Mobile
3/5/2014
11:55 AM
50%
50%

FreedomPop Debuts Encrypted Snowden Phone

Prepaid phone carrier promises secure messaging, anonymous browsing to security-minded customers.

Mobile World Congress: 5 Hot Gadgets
Mobile World Congress: 5 Hot Gadgets
(Click image for larger view and slideshow.)

FreedomPop on Wednesday debuted a smartphone it says is the answer for users looking to hang up on would-be snoopers. The Privacy Phone, which FreedomPop has dubbed the "Snowden Phone," employs encryption to safeguard communications and a third-party browser to block tracking and circumvent the worst of the Web.

The Privacy Phone is actually a refurbished Samsung Galaxy S II (circa 2011) that runs Google's Android operating system (although FreedomPop didn't specify which version of Android). It costs a mere $189, with no contract required. As an MVNO that uses Sprint's network for calls and messaging, FreedomPop offers low-cost (sometimes even free) service.

Loaded with security software from Private Communications Corp., the Privacy Phone takes a two-pronged approach to shielding owners' privacy. First, the essential communications tools -- voice calls and text messages -- are encrypted. Rather than passing calls and messages over traditional voice networks, FreedomPop relies on Sprint's LTE data network and sends calls through the Internet using VoIP and its own VPN. In addition to the encryption, the phone makes contacts, call history, and text messages confidential, so if the device is lost no one can access that information. FreedomPop claims it can block unsolicited incoming calls and texts, and the company will allow owners to change their phone number as often as they want.

[iOS users have a new security option for messaging. Read Cryptocat Wins Apple Approval.]

Second, all apps and Internet data on the Privacy Phone are also sent through a secure, encrypted VPN for anonymous Web browsing. The software, from Private Communications, manages all the permissions for apps and locks them down while also giving owners the option to loosen some of those restrictions when necessary. FreedomPop claims this allows the Privacy Phone to protect users against online marketers tracking Web activity, to defend against data monitoring, and to bypass website restrictions so users can connect to any site online. The tools also protect against viruses, malware, spyware, and phishing.

"In light of recent violations in consumer's privacy across social networks and mobile devices, privacy is becoming increasingly important to many Americans, and we all have a right to communicate anonymously," said FreedomPop COO Steven Sesar in a statement. "Large carriers don't have the flexibility, desire, or creativity to invest in privacy. We don't agree with this approach and felt it was up to us to create a truly private mobile phone service at an affordable price."

The phone is being sold at a rock-bottom price, and FreedomPop is offering early adopters three months of free service. The monthly plan includes unlimited voice and messaging as well as 500 MB of data. After the trial period ends, the monthly cost will go up to just $10. To further the appeal of its anonymous nature, FreedomPop is accepting payments in Bitcoin.

FreedomPop's effort follows closely on the heels of two other security-minded devices released in recent weeks. GeeksPhone fully revealed the Blackphone last month. The Blackphone runs a modified version of Google's Android platform called PrivatOS and is carrier- and vendor-independent. Geeksphone says it gives consumers and businesses control over their privacy. For example, the Blackphone, which uses security software from Silent Circle, can make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising user privacy. Boeing also introduced a secure smartphone last month. Called the Boeing Black, the device will self-destruct if tampered with.

The devices come in the wake of Edward Snowden's revelations about the NSA and its mass data collection schemes, including details of voice calls made from cell phones. Surely some people value their privacy enough to plunk down cash for these secure smartphones. The tradeoffs, however, are unclear. Do all Android apps work on these phones, or do the security elements prevent many of them from functioning properly? Further, it's not clear how they might fit with individual business' security strategies and mobile device management tools.

Bottom line: Be sure to ask some hard questions before you pick up one of these secure smartphones.

Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.

Eric is a freelance writer for InformationWeek specializing in mobile technologies. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HelenD630
50%
50%
HelenD630,
User Rank: Apprentice
11/21/2014 | 10:21:13 PM
best vpn services
With all that's happening in the world, we really need to protect our privacy. VPN is really important. However, be very careful in choosing the right VPN as there are VPNs that claim they don't log your information but the truth is they do. The key is to look for the best vpn services in the market today. 
anon2533164292
50%
50%
anon2533164292,
User Rank: Apprentice
5/26/2014 | 6:35:31 AM
Re: Testing or Certification?
Its one of best service to secure your data and privacy. Alwayas use best vpn services
shaunstevin
50%
50%
shaunstevin,
User Rank: Apprentice
3/6/2014 | 8:37:30 AM
Re: Testing or Certification?
we can protect our identities, data and remain private by using a PureVPN service. A Virtual Private Network is a network technology that creates a secure network connection over a public network such as the Internet.

http://www.purevpn.com/blog/kevin-mitnick-gives-solution-for-nsa-spying/
micjustin33
50%
50%
micjustin33,
User Rank: Apprentice
3/6/2014 | 4:43:07 AM
Re: Testing or Certification?
Silent Circle and Geeksphone recently launched a Blackphone for providing encryption services that was a hug impact in the communications security industry specially on NSA. If you're privacy and security focused like me, you have got to have this.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
3/5/2014 | 4:46:03 PM
Testing or Certification?
The problem all these encryption technologies face is that there's no way for the average user to be certain that they're truly secure. The NSA has made it impossible to trust even accepted encryption protocols. And even if the technology turns out to be sound, there are so many other ways security can be compromised (e.g. a listening device in a room) that it hardly seems worth it to try to keep electronic data secret. A determined government-funded adversary will defeat whatever off-the-shelf solution you come up with.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.