Boeing Preparing an Ultra-Secure Smartphone 101
bobwrit writes in with a story about Boeing's new secure government phones project. "Earlier this week, it was revealed that aerospace firm Boeing was working on a high security mobile device for the various intelligence departments. This device will most likely be released later this year, and at a lower price point than other mobile phones targeted at the same communities. Typically, phones in this range cost about 15,000-20,000 per phone, and use custom hardware and software to get the job done. This phone will most likely use Android as it's main operating system of choice, which lowers the cost per phone, since Boeing's developers don't have to write their own operating system from scratch."
What about the network side of things? (Score:3, Insightful)
How secure is the data at the tower?
Re:What about the network side of things? (Score:5, Insightful)
What data? All you can see are a bunch of scrambled bits.
Re:What about the network side of things? (Score:5, Insightful)
So you are saying the MitM has the keys?
Re:What about the network side of things? (Score:5, Informative)
Unless the engineers at Boeing working on this are total idiots (which is highly unlikely) all that a cell tower would see (fake or otherwise) is an encrypted stream (probably a VPN) heading between the handset and some locked down secure server out there.
Re: (Score:1)
all that a cell tower would see (fake or otherwise) is an encrypted stream (probably a VPN) heading between the handset and some locked down secure server out there.
What, like a blackberry? They've been certified by NATO and many other govts:
http://us.blackberry.com/ataglance/security/certifications.jsp [blackberry.com]
Re: (Score:2)
Tower simulation / MITM exists.
Yeah because they don't need to have the keys. at. all. </sarcasm>
Re: (Score:1)
They know that there are security holes in the OS, and the chip sets that are going to the phones I hope right? If your claiming security you better design from scratch what is the US paying for then if the phone costs 15k? Also then do they have to do java patches since all apps are java apps. What ever a 15k smart phone with a Boeing logo today's 5k Hammer which adjusted for inflation sounds about right.
I wonder if this is an effective use of resources (Score:5, Funny)
Thanks to declassified files and leaked files from the former Soviets, it is possible to figure exactly how the Soviets usually stole their secrets.
It would be very interesting to analyze how often they stole information via technical means (tapping phones, intercepting transmissions, etc) vs. human intel means (sending Anna Chapmen to coach you into giving it all up)
I have a sneaky suspicion that more than 90% of the time, the Russians/Soviets succeed with human intel. Heck, if I knew top secret information, and Anna Chapman came after me with the goal of convincing me to give it all up, I'm not sure how long I could hold out under her interrogation...
Re:I wonder if this is an effective use of resourc (Score:5, Insightful)
No, the Russians used to get most aerospace intelligence from the magazine 'Aviation Week and Space Technology' (usually referred to as 'Aviation Leak').
And there reporters weren't even remotely good looking.
Re: (Score:2)
err. there, their - what the hell. This time it's my brain's fault.
Re: (Score:1)
Hey, it still works, you got lucky with this one :P
Re: (Score:2)
Re:I wonder if this is an effective use of resourc (Score:4, Interesting)
No, the Russians used to get most aerospace intelligence from the magazine 'Aviation Week and Space Technology' (usually referred to as 'Aviation Leak').
And there reporters weren't even remotely good looking.
Well, Aviation Week leaked at both ends: the west got intel on the Soviets with it too.
I heard a funny story once (perhaps apocryphal?) about someone working on photographs taken during the Mayday Parade of all the military hardware the Soviets were showing off. He was trying to figure out basic dimensions and capabilities, etc., by examining the hardware and comparing it to the size of other things in the photographs. Someone came up to him, looked over his shoulder, and said, "Oh hey, the Mayday Parade." The guy with the photographs covered them up along with his work, turned to his visitor, and hissed "You shouldn't be looking at this!" The other fellow sad, "whaddya mean, it's all here in Aviation Week." He opened the magazine to the exact same photograph, with an article containing all of the data the fellow was trying to gather.
Re: (Score:2)
I recall that some on who knew her slightly in the Uk said he thought she was a high class call girl.
You just broke the Official Secrets Act (Score:2)
Re: (Score:2)
Re: (Score:2)
The replacement paperclip project is classified Secret. We don't want the Americans to know we are still using paperclips, and we don't want the Chinese to know where all those paperclips we import are going.
Undercover Clippy? God help us...
Re: (Score:2)
Re: (Score:2)
It's cool that this is public information. This of course is shocking but there are clearance reviews that are just boring paperwork with nothing exciting. The more open they are about it the better. I do however thing Shep should have had to do some hard time for failure to disclose. When I had a clearance if you screwed up you could lose your clearance but if you disclosed a mistake like this upfront it was much easier on you. With that information they can target the whore and feed her misinformation.
htt [dod.mil]
Re: (Score:2)
Well, if he'd reported right away (as in the moment he found it missing) I'm not even sure he would have committed a crime of any sort. Perhaps he should have locked the notebook in a safe before letting her in the room, but anyone can slip up and make a mistake (especially when thinking of getting some from a beautiful women).
However, his second huge mistake was admitting that she took it. It would have been simpler to maintain that he didn't know how he lost the notebook, and less likely to get him in t
Re: (Score:2)
Not reporting it and not freely admitting the one night stand should have been a fast way of jail time. I'm not sure if he was punished or not.
Losing the ability to get a clearance is a pretty stiff blow as there are few civilian jobs that require a clearance and pay as well.
Re: (Score:2)
He wasn't, other than losing his clearance.
I'm saying that either he should have
1. done the right thing right away
or
2. Forget it ever happened, and never mention it to anyone
Taking option 3 just screwed himself and his family.
GPL Apply here? (Score:2)
Re: (Score:1)
Re:GPL Apply here? (Score:5, Informative)
GPL has NEVER required release of source to anyone other than those to whom you release executable. GPL has NEVER restricted internal forks/releases.
Re:GPL Apply here? (Score:5, Informative)
The GPL only requires that you distribute the source code to the same people you distribute the binary to. (And requires that you give them the same ability in turn.) Presumably, this means that Boeing has to give the government the source code, but that's it. The government could choose to release it, but I doubt they would.
Re: (Score:2)
Re:GPL Apply here? (Score:5, Interesting)
They could do the same with it as they did with SELinux. If it's truly secure, it can be fully open. Just don't leave the keys in it.
Re: (Score:2)
So if I take an existing OS (Android in this case) under GPL and I alter for greater security, does that have to be release too if all I'm doing is some sort of internal release? I'm sure this has been answered to death with Linux but just curious.
The Linux part of Android is under the GPL. The other is under the Apache License.
Ultra-secure smartphone (Score:4, Funny)
without Windows?
Ha! Impossible Mission!
this is the phone I'd want to carry (Score:2, Troll)
imagine if you get stopped while driving and the cop wants to take a browse thru your phone, for his usual fishing-for-crimes spree.
it would probably be impossible, by design, for him to invade your privacy with a phone like this.
finally, one that is safe to carry around outside.
Re: (Score:3)
SInce when does that matter?
Re: (Score:1)
Re:this is the phone I'd want to carry (Score:4, Insightful)
if only it was that easy.
the story goes that if you are arrested (so far; perhaps later it can be pre-arrest) you lose all property rights. at least that's what 'law enforcement' wants us to believe. they carry guns and can ruin our days; its usually best not to contradict that kind of element.
your phone will be 'scanned' on the spot by special usb adapters. you won't have anything to say about it; you'll be in cuffs.
do I like our police state? HELL NO! I'm simply stating the facts of what life is like in the US, these days. if you travel with a smartphone and are stopped by cops, you COULD have your privacy invaded right there on the spot.
its horribly wrong; but a lot of what the police state does is wrong, today.
Re: (Score:2)
You're talking about two completely separate things:
When you are arrested your right to privacy disappears -- this is sort of almost true. Therefore once arrested you cannot have said non-existent privacy invaded.
So no, the cop can't pull you over and start going through your phone (and even if they did it would be inadmissible). They can pull you over and arrest you, THEN search your phone, car, house, pretty much what they please.
You missed the continuity there, and jumped straight from random traffic sto
Re:this is the phone I'd want to carry (Score:4, Insightful)
You missed the continuity there, and jumped straight from random traffic stop or some such to arrested (for what exactly?)
For resisting arrest, of course! It's the new black.
Re: (Score:2)
Mod this up! That is the wittiest black humour pun I've seen in ages
Re: (Score:2)
Cannot be arrested for resisting arrest. There has to be something else first. I know, because I had a cop try to arrest me for it once. And no, being an asshole is not an arrestable offense.
So now, my standard phrase to a cop talking to me is "I'll resist your interrogation until you arrest me. Am I free to go or are you arresting me?" They have no choice at that point, the relationship has become adversarial, they have to let you go, or arrest you. If they arrest you, they better be arresting you for some
Re: (Score:2)
I didn't say the arrest would be legitimate, just that it seems to be popular these days. While it may be ultimately futile, the process of getting the arrest thrown out is in itself punitive.
Re: (Score:2)
your phone will be 'scanned' on the spot by special usb adapters. you won't have anything to say about it; you'll be in cuffs.
Considering who is developing this (Boeing) and what their typical lines of business are (DoD contracts), I don't think the average cop wants to get caught anywhere near one of these phones. If they read the wrong stuff, they might even get one of those secret plane rides to some unknown federal facility in the middle of the night.
Re: (Score:2)
Don't consent to the search, since he doesn't have a warrant.
It won't ruin his day to detain you for hours while the warrant is written and signed.
Re: (Score:2)
Not really. Not compared to this method.
http://xkcd.com/538/ [xkcd.com]
"Android as it's main operating system" (Score:1)
Read out loud: ''there's an 'as' too many in this fragment.''
Or is that 'ass'?
Excuse me for any spelling errors -- which after all are less grave than grammatical errors.
Boeing's track record on radios (Score:2)
basically sucks. See, for example: http://www.fiercegovernmentit.com/story/dod-cancels-jtrs-gmr-long-live-jtrs-gmr/2011-10-17 [fiercegovernmentit.com]
My question... (Score:2)
Will the bootloader be locked or unlocked? It would be nice to have a secure variant of CM7 or CM9 on this device.
Re: (Score:2)
Re: (Score:3)
Will the bootloader be locked or unlocked? It would be nice to have a secure variant of CM7 or CM9 on this device.
On a secure device?
On a device that security would depend on complete control of it's configuration?
The answer is left as an exercise for the student.
Boeing is designing it ... (Score:5, Funny)
And they still won't allow you to use it on a fucking plane.
Re: (Score:1)
And yet they still allow for Snakes on a Plane.
A bit hypocritical isn't it? (Score:5, Interesting)
Re: (Score:3)
So the people who feel entitled to intercept everybody else's emails, text messages, instant messaging, social media usage, phonecalls, internet browsing, credit card usage, GPS driving data and much more, preferably without any legal warrants of any sort being required, feel entitled to having "highly secure means of communicating" when it comes to themselves?
I don't think it's going to be available to blackhat and defcon attendees.
Re: (Score:3)
You must be new here. And by "here" I mean Earth.
Re: (Score:2)
This was my thought too... I think this is just the follow on from that...
Application Management Issues (Score:2)
Improved secure smartphones sound like a good thing, but I would be interested to know how Boeing plans to handle the application installation issues associated with a secure platform. If the platform really is to be secure, you probably don't want the end user to just install any random applications on the phone. So you'll need to have a management process to either: develop in-house applications that duplicate existing functionality; or a mechanism of approving outside applications for use in the secure
Re: (Score:2)
Google Play is of course the first component to go. The next is other installer code, that allows installation of stuff. Only pre-approved, possible in-house developed apps will be allowed.
Remember it's ultra-security so highly locked down. The implementation of such policies is the hard part: proper vetting in place, keeping on top of any and all security issues in the OS, etc. You may assume this device can also not connect to the Internet. Encrypted VPN to the mothership, web/mail/whatever from there, no
plausible deniability (Score:2)
15,000-20,000 what? (Score:3)
So will there be a Boeing app store? (Score:2)
n/t
Re: (Score:3)
Re: (Score:1)
And Boeing provides the friends list.
Re: (Score:1)
Where else would you put the following apps?
1. BunkerBuster-Lat-Long
2. RF-Jam-Lat-Long
3. EMP-Lat-Long
4. LiveFootageIR-Lat-Long
and no...they won't be 99 cents each. The price field is now a long integer, preceed by "$" and followed by an "m"
Re: (Score:3)
hackity hack hack wait till you lose one on the tarmack.....
First they have to find some way to keep their developers from leaving the prototype in a bar. For some reason, that isn't as easy as you'd think.
Re: (Score:1)
One of requirements will a tamper wipe of all data and code. It might even go as far as physical self destruction. I've worked on unclassified projects where that was a requirement.
we should all have these (Score:5, Insightful)
Everyone should have an ultra-secure smart phone. Get the costs down and make it a standard feature for smartphones. It shouldn't be something only for the gov.
Re: (Score:1)
Everyone should have an ultra-secure smart phone. Get the costs down and make it a standard feature for smartphones. It shouldn't be something only for the gov.
What, like a blackberry? Certified by NATO, common criteria, FIPS, yada yada yada:
http://us.blackberry.com/ataglance/security/certifications.jsp [blackberry.com]
In fact you can buy blackberries pretty cheap these days since most people are focused on OOOOH!!! SHINY! instead of real security.
Two weeks ago we bought some spare 3G blackberry curves for the office. Unloc
Re: (Score:1)
Re: (Score:2)
Hardware on client side is only part of the equation.
Encrypted networks, secure e-mail storage, secured communications channels, security-checked apps: it's all part of the package. How good is your ultra-secure phone when you can install random 3rd party software that can do who-knows-what to your phone?
Even if it's highly secured, well I'd say especially when it's highly-secured, you must assume that there are security bugs in the underlying software. Besides fixing them as soon as you find them, you will
Units, you fuckers (Score:4, Informative)
Is that in Turkish Lira? Bargain!
Re: (Score:2)
Is that in Turkish Lira? Bargain!
1 Turkish lira = 0.55 USD
Re: (Score:2)
More like Chinese Yuan, ex-factory price. Before shipping and retail mark-ups.
What you saying, that factory is not in China?
Considering what ... (Score:2)
Google apps (Score:2)
Will it be branded and use Google apps?
I assume they are trusted.
I hear they're charging the taxpayer $5,000,000 (Score:5, Funny)
for an ultra-secure implementation of "Angry JDAMs"
Yawn. NSA already announced theirs (Score:1)
Apple making air planes? (Score:1)
Re: (Score:2)
Well, they already make airports.
Boeing, a phone? with wings? :p (Score:2)
am I the only that saw the headline boeing making a phone and was like... ha, say what? :) yes, I am sure they got the competences for that but not their core business as far as I know
Uncrackable phone being developed. (Score:3)
Yeah, cost. That's it. (Score:1)
Having worked with Boeing for a while now, I can safely say that it has nothing to do with cost, and everything to do with the fact that the engineers would still be sitting in meetings five years from now trying to figure out who needs to authorise cubicles and hardware for the project.
Boeing is the least effi
Android security holes? (Score:1)
I'll buy seven ... (Score:2)
Oh, where is it made?
USA?
I'm sure I can get one from a safe(-er) location.
No sale.