoL

      You moron. If anyone has reason to distrust the American government its Phil Zimmerman. He was persecuted for years over the export of PGP remember?

      That would also be the reason why all their corporate affairs are done in a Swiss company.

    2. JaitcH
      FAIL

      Re: Trust? LoL

      @ 02X7Cm:

      Phil Zimmerman has the creds for fighting the US government his whole career. Just because Clapper lies his face off doesn't imply all Americans do.

      I remember the weekend, long ago, when PGP was released via BBS. Not the greatest User Interface then but it shook the USA government up.

      The export of encryption was illegal under Munitions law, without a licence, and by using BBS Zimmerman defeated/circumvented the laws as he didn't export it - users/downloaders did. The code was even featured on T-shirts and the prohibition didn't apply to T-shirts.

      I presently work on equipment barred under British, Canadian and US law, of which countries I am a passport-holding citizen, but since it is very lawful where I live, I am in compliance. Exactly what Silent Circle is doing.

  11. Mephistro

    @ 02x7Cm

    "So you're telling me they don't have to comply with what their own government wants in a secret court / backdoor dealing"

    If it's a Swiss company and Zimmerman and pals 'airgap' themselves from the production binaries - e.g. by not contributing code for the project, or by only contributing with source code that has to be thoroughly reviewed by non-american staff before being accepted- then the NSA can do fuck all about it. It's a slow and cumbersome way of doing business, but that's nothing new in the encryption/paranoia domain.

    Of course, you can't totally discard the yanks bribing or blackmailing some of the Swiss employees. Or even performing ye good olde rubber hose decryption method on said employees. :-(

    1. JaitcH
      Black Helicopters

      Re: @ 02x7Cm

      Phil doesn't only 'air gap' his activities, his software has always been open source to ward of accusations such as those levelled by @ 02x7Cm. What can be better trusted that open published code?

  12. Piloti
    Pint

    Two devices......

    I may have missed something, but, for this level of encryption to work, I am assuming the communication has to be between to "Black 'phones" ? And if that is the case, then the main target market /will/ be commercial / business et al.

    Consumers simply won't buy it because they don't know anybody else with one.

    Like me and BlackBerry Playbook: brilliant 7 inch tablet, but the video link is pointless because I don't know anybody else with a Playbook. Even my wife has a Googlly Androidy thing......

  13. JaitcH

    Boeing announced that it was getting into the game in 2012, ...

    Who, in their right mind, would buy ANY secure cell handset from BOEING, given they are the owner of the Naurus hacker machine, and that the company depends so much on US Government handouts?

  14. Turtle

    So, about Alan Turing...

    Reading some of the comments here, I am wondering if they think that Alan Turing's status as boffin-hero needs to be changed to "villain" for his government work on cryptography and especially code-breaking.

    1. Bloakey1

      Re: So, about Alan Turing...

      Alan was a God and much maligned.

      Yes he was gay but as a great alcoholic Irish writer once said, "every cripple has his own way of walking". In an Irish context that means all of us.

      Don't shoot the messenger, even if they are wearing those shirts with PGP source code on them. A long time ago they were the fashion item 'de rigeur' for crossing into Mexico.

      I remember the days when pattern analysis, frequency analysis, linguistic frequency and iteration was relevant.

      Now I is p0wned by the man with the black helicopter and I is sad.

      I do have a cunning plan though, I am thinking of raising an armed militia or perhaps a religious sect that ensures all women above 45 and with red hair surrender themselves to the master.

      p.s.

      Don't tell my wife or I will not be allowed out for the next few months.

  15. Retired Spy
    Paris Hilton

    You Cannot Trust Android

    We've learned the hard way that you can't trust any OS, the interface is 2 large, same for anything downloaded via BT? GCHQ? Telco? So does anyone know how they intend to deal with this? We've seen attacks that use the accelerometer to decode text entry. So you can't trust your OS CPU, you need to peel 10% of your big chips to ensure they don't carry hidden riders, you have to isolate all your interface I/O (screen, mic, speaker, acceleromter and probably GPS and related A/Ds) and you want a power switch you can trust to actually turn the thing off. Maybe you have hard black/red partitions? Right down to separate EMI boxes? Maybe even run a fibre between black and red partitions?

  16. Anonymous Coward
    Anonymous Coward

    Great Idea But ...

    Will only be of benefit if the price isn't too high and out of reach of normal people and not just spooks and the elite !

This topic is closed for new posts.

Other stories you might like