Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

1/15/2014
12:50 PM
50%
50%

Blackphone Promises To Block Snooping

Geeksphone and Silent Circle promise their new smartphone will lock out spies. But the details, including how it works, aren't clear.

Android Security: 8 Signs Hackers Own Your Smartphone
Android Security: 8 Signs Hackers Own Your Smartphone
(Click image for larger view.)

With NSA-fueled angst running amok, two mobile-focused companies, Geeksphone and Silent Circle, have joined forces to create the Blackphone, a smartphone designed to put users in control of their privacy. The Blackphone will be available unlocked and off-contract to users who want to maintain a firmer grip on their personal data.

Details about the Blackphone are sparse. Geeksphone designs consumer-grade smart devices that are perhaps best known for supporting Firefox OS. The Madrid company's Firefox-based smartphones are available online. Silent Circle was formed in Washington, DC, by a former US Navy Seal and provides encrypted communications services.

The Blackphone runs a modified version of Google's Android platform called PrivatOS and is carrier and vendor independent. Backers of the device say it will give consumers and businesses control over their privacy. For example, the Blackphone can make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising user privacy. Neither Geeksphone nor Silent Circle provided information on how the Blackphone accomplishes these feats.

[Is Firefox more trustworthy because it's open-source? Read Mozilla's Eich: Trust Us, We're Open.]

One of the chief architects of the Blackphone is Phil Zimmermann, creator of PGP. "I have spent my whole career working towards the launch of secure telephony products," he said in a press release. "Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect." He did not say exactly what those features are.

Without revealing any hardware specs, the Blackphone website claims that the device ranks "among the top performers from any manufacturer" based on industry benchmarks. A mock image of the device on the website shows what appears to be a typical Android smartphone with a slim profile and large screen. "It comes preinstalled with all the tools you need to move throughout the world, conduct business, and stay in touch, while shielding you from prying eyes," the website says. "It's the trustworthy precaution any connected worker should take, whether you're talking to your family or exchanging notes on your latest merger and acquisition."

(Source: fonearena.com)
(Source: fonearena.com)

Also absent are details on pricing and availability. Will the device be sold worldwide or restricted to certain markets? Will those encrypted services require a monthly service fee to Silent Circle, or can owners get all the benefits from any carrier? How will businesses integrate the Blackphone into their security programs?

Blackphone is accepting email addresses from those interested in the device. Its official launch is scheduled for Feb. 24, but more information will be provided ahead of that during the Mobile World Congress in Barcelona.

What do you think? Do we need a phone like this? Would you buy one, Or is it just a gimmick banking on today's snooping-averse climate?

Eric is a freelance writer for InformationWeek specializing in mobile technologies.

Incidents of mobile malware are way up, researchers say, and 78% of respondents worry about lost or stolen devices. But while many teams are taking mobile security more seriously, 42% still skip scanning completely, and just 39% have MDM systems in place. Find out more in the State Of Mobile Security report (free registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
1/15/2014 | 3:44:40 PM
proof?
There's no way to tell until it's released and its source code is available. But even if it fulfills its proimises, it's one link in a long security chain. How many people will buy it then make calls from public places where they can be overheard or where an adversary can monitor the conversation with a directional mic?
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16404
PUBLISHED: 2019-10-21
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVE-2019-17400
PUBLISHED: 2019-10-21
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
CVE-2019-17498
PUBLISHED: 2019-10-21
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
CVE-2019-16969
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16974
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.