Phil Zimmermann's 'Spy-Proof' Mobile Phone In Demand

An anonymous reader writes "BlackPhone was designed by Phil Zimmermann (inventor of PGP). The 4.7" display phone features a 2 GHz NVIDIA Tegra 4i ARM Cortex-A9 quad-core processor with 60 GPU cores, 1GB RAM and 16GB storage [more specs]. The OS is a customized version of Android called PrivatOS which offers encrypted calls, texts and emails that can't be unscrambled even by spy agencies. It also offers built-in resistance against malicious software which will be most welcomed for users worried about free Apps that are becoming increasingly invasive, if not pure data collection spyware for unknown 3rd parties. It's coming out this June, and many Fortune 50 companies have already ordered the phone to protect against industrial espionage."

And the modem firmware?

[Anonymous Coward]

Does he have Qualcomm on board or what?

Re: And the modem firmware?

[halo1982]

Why would he need Qualcomm when the phone uses an nVidia baseband?

Re:

[Phreakiture]

Because Qualcomm owns the IP on the baseband hardware for CDMA.

Bootloader unlockable?

[mlts]

I wonder if the bootloader is unlockable so one can make their own ROM for it. The ideal is the ability to type in "fastboot oem unlock", flash a ROM, then relock the bootloader. That way, if someone wants to reflash, they have to re-unlock the bootloader (triggering an erase and TRIM cycle of the /data partition.)

Re:

[LordLimecat]

Doesnt re-locking the firmware make it impossible to get updates unless theyre signed?

Re:

[LordLimecat]

Nevermind, it does not.

Re:open source?

[Aaden42]

It doesn’t (necessarily) need to be, though it would be nice. If the Android-level interface to the baseband is sufficiently limited, and if all “secure mode” operations (encryption) are handled purely in Android and passed off as a ciphertext stream through the baseband, a subverted baseband would have limited ability to cause issues.

Problems for an untrusted baseband are:
1) If the OS will (or can be forced to) accept any type of control from the baseband (rather than exclusively the other way around), the baseband can take over the “secure” OS.
2) The baseband can leak private information passed through it to a third party.

Note that as a special case of #1, audio stream communication between baseband and OS is often implemented as some variety DMA or shared memory. Care would be required to ensure the baseband was incapable of reading or writing any portion of system memory other than what was explicitly setup by the OS for DMA. A hardware MMU or even physically separate DRAM circuitry could ensure this.

So long as the baseband has no avenue for exerting control over the OS, the OS can’t be tainted by a subverted baseband. If all information passed through the baseband in indistinguishable from entropy, the baseband funneling it off somewhere else has limited value absent some other attack on the crypto (including $5 wrench).

The last remaining attacks would be location leaks (which can be carried out against even an untainted baseband with CellCo assistance anyway) and the possibility of injecting forged traffic that might trick the user into doing something insecure. Well-designed UI should ensure that cryptographically authenticated communications are always distinguishable from untrusted.

Not saying having a fully open baseband wouldn’t be a really nice thing, but there are well established and sufficiently secure ways for sandboxing an untrusted baseband within an otherwise secure design.

Re:

[currently_awake]

What would be nice is if ALL external communications was on a separate processor. That way a security breach in your OS won't let the NSA intercept your data, and a security breach in your baseband won't let an attacker access your data/camera/microphone. The biggest issue is key handling/exchange. For you to talk with another phone you must share a key. How exactly do they manage that?

Re:open source?

[Immerman]

>For you to talk with another phone you must share a key. How exactly do they manage that?

Well if they both offer a rear-facing camera for video chat you could point the screens at each other for a moderately high bandwidth QR code based video stream. A few dozen bytes a frame (Version 3 QR code = 50 characters@5.5bits), times maybe 10 frames per second should be crude enough and slow enough to provide reliable data link, and it would be fast enough to communicate a 2048-bit key in under a second (2.75kbps)

Re:

[AmiMoJo]

You know Zimmerman invented the first public key cryptography software available to the general public, right? You simply send your public key, and it doesn't matter if the NSA/GCHQ intercepts it because all they can do is send you messages with it. They can't even spoof the person you are trying to communicate with because they need that person's private key to do so, and they only sent their public one.

Re:

[Sloppy]

If all the I/O is subverted, then you better make sure you really sent your key, though.

Crazy sci-fi dystopian future scenario is that Alice's software decides to send her key as qrcodes [slashdot.org] but then actually displays Eve's key's qrcodes but also sends Alice's public key over covert channel. Then the Bob's software, wishing to display a fingerprint for its new key (Eve's) on screen, does that. Except its subverted I/O shows Alice's fingerprint instead. Bob reads the fingerprint out loud and Alice says "Yep,

Re:

[ameline]

I think any designer of a "secure" phone needs to assume that the baseband is running hostile software.

If the baseband has write access to application cpu ram, you're screwed.

There needs to be uncompromised hardware enforced protection to ensure the baseband cannot write to application ram or to the flash memory of the application processor. I'd be very suspicious of DMA capabilities under control of the baseband unit.

I'm not saying it's impossible to make a secure phone, but you as a creator of such should

Re:

[Immerman]

Indeed. Perhaps it could be designed so that the baseband communicates with all the normal DMA tricks to a minimalist flipphone-grade CPU+ram, which is then internally networked to a separate, trustworthy CPU/RAM/Flash - essentially making for two phones in one. As an added bonus standby power consumption could be potentially much lower - the second computer could be powered down completely except when manually activated or woken by the power-sipping flip-phone core.

Limited market

[wcrowe]

I can see how this would work for blackphone-to-blackphone communication. What about people who call me or text me who don't have a blackphone? Those calls and texts are not going to be encrypted.

I think the market for this thing will be limited, at least for the immediate future.

Re:

[Anonymous Coward]

Of course it'll be limited. This sort of thing only has appeal to secretive companies, spies, criminals, terrorists, and paranoid nitwits like we often see here who have no reason to be spied on, but hallucinate danger. Most of us have no need for something like this, and a more open product is better for us.

Re:

[Fjandr]

Until you do have a need for it, and then it's too late.

Re:Limited market

[Charliemopps]

It wont work.

I use textsecure: https://play.google.com/store/... [google.com]
and redphone: https://play.google.com/store/... [google.com]

which encrypt text and calls to other people who use it. Which includes my wife... because I installed it for her... and that's about it. My paranoid friends that might use such things wont even get a smartphone so... yea...

anyways, both applications are pretty good. I'm with Verizon and they have a TERRIBLE messaging app that they replaced the standard android app with. It literally crashes my phone it's so bad. So I replaced it with this. The only annoying bit is having to enter your password if you reboot the phone. Textsecure even sends the texts via the internet rather than using the cellular network to save you messages if the other users got it as well.

Re:Limited market

[geekoid]

Of course, what is the most used pieces of informaiton gathered from a phone? location and history of location.

Re:

[lsatenstein]

In 2006, we had a secure phone system that used aes encryption. The process worked by calling a specific number, and via SSH, getting a session AES key. That key encrypted the info before it left the phone, and decripted the info after arriving in the phone. We had it for voice and data.
AES encryption and decryption was chosen so that the one AES key would serve for both.

It required a key server functionality between partners who prearranged calls. Ideal for embassies, and for other secure communication

Re:

[mlts]

First thing one should do with almost all Android devices (GPE devices are a cautious exception) is to re-ROM them. I've not really been impressed with Verizon's text app myself, so I prefer a replacement.

In any case, having the ability to encrypt phone and SMS conversations in an app, completely separate and independent from the OS is a boon. An eavesdropper would have to go from being passive to actively interacting with the apps or actively reading/scanning memory for keys to upload.

With newer versions

Re:

[Anonymous Coward]

Of course that is only as secure as the user of the phone allows it to be. Once malware is injected using one of many vulnerabilities/exploits, from browsing the web, email, apps, whatever, that "secure" app will be compromised.
The blackphone does not have this problem.

Spy-Proof; Not Court-Proof

[ObsessiveMathsFreak]

You can develop all the security technologies you like. They'll be worth precisely nothing when the NSA sends a pup of an agent with a national security letter to seize your files, equipment, and force your co-operation under penalty of imprisonment. The courts remain the ultimate root-kit.

Re:Spy-Proof; Not Court-Proof

[Anonymous Coward]

Only third-world countries with no human rights operate like that.

Re:

[Desler]

thatsthejoke.jpg

Re:Spy-Proof; Not Court-Proof

[houstonbofh]

But you will know. They will not be able to listen in without you knowing. That is a big deal.

Re:

[Krojack]

Are you sure of this? I always say, It it's created by humans then it can be cracked. You do know the NSA will be ordering a lot of these phones and quickly tearing them apart looking for exploits.

Re:

[L4t3r4lu5]

I always say, It it's created by humans then it can be cracked.

Yeah, but can it be easily cracked, or cracked within the time frame that the information is still useful? If a criminal can MITM my internet banking and get all of my savings, that is A Bad Thing. In 2006 [theguardian.com] we could crack Enigma in 4 days with then-modern home PC hardware and an optimised brute force routine. That is absolutely fine; The people who benefited from its use are mostly dead, the war is over, there's no need for the security anymore. In fact, Enigma was so good that almost all of the successful c

Re:

[geekoid]

You can't hide secrets of the future with math. The path of technology history is littered with the bones form 'unbreakable/unhackable/uncrackable' products.

I wonder how you update the phone? Or prevent someone from installing a keylogger?

Re:

[houstonbofh]

You can't hide secrets of the future with math. The path of technology history is littered with the bones form 'unbreakable/unhackable/uncrackable' products.

I wonder how you update the phone? Or prevent someone from installing a keylogger?

However, there are several encrypted message from WW2 that are still unbroken. And it doesn't change the fact that you know they are not listening NOW.

Re:

[Frosty Piss]

But you will know. They will not be able to listen in without you knowing. That is a big deal.

I though everyone assumed that they were listening? Snowden, you know? Ever heard of COINTELPRO? They have been listening for a long long time.

Re:

[Eythian]

That's the point of this whole phone. So you can assume that they're not listening.

Re:Spy-Proof; Not Court-Proof

[tapspace]

Someone should enshrine that in some sort of high code of law upon which all other laws will be based in some sort of new democratic society...

Re:

[Slayer]

... and a pack of inept/corrupt law makers could wipe their butts with that document and laugh in your face.

Re:

[Raenex]

But you will know. They will not be able to listen in without you knowing.

How so? They use a National Security Letter to order a wiretap, which in this case means implanting a backdoor. Similar tactics have been used on other people offering encyrption software. Unless you build and program the phone yourself from trusted parts, you're at the mercy of your provider, and the provider is at the mercy of government.

You really can't expect anything different from the same government that secretly (though with ISP help) installed taps onto all of the major ISPs, can you?

Re:

[Anonymous Coward]

You can develop all the security technologies you like. They'll be worth precisely nothing when the NSA sends a pup of an agent with a national security letter to seize your files, equipment, and force your co-operation under penalty of imprisonment. The courts remain the ultimate root-kit.

It should be fairly obvious even to the technical baboons we often find behind the bench that the secure side of the device is limited by definition. One cannot be ordered to produce that which does not exist or was destroyed long ago through sound data attrition policies.

Therefore, order away courts, you're not going to be able to unring that bell, which is kind of the entire point of this exercise. To make it in fact, Court-Proof.

Sad to say, it has come to this.

Re:

[viperidaenz]

So how exactly is a warrant going to get them copies of your encrypted phone calls that haven't been stored on your device?

Re:

[Actually, I do RTFA]

It gets them a feed into the microphone/earpiece on the other phone, and a gag order giving your friend 20 years in jail if he warns you. And a plea deal where he gets 6 months if you confess, or 20 years if he doesn't convince you to.

Re:

[viperidaenz]

That's not the problem this device sets out to solve. Nor is it a problem any communication device can solve. If you can't trust the person on the other end after you've verified who they are, technology can't help you.

Re:

[Anonymous Coward]

Assuming you *do* trust them, use what agents in WW2 used: a security code (agreed in advance, face to face.)
Example, I announce my name on the phone as "Anonymous Coward", then I'm identifying myself, & also saying all is well here.
But if I say "Anonymous J. Coward" (assuming J is my real middle initial), I'm warning my correspondent that I have been coerced.
Very hard to prove anything in court about that.

Re:

[petermgreen]

In many such systems there is simply no such thing as "your encryption key", a key is agreed for the session and then discarded afterwards.

Spy-Proof; Not Court-Proof

[Anonymous Coward]

Your argument is defeatist.

Court or not, this is a great step towards "doing all we can" to counteract unlawful snooping.

Re:

[OrangeTide]

I'm waiting for there to be a law against counteracting unlawful snooping.

Free with phone:

[GameboyRMH]

Lifetime membership in the NSA's Super Special Pals club! They'll be thinking about you all the time!

Re:

[houstonbofh]

Unless it gets popular. Then it will just be the one finger wave.

battery?

[magarity]

How big does the battery have to be to keep all those cores running? Must take up half the interior.

Re:

[houstonbofh]

It's not like anyone with a modern smart phone doesn't keep it plugged in all the time anyway. Notice how they do not call them "cordless" anymore...

Re:

[Actually, I do RTFA]

If I turn it off overnight, every night, it barely changes the time between charges. Idle is clearly not consuming much.

Or "off" is consuming far more power than you would think.

Re:

[geekoid]

I use a nexus 4. I plug it in before bed, unplug it in the morning when it's alarm goes off.

So, not it's not plugged in all the time, or even most of the time.

Re:

[Desler]

Nvidia through their acquisition of Icera. It's a software modem.

Re:And who makes the baseband?

[viperidaenz]

It's not directly connected to the microphone. That's connected to an audio codec controlled by the application processor.

Re:

[viperidaenz]

RTFS

many Fortune 50 companies have already ordered the phone to protect against industrial espionage.

Re:

[Zero__Kelvin]

"Who except for criminals and terrorists are actually going to buy this thing, or am I missing something?"

I'm going to go with ... "Half a Brain" FTW!

Re:

[Krojack]

Yet only has 1 gig of RAM. I won't even look at a phone unless it has at least 2.

Carriers

[Gryle]

In all seriousness, what US carriers will let you use this phone? I can't see this being offered in-store to every Joe Friday that walks in off the street (the demand isn't high enough, depressingly) and most carriers like you to buy a particular phone to use on their particular network. How do I go about using one of these (well, two of these) in day-to-day activities?

Re:

[Desler]

There are CDMA worldphones. They are simply multi-mode phones.

Re:

[Desler]

Why would you need to buy one in a carrier store? Simply buy a SIM card from the carrier and put it in your phone. That's as trivial as it is to use it on either AT&T or T-Mobile.

Not sniping, genuinely curious...

[FatLittleMonkey]

Have you honestly never heard of people buying SIM cards for existing phones? Outright purchase? Unlocked phones?

Re:

[Gryle]

No, not really, not outside of something like a GoPhone or a similar "burner"-type program. Then again, I still have a flip-phone (Samsung Rubgy II to be exact) and if I didn't have to have it for work, I'd not have a cellphone at all.

Re:

[FatLittleMonkey]

Next time you are in a supermarket, have a look at their handset/recharge/charge-card display. Chances are they have dozens of "pre-paid starter kits" for every carrier (and reseller) in your area. These contain just a SIM card, no handset.

Even with carrier-locked handsets, you can normally use any new SIM kit from that carrier. More importantly, you can buy almost any brand of handset unlocked from the manufacturer, and hence run any SIM kit from nearly any carrier. This is particularly useful for travelle

Re:

[Gryle]

Learn something new every day. Thanks for the information.

Cause the government got tired of backdoors

[penguinoid]

from other people, interfering with theirs?

Pff

[Greyfox]

The NSA already knows about those live goat porn sites you browse, that you like to dress up like a nun and get spanked with a toilet brush on Friday nights and they already have a picture of your dong. So really, what do you need a secret spy phone for, again?

Just a few things

[EmagGeek]

1) There is no such thing as spy-proof
2) If you can install an app on it, it is not secure
3) If you can connect it to a network, it is not secure
4) If you do not own and have complete access to audit all firmware, including the radio, then it is not secure
5) The Blackphone looks like nothing more than a platform from which to sell expensive annual subscriptions to quasi-private services

Screen filter

[GuB-42]

Is there a privacy screen filter ? The kind where you can see the screen only from a narrow angle.
Some Japanese phones, which are commonly used in crowded trains feature this. I think it is an essential privacy feature.
Ah and a physical, highly visible, camera lens cap too.

Re:

[koreanbabykilla]

I have seen theories its a numbers station lol. Who knows why people do most the weird shit they do though.