A collaboration between Spanish start-up smartphone manufacturing company GeeksPhone, and secure messaging service Silent Circle has announced that it is working on a new smart phone ‘which prioritizes the user’s privacy and control, without any hooks to carriers or vendors. It comes preinstalled with all the tools you need to move throughout the world, conduct business, and stay in touch, while shielding you from prying eyes.’
Details are so far rather lacking, with the website focusing mainly on the need for greater security in smart phones. Although the Blackphone is said to provide ‘performance benchmarks [that] put it among the top performers from any manufacturer,’ no details about the hardware are currently available, or its proposed price tag).
What is known is that the new Operating System, known as PrivatOS, will be based on Android, and will provide full access to regular Android app. It is claimed that PrivatOS will give users ‘everything you need to take ownership of your mobile presence and digital footprints, and ensure nobody else can watch you without your knowledge,’
This means that users will be able to send and receive secure phone calls and texts, exchange and store files securely, video chat securely, and use VPN to browse the internet securely.
The involvement of Silent Circle, with its track record of providing high levels of privacy and of resisting government pressure, gives us some confidence in the project, but a number of important issues concern us.
For a start, Android is not fully open source. It is possible to strip out the parts that are not open source (as for example Cyanogenmod has done), but, critically, there is so far no suggestion that PrivatOS will itself be open source. Although being open source (and therefore can be independently audited), is no guarantee that malicious code has not been inserted into a program (or OS), it does provide the best protection available. As has been shown again and again over the last year, proprietary code which cannot be independently scrutinized simply cannot be trusted.
An even bigger problem, and one that will likely affect the security of the phone even if it turns out that PrivatOS is 100% fully audited open source, is the baseband chip (used to manage all radio and communications functions used in all smart phones). As revelation explains,
‘The privacy issue in smartphones isn’t the freaking application processor running Android. Sure, that ones terrible enough.
But the actual problem is the baseband processor running completely non-free software, with an enormous attack surface and access to all the interesting periphery (GPS, microphone). There is not just opportunity to compromise your privacy, Qualcomm and others actively implement such features at the behest of governments and carriers.’
The carrier’s SIM card also represents a major headache to security,
‘Oh, and if you plug that enormous hole, you get to the SIM card, yet another processor that you have zero control over, but which has access to enough juicy data to compromise your privacy. I highly recommend everyone to watch a talk from 30C3 by Karsten Nohl, where he shows a live attack on an improperly configured SIM card that remotely implants a Java app on the SIM card which continuously sends your cell ID (your approximate location) to the attacker by short message (without notification to the application processor, e.g. Android or iOS):
Carriers can do this today.’ See also The second operating system hiding in every mobile phone.
Until baseband processor firmware becomes open source, and some solution is found to the SIM card problem, no smart phone can be considered secure, although Blackphone would get off to a good start by not making its PrivatOS with closed code.
We shall watch developments with interest.