Secure smartphones are nice, but not enough
Everybody talks about smartphone security. But who's going to do something about it?
Computerworld - Smartphones are perfect targets for hacking, tracking, surveillance, industrial espionage and malware.
Unlike, say, desktop PCs, smartphones often connect promiscuously to many public Wi-Fi networks. They can connect to multiple types of wireless networks, including Wi-Fi, mobile data networks, Bluetooth and NFC -- all of which are potential doorways for unauthorized access.
Smartphones, in fact, run two operating systems: there's the one you know about -- the one that does normal operating system jobs, and which you may diligently update with the latest security patches; and there's one you may not know about -- the one that controls the radio hardware and is rarely updated.
Smartphones can report location, which the phone figures out with GPS. And even when GPS is turned off, phones connect to cell towers, which can be triangulated to pinpoint a phone's location, or to Wi-Fi networks, which give away your location when you connect.
Carriers routinely sell location information to any organization willing to pay for it.
Smartphones are more likely to run apps from developers the user has never heard of and that can be loaded with secret, backdoor functions that can harvest personal data and send it off to some unknown server.
Yes, smartphones are super insecure. Everybody knows it. Nobody likes it. Yet who really does anything about it?
In the past week, two new ultra-secure smartphones have been in the news. One is called the Blackphone. The other is called the Black phone. No, I'm not making this up. The difference in their names is a space.
Here's what we know about the two most secure smartphones ever created.
The $629 phone was made in partnership with Silent Circle, a U.S.-based company founded by a former Navy SEAL and the inventor of Pretty Good Privacy (PGP).
Silent Circle is also known for shutting down its Silent Mail service last August, which the company reportedly did because it believed it would soon receive requests from the government to turn over the email data of its customers.
Blackphone is an Android device and more or less looks and feels like a regular Android phone. However, it uses a forked version of Android called the PrivatOS, which prevents apps from accessing personal information and works with privacy-enabled apps. For example, the built-in Web browser doesn't track your Web surfing. The phone also enables you to choose what personal information is available to each app. When you install apps, the installer presents you with individual permissions on each source of data that each app requests.
The Blackphone prevents its wireless radios from being logged via Wi-Fi as you walk around. Wi-Fi turns off when you're outside the range of a trusted hotspot. All data on the phone is encrypted, so if your phone is lost or stolen nobody else can gain access to the data. It has its own remote-delete tools as well.
The phone comes with a two-year subscription to Silent Circle's platform that encrypts phone calls and emails. The subscription covers three people -- the owner of the Blackphone and two friends or colleagues, regardless of what phones they use. It also comes with a two-year subscription to Disconnect, which anonymizes Wi-Fi connections, and SpiderOak, which is an anonymous cloud storage service.
Blackphone is designed for the general market, but Geeksphone claims that it's getting inquiries from government customers.
The Black phone
For the past two years, aerospace and defense contractor Boeing has been working on a special-purpose phone called the Black for customers who work in the government, the military and espionage. The phone was revealed in public FCC documents that all phone makers are required to file.
The Boeing Black phone is also an Android smartphone, but we know much less about it, because Boeing intends to keep its details secret. Papers filed with the FCC specifically request that information about the phone be kept secret, and a letter accompanying those papers says that even after the phone is available, it won't be available to the general public, nor will information about the phone be public.
The Black phone is small, thick and heavy. The handset is 5.2 in. tall. It's about twice as thick as an iPhone and much heavier. It has a modular design that enables users to attach add-ons, such as tracking tools, satellite transceivers, biometric sensors and solar charging devices.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!