Mobile
1/15/2014
12:50 PM
50%
50%

Blackphone Promises To Block Snooping

Geeksphone and Silent Circle promise their new smartphone will lock out spies. But the details, including how it works, aren't clear.

Android Security: 8 Signs Hackers Own Your Smartphone
Android Security: 8 Signs Hackers Own Your Smartphone
(Click image for larger view.)

With NSA-fueled angst running amok, two mobile-focused companies, Geeksphone and Silent Circle, have joined forces to create the Blackphone, a smartphone designed to put users in control of their privacy. The Blackphone will be available unlocked and off-contract to users who want to maintain a firmer grip on their personal data.

Details about the Blackphone are sparse. Geeksphone designs consumer-grade smart devices that are perhaps best known for supporting Firefox OS. The Madrid company's Firefox-based smartphones are available online. Silent Circle was formed in Washington, DC, by a former US Navy Seal and provides encrypted communications services.

The Blackphone runs a modified version of Google's Android platform called PrivatOS and is carrier and vendor independent. Backers of the device say it will give consumers and businesses control over their privacy. For example, the Blackphone can make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising user privacy. Neither Geeksphone nor Silent Circle provided information on how the Blackphone accomplishes these feats.

[Is Firefox more trustworthy because it's open-source? Read Mozilla's Eich: Trust Us, We're Open.]

One of the chief architects of the Blackphone is Phil Zimmermann, creator of PGP. "I have spent my whole career working towards the launch of secure telephony products," he said in a press release. "Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect." He did not say exactly what those features are.

Without revealing any hardware specs, the Blackphone website claims that the device ranks "among the top performers from any manufacturer" based on industry benchmarks. A mock image of the device on the website shows what appears to be a typical Android smartphone with a slim profile and large screen. "It comes preinstalled with all the tools you need to move throughout the world, conduct business, and stay in touch, while shielding you from prying eyes," the website says. "It's the trustworthy precaution any connected worker should take, whether you're talking to your family or exchanging notes on your latest merger and acquisition."

(Source: fonearena.com)
(Source: fonearena.com)

Also absent are details on pricing and availability. Will the device be sold worldwide or restricted to certain markets? Will those encrypted services require a monthly service fee to Silent Circle, or can owners get all the benefits from any carrier? How will businesses integrate the Blackphone into their security programs?

Blackphone is accepting email addresses from those interested in the device. Its official launch is scheduled for Feb. 24, but more information will be provided ahead of that during the Mobile World Congress in Barcelona.

What do you think? Do we need a phone like this? Would you buy one, Or is it just a gimmick banking on today's snooping-averse climate?

Eric is a freelance writer for InformationWeek specializing in mobile technologies.

Incidents of mobile malware are way up, researchers say, and 78% of respondents worry about lost or stolen devices. But while many teams are taking mobile security more seriously, 42% still skip scanning completely, and just 39% have MDM systems in place. Find out more in the State Of Mobile Security report (free registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
1/15/2014 | 3:44:40 PM
proof?
There's no way to tell until it's released and its source code is available. But even if it fulfills its proimises, it's one link in a long security chain. How many people will buy it then make calls from public places where they can be overheard or where an adversary can monitor the conversation with a directional mic?
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I've seen worse.  Last week Tim had a dragon."
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.