Mobile
1/15/2014
12:50 PM
50%
50%

Blackphone Promises To Block Snooping

Geeksphone and Silent Circle promise their new smartphone will lock out spies. But the details, including how it works, aren't clear.

Android Security: 8 Signs Hackers Own Your Smartphone
Android Security: 8 Signs Hackers Own Your Smartphone
(Click image for larger view.)

With NSA-fueled angst running amok, two mobile-focused companies, Geeksphone and Silent Circle, have joined forces to create the Blackphone, a smartphone designed to put users in control of their privacy. The Blackphone will be available unlocked and off-contract to users who want to maintain a firmer grip on their personal data.

Details about the Blackphone are sparse. Geeksphone designs consumer-grade smart devices that are perhaps best known for supporting Firefox OS. The Madrid company's Firefox-based smartphones are available online. Silent Circle was formed in Washington, DC, by a former US Navy Seal and provides encrypted communications services.

The Blackphone runs a modified version of Google's Android platform called PrivatOS and is carrier and vendor independent. Backers of the device say it will give consumers and businesses control over their privacy. For example, the Blackphone can make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising user privacy. Neither Geeksphone nor Silent Circle provided information on how the Blackphone accomplishes these feats.

[Is Firefox more trustworthy because it's open-source? Read Mozilla's Eich: Trust Us, We're Open.]

One of the chief architects of the Blackphone is Phil Zimmermann, creator of PGP. "I have spent my whole career working towards the launch of secure telephony products," he said in a press release. "Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect." He did not say exactly what those features are.

Without revealing any hardware specs, the Blackphone website claims that the device ranks "among the top performers from any manufacturer" based on industry benchmarks. A mock image of the device on the website shows what appears to be a typical Android smartphone with a slim profile and large screen. "It comes preinstalled with all the tools you need to move throughout the world, conduct business, and stay in touch, while shielding you from prying eyes," the website says. "It's the trustworthy precaution any connected worker should take, whether you're talking to your family or exchanging notes on your latest merger and acquisition."

(Source: fonearena.com)
(Source: fonearena.com)

Also absent are details on pricing and availability. Will the device be sold worldwide or restricted to certain markets? Will those encrypted services require a monthly service fee to Silent Circle, or can owners get all the benefits from any carrier? How will businesses integrate the Blackphone into their security programs?

Blackphone is accepting email addresses from those interested in the device. Its official launch is scheduled for Feb. 24, but more information will be provided ahead of that during the Mobile World Congress in Barcelona.

What do you think? Do we need a phone like this? Would you buy one, Or is it just a gimmick banking on today's snooping-averse climate?

Eric is a freelance writer for InformationWeek specializing in mobile technologies.

Incidents of mobile malware are way up, researchers say, and 78% of respondents worry about lost or stolen devices. But while many teams are taking mobile security more seriously, 42% still skip scanning completely, and just 39% have MDM systems in place. Find out more in the State Of Mobile Security report (free registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
1/15/2014 | 3:44:40 PM
proof?
There's no way to tell until it's released and its source code is available. But even if it fulfills its proimises, it's one link in a long security chain. How many people will buy it then make calls from public places where they can be overheard or where an adversary can monitor the conversation with a directional mic?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7896
Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283
Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683
Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0656
Published: 2015-03-03
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269.

CVE-2015-0890
Published: 2015-03-03
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.