Feeds

back to article Über-secure Blackphone crypto-mobe spills its silicon guts

SGP Technologies, the Switzerland-based joint venture of Spanish handset maker Geeksphone and security firm Silent Circle, has revealed specs for the Blackphone BP1, its forthcoming privacy-minded handset. The locked-down mobe will be powered by the Nvidia Tegra 4i, making it one of the first devices to ship based on that system …

COMMENTS

This topic is closed for new posts.
Bronze badge
Black Helicopters

First customer?

I would bet the NSA and GCHQ are some of the first customers.

4
1
G2

Re: First customer?

don't worry.. it seems it's built specifically FOR those agencies and not designed to be used at all in Russia and the eastern side of the continent - according to those published specs it has no support for GLONASS at all, it only supports american-style GPS - thus it will be hard for it to achieve commercial distribution in Russia and its neighbors that require GLONASS.

Russia mandates that any device imported for sale that can use GPS must also support GLONASS.

No GLONASS => not designed to be sold in Russia or its neighbors (unless you pay the 25% import tax for devices that are not-GLONASS compatible)

1
0
Anonymous Coward

LOL

Oh yes ever so secure, the only people that will be able to intercept will be GCHQ, NSA and a few dozen hackers,lol. Oh yes ever so secure !

2
4
Gold badge

Re: LOL

Actually, I don't think so - we are now getting to a point where I start believing some of what they are saying.

First of all, it is formally sold and owned by a Swiss entity so there is less potential to backdoor the company. Having said that, the company's official registration shows two US resident owners, and that creates a few questions with respect to leverage by foreign intelligence - I hope these guys are procedurally barred from getting near anything sensitive unless supervised and audited (no, this is not an accusation, just an indication of a human risk factor that requires attention for assurance purposes).

Secondly, it seems we are getting closer to a product that seeks to comply with Kerckhoffs' Principle (no, I can't explain why Wikipedia no longer seems to know the rules for possessive nouns either, but I digress), and if they can truly pull that off, I *AM* interested. Anything that is so open it can withstand independent audit has my undivided attention. I have had so many products in my hand that tried to blind me with BS and science that it would be a relief to deal with something that's actually done properly.

The only problem I see is the question how they will cope with their product being used by the usual plethora of Bad Guys, but I guess that's the same question that showed up when PGP was originally published, and export restrictions are nigh impossible to maintain with an open product.

So, much more interested now.

2
0
Silver badge

This is no cure

Goody.

Now I can have some good feeling that *if* other handsets are using the same protocol as this handset and are as secure as this handset, it will be just as secure as ...errr... Ya. I am not sure I feel all that secure yet.

We have a long way to go before anybody who has a clue can also have confidence in network security.

3
1
Big Brother

Singing in the rain

I get the feeling that this is going to do nothing more than attract extra interest from NSA ectera. Which is really all to the good. They have no interest in business deals for the apolitical, and the pirates need a good wacking after all the trouble that they have stirred up lately.

Does anyone out there in England feel like we are watching the first land war over internet piracy in the Ukraine? I don't see many strategic interests that can be furthered by America pulling the Ukraine out of Russia's sphere of influence except that it would cut down on one of the hiding places for Black hats on the internet.

0
7

And if you even look at buying one

you'll be on all the watchlists you could ever dream of.

2
2
Bronze badge

Secure???

My guess is that the powers that be and keep us safe from terrorism already have what they need for this phone. Plus all the public airwaves. The black hat group will probably hit hard if they feel the need for a challenge as will the white hats which means it won't be all that secure. Actually, it'll probably be less secure since the hat types will want to break it anyway they can.

0
1

If that's not a typo...

1GB of RAM and only 16GB of storage is pretty pathetic for a modern smartphone. You have a quad-core device with just a gig? Really? I understand it's kind of purpose-built, but RAM is cheap and surely a bit more could be crammed in there. A bit disappointing and it will be noticed in the phone's performance I'm sure, if it's true.

0
1
M7S
Bronze badge

Re: If that's not a typo...

Why do you need all the extra processing capability? With all the articles on here about apps leeching data from users concerning their whereabouts, contact lists etc, surely any security aware user will eschew these?

0
0
Bronze badge

Re: If that's not a typo...

Why do you need all the extra processing capability? With all the articles on here about apps leeching data from users concerning their whereabouts, contact lists etc, surely any security aware user will eschew these?

Well, you would hope that phone that is marketed to be secure would also be running pretty decent firewall to stop any third party apps leaking anything anywhere.

As for processing capability, you'd want plenty of grunt for all the encryption given that the target market would probably want to use decent key lengths as well.

0
0
Anonymous Coward

Re: If that's not a typo...

Ha ha ha... that's GCHQ and NSA laughing... they own the chipsets and bios etc ... they don't bother about firewalls.

0
1
Gold badge

Re: If that's not a typo...

As for processing capability, you'd want plenty of grunt for all the encryption given that the target market would probably want to use decent key lengths as well.

Symmetric crypto isn't *that* processor heavy for what is in essence only an encapsulated voice stream - even the older Symbian phones were already capable of carrying that one off, especially when using carrier grade codecs. Even the connection setup time is more bandwidth than CPU resource bound, so as far as I can see it's got plenty of grunt, and plenty of margin to run a good firewall.

Personally, I'm OK with limited grunt, because that will also leave less room for "extras" that try to sneak in under the bonnet. Key to keeping a secure phone secure is that you actually keep the door locked, so your want for a firewall is correct. Given the phone's architecture, I think that's taken care of. In my opinion, the key risk for this phone is blank SMS traffic, because that is still a triangulation risk that can be accessed on remote by anyone at telecomms level..

0
0

Re: If that's not a typo...

The level of security audit and testing feasible on hardware and software is proportional to its age.

So if you really want a secure system, you don't want the latest shiny. You do want something that's been around for a while and has been very heavily used by many curious people willing to publish what they have discovered.

1
0
Bronze badge

whatever happened to

...all of the heroes

<ahem> sorry... Lost focus...

Whatever happened to the app that tpb were working on? Hemlis?

0
0

This is pretty cool. Windows Phone needs to do something similar to get Government contracts and for people who want security. Maybe make a Lumia Secure. This phone seems cool, it'll be interesting to see it and one Android phone I might consider getting.

0
0
Anonymous Coward

Windows Phone needs to do something similar to get Government contracts

I wouldn't hold my breath, not on Winphone doing this, or governments considering using it other than for a good laugh. Microsoft doesn't have a good track record when it comes to security, nor does it have the required development processes in place to clean things up to a good enough standard for secure government work. It didn't have to, on the desktop it had a monopoly. In the mobile world, however, it has not.

0
0
Silver badge

Low power tasks???

>"battery-saver core" for low-power tasks like active standby, music and video playback

Video is low power task now? Either I've just been unwittingly transported to the year 2050 or someone has got their wired crossed. Unless this machine secretly has an Cray XK7 embedded in it along with all the security features but no ones talking.

2
0
Silver badge

Re: Low power tasks???

Yes, Video playback is a relatively low cpu power task - the processor has to do little more than orchestrate the passing of data to the dedicated video decode hardware that is genuinely efficient. Hence low power, as in a low-power CPU can perform the task.

The display will take more (electrical) power to display the video...

0
0
Silver badge

Re: Low power tasks???

And which video codecs can this decoder hardware cope with then? Presumably if its stumped then it falls back on the CPU and its no longer a low power task.

0
0

Re: Low power tasks???

From the Tegra 4/4i site regarding that 5th core:

"The single battery-saver core handles low-power tasks like active standby, music, and video playback, and is fully transparent to the OS and applications."

Video playback is certainly not as low power as music playback, but it's still relatively low power. My old laptops can play video just fine but perform poorly on modern games.

From NVidia's GPU white paper Appendix B:

Video decode:

H.264 HP/MP/BP 4k x 2k 62.5Mbps @ 24p, 1440p 62.5Mbps @ 30p, 1080p 62.5Mbps @ 60p;

VC1 AP/MP/SP 1080p 40Mbps @ 60i/30p;

MPEG4 SP 1080p 10Mbps @ 30 fps;

WebM VP8 1080p 60Mbps @ 60p, 1440p 60Mbps @ 30p;

MPEG-2 MP 1080p 80Mbps @ 60i/60p

So... not all the latest (e.g. no H.265 or VP9), but certainly covers a majority of video content on the web. I guess if your video is not in one of those formats, it would have to download the appropriate codec and run that in software ... but I don't know if that can run in the low power core or not.

I don't understand Blackphone's battery rating though: 2000mA. For how long? I also wonder why they specify only 1GB LPDDR3 while NVidia says the Tegra 4i has 2GB LPDDR3. Is it using 1GB for the built-in LTE modem?

0
0
Silver badge

The only phone that will work is one that cannot be sold in the US. By law the US gov (Department of Commerce) mandates what encryption schemes can be exported. Anything not on their list is not allowed to be sold in the US. It is considered as "strong encryption" and illegal. You can bet the anything on the approved encryption list (which includes AES) can be read easily.

There will never be a 100% secure phone. Nor will you ever stop the need to surveil someone for illegal activity. The hope is to make it much more difficult for individuals to be mass monitored simply because they have their phones turned on.

0
0

"The only phone that will work is one that cannot be sold in the US. By law the US gov (Department of Commerce) mandates what encryption schemes can be exported. Anything not on their list is not allowed to be sold in the US. It is considered as "strong encryption" and illegal. You can bet the anything on the approved encryption list (which includes AES) can be read easily."

Are you sure you have that right? The US does mandate what encryption can be exported (especially to "unfriendly" countries), but I've never heard of any regulation on what can be imported to the US or used within the US.

0
0

Secure?

Why have ultra-secure hardware with an ultra-insecure OS? Seriously! Android has over 99% of mobile malware (source: http://bgr.com/2014/01/21/android-mobile-malware-report/).

0
0
Gold badge

Re: Secure?

Read again - they have revised the OS. I would be the first to agree with you, but the fact is that it's presently one of the few platforms you can actually gain access to so there is a chance they may have fixed some of the issues (in which case I'd love to see that released - isn't this supposed to be Open Source and verifiable by any independent party?).

I personally would have preferred SailfishOS to be used like Jolla does, but I have as yet not seen anything emerge from that corner..

0
0
This topic is closed for new posts.