DEFCON: Blackphone

Despite being full of techies and people doing interesting things with portable devices, you don’t want to have an active radio on you within a quarter-mile of DEFCON. The apps on your phone leak personal data onto the Internet all the time, and the folks at DEFCON’s Wall Of Sheep were very successful in getting a few thousand usernames and passwords for email accounts.

Blackphone is designed to be the solution to this problem, so when we ran into a few members of the Blackphone crew at DEFCON, we were pretty interested to take a quick peek at their device.

The core functionality for the Blackphone comes from its operating system called PrivatOS. It’s a fork of Android 4.4.2 that is supposed to seal up the backdoors found in other mobile phones. There’s also a bundle of apps from Silent Circle that give the Blackphone the ability to make encrypted phone calls, texts (with file sharing), and encrypted and password protected contact lists.

The hardware for the Blackphone is pretty impressive; a quad-core Nvidia Tegra provides all the power you need for your apps, video, and playing 2048, a 2000mAh battery should provide enough juice to get you through a day or two (especially since you can turn off cores), and the usual front/rear cameras, GPS, 802.11bgn and GSM and HSPA+/WCDA radios means this phone will be useable on most networks.

35 thoughts on “DEFCON: Blackphone

  1. I’m highly skeptical about this device security level. Android is Linux, plus a growing layer of closed source drivers and apps that can do anything they’re instructed to do, including of course reading all your data. Don’t even think that rooting an Android device and removing all Google apps will give you any security: if a driver can read what you type/say/store/photograph (yes they can) you’re screwed.
    Let’s go to the point. If I wanted to spy on people, I would put eavesdropping and phoning home routines in the last place anyone could look for them: closed source device drivers! They run at highest privilege and can’t be replaced, uninstalled, examined or controlled in any way by the user.

    As for Google practices, they’re becoming more clear every day; here’s a good read:

    1. From the factory this doesn’t have google services installed, so you don’t have to worry about that. Silent Circle has been working with secure phone tech for a while now as well, so I’m pretty sure they’re not going to screw the pooch and sniff your data. They’d lose their customer base pretty damn quick.

      1. I’m not refering to Silent Circle, unless they wrote the device driver layer for this phone which I highly doubt. I’m talking about Google mainly and its hardware partners.

        A device driver has full access to the hardware and nobody but whom has its sources (Google) can control it. This means it reads your text, copies your photos, reads your storage memory and listens to your communications before they are being encrypted no strong algorithm or long password would help.
        Also, every sniffer/debugger that comes as an app runs at a lower privilege and will likely never see its traffic, so no way to block it, not even be aware of its existence.

        The above can be applied to every operating system out there, including those on home PCs, notebooks, tablets etc. You choose strong passwords and encrypt all your disks, then a small binary blob required to make a card work intercepts all your passwords while you type them, reads all your storage and does whatever it’s progammed to. We’re talking about a device driver: full access to the hardware, full privileges and zero control by the user; if there’s a place to hide spyware code, there it is.
        Being 100% secure requires a 100% trustworthy platform, that unfortunately is not possible if a closed source driver can contain code that does the above. So we need to push to obtain open hardware and open drivers.
        Today this is 100% impossible, most hardware is closed, but spreading the awareness of the importance of being open at hardware level can help to change things tomorrow either by pushing manufacturers into opening their hardware or by building a critical mass of developers and backers for commercial availability of open hardware solutions in that field.

        Until that day, I’m sorry but no phone is secure.

        1. Never happen. The FCC require tx power be limited. So no source code for the baseband processors will ever be open source. The US government insists upon having closed source in RF communication devices. But I do fully agree with you.

      1. It seems ludicrus you can’t dictate what apps have what access to what functions of your device, even if denying access to certain functions break the app at the end of the day it’s your decision to allow/deny, especially on the Android platform where you can download a torch app that wants access to:

        Device & app history
        Wi-Fi connection information
        Device ID & call information

        When its sole function is to turn on/off the camera’s fricken LED!

        I’d like to think the programmer was simply lazy and left some default settings alone when they compiled the app but you never know. It proves more and more people are willing to give up control of something that’s often very personal for a silly free app.

          1. On Android use ‘App Ops’ to disable access (3 levels: Yes, No & Ask). But yeah, it shouldn’t be necessary, and the Google Store changes to ‘simplify’ things haven’t helped.

            In the case of the flashlight it’ll still have access to the camera & microphone as the LED is the camera flash…

          2. Probably just another Trojan Horse bait-and-switch scheme, or rather a bait-and-do-lots-of-other-things-you-didn’t-know-about scheme to mine that ever-valuable personal data, just like Angry Birds did (or does).

  2. I believe everything should be open source to maximize security through open peer reviews of architectures and implementations; except for security backdoors that only governments can use legally and benevolently. I’m not a drug dealer or mafia king-pin so the government is 100% trustworthy. Bring back the Clipper chip! This phone needs one to be totally hack proof!

    1. I don’t need a fair trial: I’m not a criminal!
      I don’t need free speech: I’m not a radical!
      I don’t need a free press: there’s no corruption!

      Absolutely disgusting.

    2. What’s desperately needed is a way to convey tone in text because our innate sarcasm detectors obviously manifest along a wide spectrum of sensitivities. Or at least that’s my guess as to why so much of it slips by undetected in online discussion threads.

  3. “Secure cellphone” driven by Android OS, no voice-call encryption by default, US-roots email company provider, no physical access to on/off h-ware peripherals like cam, mic, gps, wifi, BT, and other spy-friendly stuff?
    Is that some kinda joke?
    Does that dude work for 3-letters or what?

  4. Had an open radio at defcon 3 years ago had no problems at all. Granted it was on 145.05 mhz (national Packet frequency) and most of those “hackers” cant hack non pc stuff. Nobody cracked my TNC and I only had 3 checkins in it’s mailbox. It seems that most hackers are not ham radio operators anymore.

        1. Completely agree. Most of the people that read this site should have no trouble with the quiz. If you can read a (basic) schematic there are only a couple things to memorize and the rest is fairly general safety (should you, or should you not stand in front of a high power microwave generator with no protection?).

        2. It’s not about passing the test, it’s more no-one under 50 cares about ham radio.

          Radio is good for tracking your balloon launches, but eh, just slap an Arduino + GPS + phone module in it, it’ll work.

          We need a standard long-range comms protocol, Bluetooth eXtreme or something.

  5. This phone is immune to memory corruption exploits which will bypass any file system and UAC or MAC policies? Impressive..

    I read that conference hackers can find bugs and code exploits without any RE or test enviroments, so this phone must be the real deal..

    I would of used the tecra isolation and encryption security features with page table hashing and put almost everything in sandboxes..

    1. If I’m a botnet operator or gov. I’m going to look for protocol stack or API handler process vulnerabilities, specifically buffer overflows. Who cares about a lot of file system and process policies that only guard page table and disk acceess; even when using chip security features.

      Also, nobody wants to write a lib for a specific baseband or use primitive AT style generic calls. All that is in there are tokens for carrier locking and the ability to make users suspicious when you block Android with background initialization..

      Write-back hashing actually keeps real-time states validated, so none of these things would work, but I seriously doubt they were smart enough to implement that. I’d bet money they actually contracted out the work and this is all for marketing profitability..

  6. Happy Blackphone owner here.
    So good to have no trace of google on it.
    It’s nag-free, and beautiful. Have not looked into the silent circle apps.
    I have only ONE BIG complaint: the wi-fi range is terrible compared to all other phones I’ve had; even an ancient HTC with Windows Mobile 6 had better wi-fi.
    But all the good outweighs this one problem (so far).

  7. Blackphone is the WORST mobile phone in the world. It is rooted now, and also all silent circle applications are BACKDOOR to their servers, so all your calls and encrypted calls are tampered easily by them. ZERO security phone, only for kids or people that do not understand ANYTHING about security. Just for kids jaja

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.