Despite being full of techies and people doing interesting things with portable devices, you don’t want to have an active radio on you within a quarter-mile of DEFCON. The apps on your phone leak personal data onto the Internet all the time, and the folks at DEFCON’s Wall Of Sheep were very successful in getting a few thousand usernames and passwords for email accounts.
Blackphone is designed to be the solution to this problem, so when we ran into a few members of the Blackphone crew at DEFCON, we were pretty interested to take a quick peek at their device.
The core functionality for the Blackphone comes from its operating system called PrivatOS. It’s a fork of Android 4.4.2 that is supposed to seal up the backdoors found in other mobile phones. There’s also a bundle of apps from Silent Circle that give the Blackphone the ability to make encrypted phone calls, texts (with file sharing), and encrypted and password protected contact lists.
The hardware for the Blackphone is pretty impressive; a quad-core Nvidia Tegra provides all the power you need for your apps, video, and playing 2048, a 2000mAh battery should provide enough juice to get you through a day or two (especially since you can turn off cores), and the usual front/rear cameras, GPS, 802.11bgn and GSM and HSPA+/WCDA radios means this phone will be useable on most networks.
I’m highly skeptical about this device security level. Android is Linux, plus a growing layer of closed source drivers and apps that can do anything they’re instructed to do, including of course reading all your data. Don’t even think that rooting an Android device and removing all Google apps will give you any security: if a driver can read what you type/say/store/photograph (yes they can) you’re screwed.
Let’s go to the point. If I wanted to spy on people, I would put eavesdropping and phoning home routines in the last place anyone could look for them: closed source device drivers! They run at highest privilege and can’t be replaced, uninstalled, examined or controlled in any way by the user.
As for Google practices, they’re becoming more clear every day; here’s a good read: http://bit.ly/IIXc5t
By the way, Apple and Windows competing products raise the same concerns and thus offer the same level of security: zero.
From the factory this doesn’t have google services installed, so you don’t have to worry about that. Silent Circle has been working with secure phone tech for a while now as well, so I’m pretty sure they’re not going to screw the pooch and sniff your data. They’d lose their customer base pretty damn quick.
I’m not refering to Silent Circle, unless they wrote the device driver layer for this phone which I highly doubt. I’m talking about Google mainly and its hardware partners.
A device driver has full access to the hardware and nobody but whom has its sources (Google) can control it. This means it reads your text, copies your photos, reads your storage memory and listens to your communications before they are being encrypted no strong algorithm or long password would help.
Also, every sniffer/debugger that comes as an app runs at a lower privilege and will likely never see its traffic, so no way to block it, not even be aware of its existence.
The above can be applied to every operating system out there, including those on home PCs, notebooks, tablets etc. You choose strong passwords and encrypt all your disks, then a small binary blob required to make a card work intercepts all your passwords while you type them, reads all your storage and does whatever it’s progammed to. We’re talking about a device driver: full access to the hardware, full privileges and zero control by the user; if there’s a place to hide spyware code, there it is.
Being 100% secure requires a 100% trustworthy platform, that unfortunately is not possible if a closed source driver can contain code that does the above. So we need to push to obtain open hardware and open drivers.
Today this is 100% impossible, most hardware is closed, but spreading the awareness of the importance of being open at hardware level can help to change things tomorrow either by pushing manufacturers into opening their hardware or by building a critical mass of developers and backers for commercial availability of open hardware solutions in that field.
Until that day, I’m sorry but no phone is secure.
In that case, nothing is secure.
Ding, Ding, Ding, Ding, Ding… we have a winner!
Never happen. The FCC require tx power be limited. So no source code for the baseband processors will ever be open source. The US government insists upon having closed source in RF communication devices. But I do fully agree with you.
Google’s practices are becoming more clear…. you either give an app. all permissions or no permissions…
It seems ludicrus you can’t dictate what apps have what access to what functions of your device, even if denying access to certain functions break the app at the end of the day it’s your decision to allow/deny, especially on the Android platform where you can download a torch app that wants access to:
Device & app history
Photos/Media/Files
Camera/Microphone
Wi-Fi connection information
Device ID & call information
When its sole function is to turn on/off the camera’s fricken LED!
I’d like to think the programmer was simply lazy and left some default settings alone when they compiled the app but you never know. It proves more and more people are willing to give up control of something that’s often very personal for a silly free app.
BTW the torch app I was referring to wasn’t some small unknown program, it’s had over 100 million downloads.
Just ponder on that for a moment.
On Android use ‘App Ops’ to disable access (3 levels: Yes, No & Ask). But yeah, it shouldn’t be necessary, and the Google Store changes to ‘simplify’ things haven’t helped.
In the case of the flashlight it’ll still have access to the camera & microphone as the LED is the camera flash…
Probably just another Trojan Horse bait-and-switch scheme, or rather a bait-and-do-lots-of-other-things-you-didn’t-know-about scheme to mine that ever-valuable personal data, just like Angry Birds did (or does).
I believe everything should be open source to maximize security through open peer reviews of architectures and implementations; except for security backdoors that only governments can use legally and benevolently. I’m not a drug dealer or mafia king-pin so the government is 100% trustworthy. Bring back the Clipper chip! This phone needs one to be totally hack proof!
I don’t need a fair trial: I’m not a criminal!
I don’t need free speech: I’m not a radical!
I don’t need a free press: there’s no corruption!
Absolutely disgusting.
Yea, that worked out really well for ssl….
What’s desperately needed is a way to convey tone in text because our innate sarcasm detectors obviously manifest along a wide spectrum of sensitivities. Or at least that’s my guess as to why so much of it slips by undetected in online discussion threads.
According to this article, this phone already got owned.
http://www.ibtimes.co.uk/most-secure-android-phone-hacked-defcon-hacking-conference-1460821
With an old version of the software that was patched pre-defcon a day after the exploit was found
Damnit, if you could have just made the “says” green too! :)
One word: laughable
Will it work on Sprint’s 4GLTE? My Galaxy Tab 3 on Sprint uses a removable SIM card, haven’t tried a prepaid SIM or one from AT&T or other carrier.
“Secure cellphone” driven by Android OS, no voice-call encryption by default, US-roots email company provider, no physical access to on/off h-ware peripherals like cam, mic, gps, wifi, BT, and other spy-friendly stuff?
Is that some kinda joke?
Does that dude work for 3-letters or what?
Had an open radio at defcon 3 years ago had no problems at all. Granted it was on 145.05 mhz (national Packet frequency) and most of those “hackers” cant hack non pc stuff. Nobody cracked my TNC and I only had 3 checkins in it’s mailbox. It seems that most hackers are not ham radio operators anymore.
Ham radio is for old people.
This needs to change. (in the US) Tech exam is 35 questions. No morse code. Seriously.
Completely agree. Most of the people that read this site should have no trouble with the quiz. If you can read a (basic) schematic there are only a couple things to memorize and the rest is fairly general safety (should you, or should you not stand in front of a high power microwave generator with no protection?).
It’s not about passing the test, it’s more no-one under 50 cares about ham radio.
Radio is good for tracking your balloon launches, but eh, just slap an Arduino + GPS + phone module in it, it’ll work.
We need a standard long-range comms protocol, Bluetooth eXtreme or something.
This phone is immune to memory corruption exploits which will bypass any file system and UAC or MAC policies? Impressive..
I read that conference hackers can find bugs and code exploits without any RE or test enviroments, so this phone must be the real deal..
I would of used the tecra isolation and encryption security features with page table hashing and put almost everything in sandboxes..
“successful in getting a few thousand usernames and passwords for email accounts.”
So a lot of people were using cleartext connections to their email providers?
The baseband is always a binary blob so all the effort is for nothing.
If I’m a botnet operator or gov. I’m going to look for protocol stack or API handler process vulnerabilities, specifically buffer overflows. Who cares about a lot of file system and process policies that only guard page table and disk acceess; even when using chip security features.
Also, nobody wants to write a lib for a specific baseband or use primitive AT style generic calls. All that is in there are tokens for carrier locking and the ability to make users suspicious when you block Android with background initialization..
Write-back hashing actually keeps real-time states validated, so none of these things would work, but I seriously doubt they were smart enough to implement that. I’d bet money they actually contracted out the work and this is all for marketing profitability..
Happy Blackphone owner here.
So good to have no trace of google on it.
It’s nag-free, and beautiful. Have not looked into the silent circle apps.
I have only ONE BIG complaint: the wi-fi range is terrible compared to all other phones I’ve had; even an ancient HTC with Windows Mobile 6 had better wi-fi.
But all the good outweighs this one problem (so far).
no wofi coverage —> no “getting hacked via wifi” :P its all for good purpose…
…sorry, could not resist…
Blackphone is the WORST mobile phone in the world. It is rooted now, and also all silent circle applications are BACKDOOR to their servers, so all your calls and encrypted calls are tampered easily by them. ZERO security phone, only for kids or people that do not understand ANYTHING about security. Just for kids jaja
So, there is no proper secure alternative to install on my phone? I use cyanogen now but doubt it is better.