The fact that privacy is becoming a major issue on the Internet and society at large isn’t news. Many years ago, only the hacking and cyberpunk community cared about privacy. These were the old times, when the technological forerunners foresaw the potential for abuse of this new thing called The Internet. For a long time, privacy advocates have been labeled as zealots, and truth be told, many do wear tin foil hats. Nevertheless, this doesn’t mean they were wrong.
During the past five years, we’ve been illuminated with a continuous stream of incidents that expose the blatant disregard many governments have towards their voters’ privacy. This situation has created an ideal breeding ground for companies that are brandishing privacy as part of their core value proposition.
The rise of the smartphone, its technological nature and the high penetration and usage of such devices worldwide, has turned it into the perfect spying tool for governments.
This is why we shouldn’t be surprised when former privacy advocates like Phil Zimmerman, from PGP fame, and former colleagues, decided to start, in late 2011, a company named Silent Circle that focused exclusively on mobile privacy.
By 2012 they had developed several mobile applications but quickly realized that for a better experience, they had to control the whole phone experience. That’s the reason why, in January of 2014, they teamed up with one of the few independent Android makers, Geeksphone, a small Spanish company that has been doing Android terminals since 2009, to help them deliver a complete smartphone experience. The joint venture, called SGP Technologies and based in Switzerland, finally unveiled the phone they’be been working on since 2012, codename Blackphone.
The official presentation happened during Mobile World Congress in Barcelona this past week, but the reactions have been mixed, ranging from problematic all the way to skeptic. The phone can be pre-ordered at a retail price of 629 dollars and will be shipped in June of this year. A big question still lingers, will the market treat privacy as a luxury good?
Interestingly, while both Wikileaks and the NSA papers seems to capture people’s imagination, searches for ‘privacy’ remain at steady levels.
That said, some topics are rising in popularity, Android’s privacy being one of them (+110% growth).
Is the Blackphone bringing enough firepower to the table?
As far we know, the phone includes the three mobile applications Silent Circle has created to date: Silent Phone, a Voice Over Internet Protocol (VoIP) application that allows you to securely do voice calls, Silent Text, which does the same for text messages plus adds other secure features like secure removal of sent texts, and Silent Contacts, a secure contact manager that prevents others from prying who you communicate with.
All the keys to unlock any ciphered texts will reside with the user, so not even SGP Technologies can hand them out to law enforcement officers.
These three applications will be pre-loaded, with a totally new interface, onto the new Blackphone.
According to our sources, they will be deeply integrated into PrivatOS, a personalized version of Android OS, giving them capabilities that a stand-alone application wouldn’t have.
The Blackphone team has also partnered up with Disconnect.me, an open-source application that blocks multiple tracking companies while you are browsing. The company has tweaked this application and integrated deeper into the OS so that it routs all Internet traffic through their encrypted VPN, securing this way all communications in and out of the device. It’s surprising, though, they choose this one over more serious contenders like Tor and their Android version, Orbot.
The other partner that has been included in the bundle is the SpiderOak application, which enables secure file storage in the cloud. I must say, their standalone application is quite impressive and it does reminds you of Dropbox but with additional security features, even though, so far, they don’t implement two-step verification on login like Dropbox recently did.
One of the applications that is clearly missing is secure email, something that’s kind of a sore thumb for Silent Circle as they had to cancel their own secure email service after a competitor was forced by GCHQ to shut down their services. Since then they’ve been working hand in hand with Ladar Levison from Lavabit, on what they call the Dark Mail initiative, a new secure email protocol that will encrypt email end-to-end.
We wouldn’t be surprised if they would ship a Dark Mail application on the next iteration of the Blackphone. All this said, the current incarnation of the phone seems to have a hefty price, one that supposedly is justified by the following table:
It’s surprising though, that the justification of such a high price tag is based on having licenses of the previous applications when free, open sourced solutions already exist, including a pay-what-you-want option for Disconnect.me and 2Gb of free space for SpiderOak. Strange also, is the fact that, while having the data center in Switzerland due to the fact that it has “minimal data retention” laws, they only allow you to pay for the phone with a credit card, something that allows for easy tracing. For someone in the data privacy business, one would think they would have spent a little more time designing a more anonymous payment system, maybe even accepting Bitcoins.
There are definitely other secure phones in the market like the Quasar IV which has a similar price tag, but most of them like the GSMK Cryptophone, or even the Boing Black phone, are within a 1,000 euros – 4,000 euros price range.
Despite everything, it does comes with some goodies. The phone provides a remote kill switch that was implemented by a very well-known and respected hacker. This kill switch will securely delete all the information in the phone so that it’s beyond recovery, even from law enforcement. It also comes with an internal firewall that will alert the owner of what kind of information the applications are sending or receiving. This fits nicely with the new Security Center, which allows the user to select what kind of permissions they can give each application, either on a case-per-case basis or system-wide.
I wonder though, if non-expert users will go through the extra effort of tweaking their application permissions, one by one or will just leave the default ones. In theory, PrivatOS is designed to enforce the best security practices by default, but little is known of how this works. The cornerstone to enabling security by default is their activation wizard, which will make it very easy to set up all the necessary security measures for neophytes from day one. The question is whether the user will keep them in place after activation.
The new Wi-Fi manager in the Blackphone is a welcome addition. It was coded by Kismet author Mike Kershaw, and it prevents the tracking of your device once you leave a secure environment like your home. An increasing number of shops are using mobile Wi-Fi tracking techniques to learn your shopping habits, something the Blackphone’s new WiFi manager thwarts.
That said, this is something you can easily do right now with rooted devices and a specific application. They’ve also implemented a full disk encryption that will unlock the phone’s files when the user types the correct PIN, something we are very happy to hear and which will reduce the risk of having your private data fall into the wrong hands.
According to our Blackphone sources, the next versions of the device will start implementing hardware protection mechanisms never used before by a vendor, like the ARM Trustzone, which will make not only exploitation of the device much harder, but will protect the user from remote activation of the camera or the microphone.
One of the weaker spots of any Android is how vendors deal with updates to the operating systems through Over-The-Air (OTA) updates.
Many security experts have been criticising vendors for removing support for old devices, leaving millions of devices at risk from old and known exploits. The Blackphone provides what they call, a Secure Over-The-Air update system that will provide regular updates from SGP Technologies, the joint venture between Silent Circle and Geeksphone.
This could prove to be an advantage or a big problem if the company can’t keep up with the updates.
In terms of Android OS hardening, while Blackphone didn’t comment on specifics, we’re positive they’re targeting at least some of the current Android problems, like the use of deterministic random number generators or the securing of the default cryptography engine selection. The fact that the company shared close to no details makes it hard to assess if they’re taking care of major security issues like the much needed effective ASLR for every part of the memory or the hardening of the Android debugger, adb, which allowed, until recently, full access to the device if you had physical access to it.
There are other security mechanisms that can be implemented to secure even more the Android OS that we aren’t sure they are implemented in PrivatOS. Are they implementing SEAndroid? Are they expanding the use of SecComp Sandboxing, employed by Chrome? Is it possible they’re compiling critical parts of the OS with safe flags like FORTIFY_SOURCE and fstack-protector? Are they using some of the ARM ports from GRSecurity?
This lack of transparency is probably one of the major weaknesses of the company, specially if you’re dealing in the security industry. Silent Circle has already run into problems for delaying the release of the source code of their mobile applications, and once again, they’re being opaque about what security measures they’re implementing on the new device.
This is leaving many in the security industry with a big sense of skepticism:
The @Blackphone_ch has started taking pre-orders, but I can't find the details of how PrivatOS is an improvement on stock AndroidOS.
— Mike Myers (@fristle) February 24, 2014
— securityninja (@securityninja) February 24, 2014
— Arrigo Triulzi (@cynicalsecurity) January 15, 2014
All in all, the Blackphone is a good idea, albeit one that requires taking a huge leap of faith in the size and depth of the market they’re trying to tackle. The fact that they’ve already signed KPN Mobile as the first telecommunications company to sell the phone, is a good first step. The future will say if it ends in disaster or becomes a brilliant move that will position SGP Technologies at the vanguard of the privacy revolution for mobile devices. Either way, they surely need to improve their commercial and PR skills to match their technical prowess and they should start by releasing more technical information so that the market can really judge the soundness of their products.
Featured image credit: jeffy11390 / Shutterstock