‘Blackphone’ promises to shut out prying eyes

A new Android's fork developed by Zimmermann's Silent Circle.

http://www.irishtimes.com/business/...ne-promises-to-shut-out-prying-eyes-1.1655992

 

‘Blackphone’ might be the first NSA-proof smartphone.

-- Tom

 

Baseband weaknesses? A warning when the phone drops down to 2G would be nice.

 

Gonna get myself one of those just to support the company ~ Snipped as per TOS ~.

 

‘Blackphone’ will be the world’s first NSA-proof smartphone:

http://dailycaller.com/2014/01/15/blackphone-the-worlds-first-nsa-spy-proof-smartphone-video/

 

Please excuse my lenguage.

 

If I understand correctly, most smartphones have 2 operating systems. Only one of these is accessible to the user. I wonder if they've replaced or altered the underlying OS or if this is another secure OS running on an insecure OS?

 

This Company Wants to Be the Apple of Super Secure Smartphones.

Note: The above URL link contains a short vimeo video (3:36). While the company claims to be DC-based, the website on the video at the end is clearly based in Switzerland, due to its ccTLD (country code top-level domain), .ch., i.e. www.blackphone.ch

-- Tom

 

That's the Baseband. It has it's own OS. It is the cell radio firmware/driver. I doubt they can do anything with it, as changes would probably have to come from Qualcom, etc... Not sure what real world exploits could be attempted against it, just that researchers say it uses 90's era code...with all it's problems.

At least on Android, you can wipe it out and restore it, if you want to be extra safe... no phone calls though when it's wiped

 

How much influence or ability does the baseband have to subvert or monitor the user OS? Does the baseband handle GPS functions? I question how secure any device can be made when the user has no control over one of the operating systems.

 

But isn't android open source?

 

Is that just the users OS or both?

 

I think it will be a very small niche market. A majority of users couldn't care less that they're being spied on.

 

You're right. Just think about GPG Email encryption which none uses and unsecure IM popularity like Whatsapp, etc.
Nobody cares.

 

Interview: ‘Fully encrypted’ Android Blackphone – will it allow for spy-proof communication?.

-- Tom

 

To use this ohone though, the person that you are calling has to have one too, right?

 

I don't know whether of not they have to have one. I just don't think there is a point of using it if the other person doesn't have one.

 

No, the Blackphone is not "clearly located" in Swaziland. If you do a DomainHostingView, you will see their Spanish address (Madrid) but the server indeed seems to be in "Culver City" (wherever that is). Another example of (this time rather ridiculous Spanish) snakeoil. I wonder whether it is legal to register in Switzerland. No credibility at all. Will report these fruitcakes to Switch.

 

Culver City is in California. Have you got any actual proof to your claim of this being snakeoil or is it just your own personal opinion?

 

Yes, I do. First, it is technically impossible to build that funnyphone. Second: Why can they not register in Spain? Why does it have to be Switzerland? They clearly are hiding something. But what? Paella, Chorizo?

 

Just to quote from a Youtube comment: "Mikanojo: If the blackphone uses the same transmitter towers or satellites then the signal is no longer private. Even if encrypted ti will still be logged by the towers and can be traced to that tower. If someone using the blackphone calls someone using a different phone then the call (if encrypted) must be decrypted for the other phone user to understand - so there went the privacy. And encryption is not the answer, it is at best a temporary condition. Ultimately this looks like what the darknet TOR (the onion router) was falsely claiming to offer computer users / hackers / online criminals - an illusion of anonymity and privacy - which was worked around by authorities, and when illegal activities were confirmed, arrests were made. Darknet came back again, and MORE arrests were made and sites shut down. This Blackphone cannot actually provide the security it is offering."

I totally agree. Either the Blackfunny people are complete ignorants or they are in the snakeoil trade. BTW: What about PGP today? LOL.

 

@roger_m (Vy frequent, but absent poster): BTW: Was Phil Z not the first individual incorporating a backdoor into his software (PGP)? (Sorry, I got a good memory.) Perhaps you have got a certain technical know how but you also should do your homework as far as reading is concerned. And then: A highly secure smartphone from Spain...? What a joke. Watch the Youtube video: They do not even know how to fluently speak English... Obviously, no response from you. You all remind me of the Privazer geezers. Same snakeoil, same ~ Snipped as per TOS ~. Can see on LinkedIn where they come from... (LOL).

 

I haven't looked at the details of this, because I'd rather build my own "Black Phone", but this is probably a pre-built phone running AOSP and a bunch of apps installed. Maybe even pre-configured for accounts for XMPP, and Secure SIP, etc on servers they control. It's probably for those who don't know what Recovery or Fastboot is.

Maybe the OS will be hardened a little bit, like SecDroid or GuardianROM does.

Maybe they'll include some cutting edge stuff like warning when the phone down-regulates to 2G in an area with plenty of 3/4G coverage. That's how IMSI Catchers work, IIRC.

Maybe they'll offer a way to wipe out the radio.img when you don't want to risk any GSM compromise at all.

IMO, you #can# communicate securely with something like XMPP with OTR, or SIP with ZRTP, on a phone (over VPN as an option too).

As far as .ch vs. Culver City - I think Phil lives in the US...maybe he just set the site up.

I agree that insinuating that a voice call over the GSM network is secure, is nuts...but have they said that? No way they can control the radio hardware or SIM card.

As far as PGP and backdoors - Well, I wouldn't personally use Symantec's latest, but I think Phil would rather have not gone through being put on trial by the US Government, if he could just let them in. The government also had to resort to a key logger (Magic Lantern) when it was going after Nico Scarfo. I hope we're not suggesting a back door in the protocol or GnuPG. (or even PGP 6.5.8 - the last with source code available. Though I think after CA Associates, some source appeared for PGP Inc. No idea after Symantec got it).

Here's one: Knowing that NSA/FBI is intercepting packages - how will the phone arrive? Might it be safer to get it from a US distributor. .vs a package that has to cross an international border? I don't know.