This. This phone is a joke. I appreciate the effort in trying to patch up that raging security disaster we call Android, but the real problem in any phone is the propietary baseband running on some RTOS with little in the way of process isolation (or security conscious programming, for that) connected to a high bandwidth, always on wireless communication interface speaking complex protocols designed by a committee with an endpoint run by companies that have been happily complying with mass-scale surveillance, mere packets away from direct access to the microphone and GPS chip, possibly a DMA directly into the application processor.
Oh, and that neat little micro SIM you put into it? It runs fucking Java and has carrier push support for new "applications" builtin, in the meantime it stores and generates the crypto keys used by the baseband.
This is the state of mobile security. Unless you are running osmocomBB on a crusty old Motorola brick with a logger between the phone and SIM to check for anomalous activity, don't touch it with a 3m pole.
Let's face it: besides its high price and average specs, Blackphone is a normal phone with a proprietary AOSP-based ROM. That's it. No hardware mic/wireless switch whatsoever, no open hardware, no open baseband, not even open software! This is appallingly bad, and if they make bank, it means very bad things for all of us.
And unfortunately, just about every one of the osmocombb capable phones are euro frequency only, so even this route is not available to those in the us...
It seems to me like you're saying "mobile phones can never be secured, security is all-or-nothing, and any attempt to secure mobile phones is futile". Is that accurate?
Because it seems to me that, sometimes, not leaving your doors and windows wide open, even though "they can always be broken into", is a good idea.
Is there no value to a phone that reduces your NSA dragnet footprint substantially, while at the same time building the capital necessary to develop an open baseband (as I'm sure you're aware, that is not a cheap proposition)?
Easy to make your own burner phone with customized AOSP for temporary use while in China or CIS/Russia if worried about industrial espionage or legions of criminal blackhats hanging around hotel wireless APs. After going through the source removing stuff like debuggered and GPS binaries, and writing custom init scripts can drop in TextSecure, Redphone and many other open source apps, thegrugq's Darkmatter app, platform sign them and enforce with middleware install-time mac to prevent anything else not signed being installed and use dm-verity to check system.img on boot for tampering. Lot's of business travelers need something reasonably secure to bring that they just end up throwing away when they return. Boot a Mobiflauge patched kernel temporarily with fastboot and wipe/encrypt the device when you get back for safe disposal, then flash Paranoid Android or CyanogenMod to it and sell it on CL to get some of your money back.
There's also Nexus 7 devices that can be bought without a baseband to do this. Essential reading is the Android Hacker's Handbook by @pof. Of course using any phone for something illegal is a guaranteed way to get arrested no matter what has been done to it. The hardware will always be a bundle of proprietary blackboxes, likely with a law enforcement door to brick it, record meetings with the mic or track the owner.
An independent processor with a well-defined communication interface to a proprietary baseband (and ability to kill its power) would suffice. The easiest way to achieve this is probably a small low power "laptop" running GNU/Linux (or similarly free system) coupled with a MiFi hotspot (ideally modded to have a hard switch on its battery).
You can't get out of your location being trivially tracked by your carrier until you can pay for network access with anonymous bearer tokens, or at least significantly supplement with free wifi networks or friends' MiFis.
It seems like this should be something "easy" to do right inside the phone, right? Why should the baseband processor have any uncontrolled access to the Android OS running on it? It should just expose voice and data channels, and whatever other little bits are required to interface.
Yeah it should be. But for whatever reasons nobody is actually doing it! Probably because the power/weight budget of an integrated processor is so compelling, even when it ends up turning the product into snake oil. Plus commercially, you still can't claim to be free of proprietary blobs, because who knows what an isolated processor is actually doing. Also, I wouldn't be surprised if designers were coaxed into trusting the baseband by the chipset vendors ultimately preserving the carrier/law enforcement status quo.
So my point is that we have the ability to assemble secure systems out of off-the-shelf components. It just takes software work to integrate and set up easy to use on-the-go telephony under bona fide GNU/Linux, and carrying around a bit more weight until critical mass is reached and the form factor can be made more convenient.
I'd also expect a very detailed hardware specifications - open-hardware level of details. Hardware simulators level of details. After all they talk about transparency - so both hardware and software should be up for the scrutiny.
I read in an interview you can ask to see the source if you sign plenty of NDAs and are a large prospective customer. Cryptophone GSMK operates the same
The primary value of the Blackphone is that is comes with several hundred dollars of security services.
1. SilentCircle's encrypted messaging and VOIP solution + licenses for close collaborators.
2. Disconnect.Me's VPN
3. Spideroaks encrypted cloud storage
4. Kashmir's wifi finger printing services.
Everything is licensed for 2 years.
The primary market Silent Circle is going after at the moment is journalists, NGO workers, private military contractors etc who need smart phones at an organizational level but want enhanced resistance to surveillance.
1. Eh, OK, you're probably better off using zRTP directly with your contacts. Silent Circle doesn't seem to actually say how your calls are any more secure. In a recent thread, they say they hand them off to a VoIP carrier and consider that "encrypted to the PSTN". IIRC part of Silent Circle's play is that they think the government cannot compel them to do "bad" things, so they're telling us to trust them on that basis.
2. One of a ton of services that cost like $3-4 or so a month and will probably fall. And sure, it prevents the local WiFi from running sslstrip at the cost of putting all your traffic at an easy-to-monitor place (the VPN provider).
3. A closed source program running access to all your data doesn't sound particularly impressive. But sure, it's better than using Dropbox.
4. Kismet Wifi manager is $2.99 on Google Play.
It might be better than nothing, but the product sounds seriously over-hyped, and some of their claims seem like outright lies or at best misleading/useless.
I also don't get, if such a combo of services was so valuable, why someone just doesn't sell it separately.
Silent Circle does use ZRTP (the 'Z' in ZRTP is 'Zimmermann', who is one of Silent Circle's cofounders).
You don't need to trust anyone. There are (admittedly slightly out dated) buildable sources for the Android clients on GitHub. The whole point of ZRTP is that the server can be considered untrusted.
Except Silent Circle is actively promoting "encrypted to the PSTN" without specifying exactly what that means. Handoff to iBasis is hardly "encrypted to the PSTN" for any worthwhile value of PSTN.
The ZRTP part is fine if you can bring your own client. And I guess $12 a month isn't much to pay for SC to run FreeSWITCH as a NAT traversal/endpoint discovery platform.
There's still no real details on how we're supposed to trust Silent Circle from being actively attacked and backdooring clients. If memory serves me correctly Mr. Zimmerman said they're relying on the government not being able to compel them to cooperate. AKA, Lavabit-style. (Sure, ZRTP is solid, but a compromised client isn't detectable to end-users, plus SC talks a lot about calling the PSTN.)
For a comparison to a company that takes security seriously, look at tarsnap. Then go read the PR from Mike Janke the other day.
On another note, what does "100% dedicated network – no sharing or leasing" even mean? Did SC run fibre from Toronto to Switzerland? How is SC's network any different from any other VoIP company that builds a datacenter?
The Silent Circle phone app is end to end encryption, it's their other service that offers "Out-Circle Calling" which is encrypted to the PSTN. I don't understand the dedicated network PR either
I saw Jon Callas talk about the Blackphone at ToorCamp over the weekend and it looked really nice. One interesting factoid he mentioned is that the Blackphone went from initial conversation with manufacturer to actual shipping product in about _6 months_ which is insanely impressive for a well polished smartphone like this.
This isn't as big of a deal as it seems considering the testing & troubleshooting they went through with existing phones to see what works & what doesn't work. The hardware & shell of the phone is probably an off the shelf, off-brand phone design that nobody decided to use with minor customizations.
From what he said it helped that they partnered with folks who had built hardware like this before. However they still had to do a ton of work in the software to customize the OS, build applications, partner with services, etc.
If you're worried about that, the blackphone website can host (via https) assets for ads, and put ads up on a few ad networks. Soon opening a connection to the blackphone site won't mean much.
I have one, it's actually surprisingly good. I'd like to somehow get Google Apps on it (which, I know, defeats the purpose), but it's a very snappy phone, and I was really surprised by how light it is.
This phone has an 8 mega pixel camera. At what point do you think manufacturers will stop increasing pixel resolution? 50? 100? It has to top off somewhere otherwise people will need a second hard drive just to store phone pictures.
There is no secure phone until then.