back to article Is a $14,000 phone really the price of privacy?

A US$14,000 (£9,706, or A$19,352) Android phone has been launched pitching 'military-grade encryption' at privacy-conscious executives. Little information can be found on the Solarin handset's specific security chops other than it will use "chip-to-chip 256-bit AES encryption" for phone calls. That technology is built by …

  1. Mark 85

    US$14,000 (£9706 A$19,352) Android phone

    This isn't surprising since It's about status. Like having a Ferrari to drive to work in when everyone else in the C-Suite has a Porshe or Mercedes. I'm sure that a lot of clueless and status conscious will get them just because they know that anyone under couldn't afford one.

    I wonder how long it it'll take before the first one cracked?

  2. John Smith 19 Gold badge
    WTF?

    Has anyone repealed THE PATRIOT act?

    I smell large volumes of BS.

    1. Anonymous Coward
      Anonymous Coward

      Re: Has anyone repealed THE PATRIOT act?

      Oh yes - when you start tracking it all you can only arrive at one conclusion:

      It MAY be secure, but it most certainly isn't private.

      Next.

  3. Charles 9

    Why NOT Android M?

    I would think Marshmallow would be much better suited for a phone like this given it enforces dm-verity and so would be able to detect rooting (by detecting changes in /system). And even /system-less rooting is being detected by Android's SafetyNet, which is partially external and so can detect tampering to itself as well.

  4. Anonymous Coward
    Anonymous Coward

    Eh??

    It is not clear if its touted encryption technology only kicks in if both parties in a call have a Solarin with the switch flicked to on.

    It would be a bloody magical piece of kit if it managed to work when calling someone without matching hardware and software. Surely?

  5. Anonymous Coward
    WTF?

    "Mobile security does not cost $14,000. Updated Android phones sport better security than ever, as does Apple's lot."

    Apart from the constant tracking & phoning home that is.

    1. Anonymous Coward
      Anonymous Coward

      Silly idea anyway

      Just because Android's security is "better" today doesn't mean it is good. Stuff like Stagefright existed for years, odds are good there are other things as bad or worse that have yet to be discovered. Or worse, have been discovered by a few and kept close to the vest for when they really need it (like when trying to hack a CEO who has secrets he thinks are worth buying a $14,000 phone to protect)

      What's more, standard mobile encryption is simple to break, even for a random hacker with radio kit, let alone the carriers or spooks. This at least addresses that part of the problem, which even a hypothetical 100% secure Android or iPhone can do absolutely nothing about.

  6. JimmyPage
    Stop

    Shouldn't they be sold as pairs ?

    like matched pistols ?

  7. jzl

    There's one born every minute

    'nuf said.

  8. Anonymous Coward
    Anonymous Coward

    You do have to wonder at the logic. "Let's make a secure phone". "Let's start with Android, an operating system written by an advertising company".

  9. MR J

    Embedded video on UK website does not allow UK viewers to watch. (well, me at least).

    Without both ends of the calls being encrypted this this thing is just a great way to get insecure people to dump money on something that's of no use.

    If we had carriers that offered "Secure" services then that would rock.

    1. TheresaJayne
      FAIL

      Yeah a video embedded on a uk website is not permitted to be viewed in the UK,

  10. Douchus McBagg

    secure services?

    oh there was one... what was its name? erm... blueberry? blingberry? very popular with the working masses, awesome real qwerty or touchscreen keyboard for proper fast emails, encrypted data comms, even calls with the right software.

    I think they were banned in the UAE for not allowing the gov'mint the decryption keys...

    what ever happened to those guys...

    (you can pry my BB Z30 out of my cold dead hands, my iphone6s is a cheap throwaway piece of consumer rubbish, which I suspect gets beaten up by the blackberry in my pocket judging by the scuffs and scratches on one and not on the other.)

  11. disgruntled yank

    Military grade, but which military?

    The Japanese Navy, when the US was reading its signals, or the Wehrmacht when Bletchley Park was doing its magic?

    1. Kristian Walsh

      Re: Military grade, but which military?

      Not to dismiss the work of Bletchley, but to imply that Enigma wasn't strong encryption in its time is a bit specious - it was far, far stronger than what the Allies had available.

      It took a decade of continued investment by the Polish, then the British secret services, plus the invention of a new kind of signals intelligence, a new branch of mathematics and an entirely new technology for performing computations just to perform brute-force on Enigma. With better operating procedures, an Enigma system was still economically infeasible to crack until well after the war.

      In the end, the biggest aid to the Allies in cracking Enigma was good old military discipline: there were enough stations that sent short, known-plaintext messages ("Station XYZ, 1200, nothing to report") that the cryptanalysts had a greatly-reduced search-space to work with.

      Had the Germans been ordered to begin every message with two random words from the day's newspaper (i.e., salting the plaintext), things would have been much harder for the Allies.

      1. robidy

        Re: Military grade, but which military?

        I'm not sure Bletchley Park's first big win was decryption, I believe it was working out who was talking to who, can't remember the lead on this, however this was critical operational info available in real time.

        Regardless of what was sent in the message, you were able to immediately identify who the Morse code/radio operator was by his/her typing style and subsequently with other intelligence who they were likely to be working for thus building up pictures of movements.

        The subsequent cracking of some day messages was of course invaluable.

        It is why the nasty Home Secretary is after Meta Data, it can often be as valuable to see who is talking to who as the actual messages when correctly analysed.

        1. Kristian Walsh

          Re: Military grade, but which military?

          Yes, that was the revolution in signals intelligence. The mere fact that A was talking to B more often than normal, and only after talking to C was recognised as being of value to the Intelligence services. Traffic pattern analysis could reveal that "something" was going to happen in a particular place, and that was often enough information to work with - from there, operatives in the area could be put on alert to gather more concrete evidence.

          Gordon Welchman was one of the key figures in this area at Bletchley. ElReg did an article on him last year (http://www.theregister.co.uk/2015/09/27/gordan_welchman_bletchley_park_remembers/) and there was also a very good BBC Two documentary on him recently http://www.bbc.co.uk/programmes/b069gxz7

          Welchman later worked for the US military, and developed an operational communications system for them that was much more opaque to his own traffic analysis methods. The name of it escapes me, but from the limited info I've read, it seemed to operate as a message bus (or ring) of encrypted traffic, rather than point-to-point: the topology meant that by just watching the traffic, you couldn't know who was talking to whom - every station relayed every ciphertext, but only the recipient had the necessary key to read it.

  12. IPman

    Load of Hot Air

    To enable and end to end encrypted communication, the other user being communicated too must have the same capabilities. Pretty simple that some doughnuts will buy this thinking everyone they communicate with will be done in secret.

    Another point, not being open means that backdoors can be implemented into the hardware or software layer.

    1. Dadmin

      Re: Load of Hot Air

      They must have thought this through already, although the choice of an older Android does not speak well of their being up to date with security fixes for that mobile OS. If you worked in the telephone industry, you will know my friends Ing and Ed. AKA The callING party vs the callED party.

      Anyway, here's how it would work; Ing makes a call, the OS figures out at connection time directly, or via a sideband like over the Internet that Ed is either running the comparable call encryption or not. Then, if Ed is not encrypting, it switches it off and hopefully tells you that Ed is NOT encrypting the call, so you can panic, or drive on damn the encryption.

      For those of you complaining about the Ed Snow(den) video, I saw it yesterday and it's basically a mini interview with Ed and he demos how to desolder the various components to make a very old Sammy phone go "black." Those would be the two camera CCDs, and for that phone three mics, then you only make voice calls with an external headset. Bob's your uncle.

      1. Anonymous Coward
        Anonymous Coward

        Re: Load of Hot Air

        You know that does squat for the internal tower resolver or the GPS that these days is built into the SoC (meaning they can figure out where you are). As for the microphone, as soon as you connect that external mic, they can record you again. Plus if they REALLY wanted to record you all the time there would be another hidden mic that you couldn't reach without breaking something (again by being built built into some essential chip).

    2. Peter Brooks 1

      Re: Load of Hot Air

      That's the point. If you want to spy on people with money and secrets, then selling a really expensive 'encryption' phone is the perfect way to trawl them in.

      This is another fishing trawler for rich idiot's secrets:

      https://en.wikipedia.org/wiki/Blackphone

      Black phone promised to post the source code years ago - still no sign. Of course.

  13. Anonymous Coward
    Anonymous Coward

    "pitching 'military-grade encryption' at privacy-conscious executives."

    Knowing most execs will stick a 4 digit pin like 1234 if any on it...

    1. ecofeco Silver badge

      Oh you damn well know it!

  14. Wolfclaw

    Maryland-headquartered Koolspan, so US spooks have the keys already or a friendly judge away !

    1. Anonymous Coward
      Holmes

      There's a nice pic of the outfit's MD HQ on the old interwebs. It looks like they're quite a large and well funded concern:

      http://tinyurl.com/KoolspanHQ

  15. JaitcH
    Happy

    Silent Circle is good for me.

    Phil Zimmermann, co-founder Silent Circle & inventor of PGP has a healthy reputation for secure communications. Except with the NSA and GCHQ who are still banging away on PGP.

    And the Silent Circle handset is way cheaper than the Solarin handset.

  16. ecofeco Silver badge

    Too expensive? For now.

    It's too expensive only until the Chinese make the first knock offs. So, next year, then? Or maybe it already exists and being sold at the local Beijing street market/discount electronics store and we don't know about it yet.

  17. Youngone

    Step right up!

    "co-founder and president Moshe Hogeg, a serial start up creator, and chief executive officer Tal Cohen, a former Forbes journalist and advertising industry man."

    Really? Would you buy a phone from these two?

    They don't appear to have many successes between them either, based on TFA.

  18. AlexS
    Coffee/keyboard

    Finally a phone for Donald.

  19. Christian Berger

    Of course its utter bullshit

    If they actually wanted to build a secure device they would not use a complex operating system like Android (or iOS or Blackberry OS, or Windows phone...) They would instead have a minimal operating system acting as a "smart terminal" with as simple as possible protocols. For a budget for $14k they would also include alternative radio technologies to ease the problem of being tracked. Certainly they would also shield the GSM parts from the rest of the system.

    So yes, it would be feasible to build a much more secure device for that kind of money, but there is no indication of added security on that device. In fact it even runs _more_ software than your usual device and has added black box "security chips", which usually mean that they want to leak the key. ("security chips" are useless if you can just get that chip to sign, en- or decrypt any message by changing the code around it during runtime)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like