Mobile
1/15/2014
12:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Blackphone Promises To Block Snooping

Geeksphone and Silent Circle promise their new smartphone will lock out spies. But the details, including how it works, aren't clear.

Android Security: 8 Signs Hackers Own Your Smartphone
Android Security: 8 Signs Hackers Own Your Smartphone
(Click image for larger view.)

With NSA-fueled angst running amok, two mobile-focused companies, Geeksphone and Silent Circle, have joined forces to create the Blackphone, a smartphone designed to put users in control of their privacy. The Blackphone will be available unlocked and off-contract to users who want to maintain a firmer grip on their personal data.

Details about the Blackphone are sparse. Geeksphone designs consumer-grade smart devices that are perhaps best known for supporting Firefox OS. The Madrid company's Firefox-based smartphones are available online. Silent Circle was formed in Washington, DC, by a former US Navy Seal and provides encrypted communications services.

The Blackphone runs a modified version of Google's Android platform called PrivatOS and is carrier and vendor independent. Backers of the device say it will give consumers and businesses control over their privacy. For example, the Blackphone can make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising user privacy. Neither Geeksphone nor Silent Circle provided information on how the Blackphone accomplishes these feats.

[Is Firefox more trustworthy because it's open-source? Read Mozilla's Eich: Trust Us, We're Open.]

One of the chief architects of the Blackphone is Phil Zimmermann, creator of PGP. "I have spent my whole career working towards the launch of secure telephony products," he said in a press release. "Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect." He did not say exactly what those features are.

Without revealing any hardware specs, the Blackphone website claims that the device ranks "among the top performers from any manufacturer" based on industry benchmarks. A mock image of the device on the website shows what appears to be a typical Android smartphone with a slim profile and large screen. "It comes preinstalled with all the tools you need to move throughout the world, conduct business, and stay in touch, while shielding you from prying eyes," the website says. "It's the trustworthy precaution any connected worker should take, whether you're talking to your family or exchanging notes on your latest merger and acquisition."

(Source: fonearena.com)
(Source: fonearena.com)

Also absent are details on pricing and availability. Will the device be sold worldwide or restricted to certain markets? Will those encrypted services require a monthly service fee to Silent Circle, or can owners get all the benefits from any carrier? How will businesses integrate the Blackphone into their security programs?

Blackphone is accepting email addresses from those interested in the device. Its official launch is scheduled for Feb. 24, but more information will be provided ahead of that during the Mobile World Congress in Barcelona.

What do you think? Do we need a phone like this? Would you buy one, Or is it just a gimmick banking on today's snooping-averse climate?

Eric is a freelance writer for InformationWeek specializing in mobile technologies.

Incidents of mobile malware are way up, researchers say, and 78% of respondents worry about lost or stolen devices. But while many teams are taking mobile security more seriously, 42% still skip scanning completely, and just 39% have MDM systems in place. Find out more in the State Of Mobile Security report (free registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
1/15/2014 | 3:44:40 PM
proof?
There's no way to tell until it's released and its source code is available. But even if it fulfills its proimises, it's one link in a long security chain. How many people will buy it then make calls from public places where they can be overheard or where an adversary can monitor the conversation with a directional mic?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant