‘Blackphone’ promises to shut out prying eyes

Discussion in 'privacy general' started by dogbite, Jan 15, 2014.

Thread Status:
Not open for further replies.
  1. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,093
  3. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Baseband weaknesses? A warning when the phone drops down to 2G would be nice.
     
  4. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Gonna get myself one of those just to support the company ~ Snipped as per TOS ~.
     
    Last edited by a moderator: Jan 16, 2014
  5. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  6. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Please excuse my lenguage.
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If I understand correctly, most smartphones have 2 operating systems. Only one of these is accessible to the user. I wonder if they've replaced or altered the underlying OS or if this is another secure OS running on an insecure OS?
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,093
    This Company Wants to Be the Apple of Super Secure Smartphones.

    Note: The above URL link contains a short vimeo video (3:36). While the company claims to be DC-based, the website on the video at the end is clearly based in Switzerland, due to its ccTLD (country code top-level domain), .ch., i.e. www.blackphone.ch

    -- Tom
     
  9. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    That's the Baseband. It has it's own OS. It is the cell radio firmware/driver. I doubt they can do anything with it, as changes would probably have to come from Qualcom, etc... Not sure what real world exploits could be attempted against it, just that researchers say it uses 90's era code...with all it's problems.

    At least on Android, you can wipe it out and restore it, if you want to be extra safe... no phone calls though when it's wiped :D
     
  10. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    How much influence or ability does the baseband have to subvert or monitor the user OS? Does the baseband handle GPS functions? I question how secure any device can be made when the user has no control over one of the operating systems.
     
  11. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    But isn't android open source?
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Is that just the users OS or both?
     
  13. snerd

    snerd Registered Member

    Joined:
    Dec 8, 2007
    Posts:
    71
    Location:
    U.S.A.
    I think it will be a very small niche market. A majority of users couldn't care less that they're being spied on.
     
  14. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    You're right. Just think about GPG Email encryption which none uses and unsecure IM popularity like Whatsapp, etc.
    Nobody cares.
     
  15. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,093
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    To use this ohone though, the person that you are calling has to have one too, right?
     
  17. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    I don't know whether of not they have to have one. I just don't think there is a point of using it if the other person doesn't have one.
     
  18. Haggishunter

    Haggishunter Guest

    No, the Blackphone is not "clearly located" in Swaziland. If you do a DomainHostingView, you will see their Spanish address (Madrid) but the server indeed seems to be in "Culver City" (wherever that is). Another example of (this time rather ridiculous Spanish) snakeoil. I wonder whether it is legal to register in Switzerland. No credibility at all. Will report these fruitcakes to Switch.
     
  19. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,237
    Culver City is in California. Have you got any actual proof to your claim of this being snakeoil or is it just your own personal opinion?
     
  20. Haggishunter

    Haggishunter Guest

    Yes, I do. First, it is technically impossible to build that funnyphone. Second: Why can they not register in Spain? Why does it have to be Switzerland? They clearly are hiding something. But what? Paella, Chorizo?
     
  21. Haggishunter

    Haggishunter Guest

    Just to quote from a Youtube comment: "Mikanojo: If the blackphone uses the same transmitter towers or satellites then the signal is no longer private. Even if encrypted ti will still be logged by the towers and can be traced to that tower. If someone using the blackphone calls someone using a different phone then the call (if encrypted) must be decrypted for the other phone user to understand - so there went the privacy. And encryption is not the answer, it is at best a temporary condition. Ultimately this looks like what the darknet TOR (the onion router) was falsely claiming to offer computer users / hackers / online criminals - an illusion of anonymity and privacy - which was worked around by authorities, and when illegal activities were confirmed, arrests were made. Darknet came back again, and MORE arrests were made and sites shut down. This Blackphone cannot actually provide the security it is offering."

    I totally agree. Either the Blackfunny people are complete ignorants or they are in the snakeoil trade. BTW: What about PGP today? LOL.
     
  22. Haggishunter

    Haggishunter Guest

    @roger_m (Vy frequent, but absent poster): BTW: Was Phil Z not the first individual incorporating a backdoor into his software (PGP)? (Sorry, I got a good memory.) Perhaps you have got a certain technical know how but you also should do your homework as far as reading is concerned. And then: A highly secure smartphone from Spain...? What a joke. Watch the Youtube video: They do not even know how to fluently speak English... Obviously, no response from you. You all remind me of the Privazer geezers. Same snakeoil, same ~ Snipped as per TOS ~. Can see on LinkedIn where they come from... (LOL).
     
    Last edited by a moderator: Feb 2, 2014
  23. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I haven't looked at the details of this, because I'd rather build my own "Black Phone", but this is probably a pre-built phone running AOSP and a bunch of apps installed. Maybe even pre-configured for accounts for XMPP, and Secure SIP, etc on servers they control. It's probably for those who don't know what Recovery or Fastboot is.

    Maybe the OS will be hardened a little bit, like SecDroid or GuardianROM does.

    Maybe they'll include some cutting edge stuff like warning when the phone down-regulates to 2G in an area with plenty of 3/4G coverage. That's how IMSI Catchers work, IIRC.

    Maybe they'll offer a way to wipe out the radio.img when you don't want to risk any GSM compromise at all.

    IMO, you #can# communicate securely with something like XMPP with OTR, or SIP with ZRTP, on a phone (over VPN as an option too).

    As far as .ch vs. Culver City - I think Phil lives in the US...maybe he just set the site up.

    I agree that insinuating that a voice call over the GSM network is secure, is nuts...but have they said that? No way they can control the radio hardware or SIM card.

    As far as PGP and backdoors - Well, I wouldn't personally use Symantec's latest, but I think Phil would rather have not gone through being put on trial by the US Government, if he could just let them in. The government also had to resort to a key logger (Magic Lantern) when it was going after Nico Scarfo. I hope we're not suggesting a back door in the protocol or GnuPG. (or even PGP 6.5.8 - the last with source code available. Though I think after CA Associates, some source appeared for PGP Inc. No idea after Symantec got it).

    Here's one: Knowing that NSA/FBI is intercepting packages - how will the phone arrive? Might it be safer to get it from a US distributor. .vs a package that has to cross an international border? I don't know.
     
Thread Status:
Not open for further replies.