Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

3/5/2014
11:55 AM
50%
50%

FreedomPop Debuts Encrypted Snowden Phone

Prepaid phone carrier promises secure messaging, anonymous browsing to security-minded customers.

Mobile World Congress: 5 Hot Gadgets
Mobile World Congress: 5 Hot Gadgets
(Click image for larger view and slideshow.)

FreedomPop on Wednesday debuted a smartphone it says is the answer for users looking to hang up on would-be snoopers. The Privacy Phone, which FreedomPop has dubbed the "Snowden Phone," employs encryption to safeguard communications and a third-party browser to block tracking and circumvent the worst of the Web.

The Privacy Phone is actually a refurbished Samsung Galaxy S II (circa 2011) that runs Google's Android operating system (although FreedomPop didn't specify which version of Android). It costs a mere $189, with no contract required. As an MVNO that uses Sprint's network for calls and messaging, FreedomPop offers low-cost (sometimes even free) service.

Loaded with security software from Private Communications Corp., the Privacy Phone takes a two-pronged approach to shielding owners' privacy. First, the essential communications tools -- voice calls and text messages -- are encrypted. Rather than passing calls and messages over traditional voice networks, FreedomPop relies on Sprint's LTE data network and sends calls through the Internet using VoIP and its own VPN. In addition to the encryption, the phone makes contacts, call history, and text messages confidential, so if the device is lost no one can access that information. FreedomPop claims it can block unsolicited incoming calls and texts, and the company will allow owners to change their phone number as often as they want.

[iOS users have a new security option for messaging. Read Cryptocat Wins Apple Approval.]

Second, all apps and Internet data on the Privacy Phone are also sent through a secure, encrypted VPN for anonymous Web browsing. The software, from Private Communications, manages all the permissions for apps and locks them down while also giving owners the option to loosen some of those restrictions when necessary. FreedomPop claims this allows the Privacy Phone to protect users against online marketers tracking Web activity, to defend against data monitoring, and to bypass website restrictions so users can connect to any site online. The tools also protect against viruses, malware, spyware, and phishing.

"In light of recent violations in consumer's privacy across social networks and mobile devices, privacy is becoming increasingly important to many Americans, and we all have a right to communicate anonymously," said FreedomPop COO Steven Sesar in a statement. "Large carriers don't have the flexibility, desire, or creativity to invest in privacy. We don't agree with this approach and felt it was up to us to create a truly private mobile phone service at an affordable price."

The phone is being sold at a rock-bottom price, and FreedomPop is offering early adopters three months of free service. The monthly plan includes unlimited voice and messaging as well as 500 MB of data. After the trial period ends, the monthly cost will go up to just $10. To further the appeal of its anonymous nature, FreedomPop is accepting payments in Bitcoin.

FreedomPop's effort follows closely on the heels of two other security-minded devices released in recent weeks. GeeksPhone fully revealed the Blackphone last month. The Blackphone runs a modified version of Google's Android platform called PrivatOS and is carrier- and vendor-independent. Geeksphone says it gives consumers and businesses control over their privacy. For example, the Blackphone, which uses security software from Silent Circle, can make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising user privacy. Boeing also introduced a secure smartphone last month. Called the Boeing Black, the device will self-destruct if tampered with.

The devices come in the wake of Edward Snowden's revelations about the NSA and its mass data collection schemes, including details of voice calls made from cell phones. Surely some people value their privacy enough to plunk down cash for these secure smartphones. The tradeoffs, however, are unclear. Do all Android apps work on these phones, or do the security elements prevent many of them from functioning properly? Further, it's not clear how they might fit with individual business' security strategies and mobile device management tools.

Bottom line: Be sure to ask some hard questions before you pick up one of these secure smartphones.

Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.

Eric is a freelance writer for InformationWeek specializing in mobile technologies. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HelenD630
50%
50%
HelenD630,
User Rank: Apprentice
11/21/2014 | 10:21:13 PM
best vpn services
With all that's happening in the world, we really need to protect our privacy. VPN is really important. However, be very careful in choosing the right VPN as there are VPNs that claim they don't log your information but the truth is they do. The key is to look for the best vpn services in the market today. 
anon2533164292
50%
50%
anon2533164292,
User Rank: Apprentice
5/26/2014 | 6:35:31 AM
Re: Testing or Certification?
Its one of best service to secure your data and privacy. Alwayas use best vpn services
shaunstevin
50%
50%
shaunstevin,
User Rank: Apprentice
3/6/2014 | 8:37:30 AM
Re: Testing or Certification?
we can protect our identities, data and remain private by using a PureVPN service. A Virtual Private Network is a network technology that creates a secure network connection over a public network such as the Internet.

http://www.purevpn.com/blog/kevin-mitnick-gives-solution-for-nsa-spying/
micjustin33
50%
50%
micjustin33,
User Rank: Apprentice
3/6/2014 | 4:43:07 AM
Re: Testing or Certification?
Silent Circle and Geeksphone recently launched a Blackphone for providing encryption services that was a hug impact in the communications security industry specially on NSA. If you're privacy and security focused like me, you have got to have this.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
3/5/2014 | 4:46:03 PM
Testing or Certification?
The problem all these encryption technologies face is that there's no way for the average user to be certain that they're truly secure. The NSA has made it impossible to trust even accepted encryption protocols. And even if the technology turns out to be sound, there are so many other ways security can be compromised (e.g. a listening device in a room) that it hardly seems worth it to try to keep electronic data secret. A determined government-funded adversary will defeat whatever off-the-shelf solution you come up with.
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26077
PUBLISHED: 2021-05-10
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring...
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.