back to article Paranoid Android Kaymera smartmobe takes on Blackphone

Security specialist Kaymera – based in Herzliya, Israel – has launched a mobile security platform aimed at paranoid corporations. The Kaymera 360° software consists of a secure build of Android and accompanying MDM functions. The company describes it as a three-layer approach of protection, prevention and detection. Using a …

  1. Destroy All Monsters Silver badge
    Headmaster

    > Israeli

    > Mobile security platform

    More like, now comes with Komodo/Superfish and special Hezbollah detector.

    1. g e

      Not only but also

      It'll perhaps turn your leccy off in the dead of winter, too.

      Purely for your own safety, obviously.

    2. Anonymous Coward
      Anonymous Coward

      100% Secure

      (Nudge, nudge, wink, wink, say no more)

    3. N13L5

      re: "a few hundred dollars per month, per device"

      . . . Do they install and maintain tiny rocket launchers on the phone for that kind of cash?

      (all electronically aimed at encrypted targets in Palestine, no doubt)

  2. Anonymous Coward
    Anonymous Coward

    brilliant solutions for gangstas, bankstas, terrorists and others in search of ultimate privacy

    Shun NSA snooping, enroll for Mossad snooping instead. Sign up NOW!

    1. Anonymous Coward
      Anonymous Coward

      Re: brilliant solutions for gangstas, bankstas, terrorists and others in search of ultimate privacy

      Funny, the gangstas, bankstas, terroristas(yep, you did spelled it wrong), and others, from your words, can't have the joy of the ultimate privacy, nevertheless they are plenty around and still doing business...so, how it would be different? And you forget to include the MEPAS and politiciansas...

    2. Anonymous Coward
      Anonymous Coward

      Re: brilliant solutions for gangstas, bankstas, terrorists and others in search of ultimate privacy

      Did I not read an article on The Register the other day about the links (besides the compulsory service) between Israeli Defence Forces and tech companies in that nation.

    3. charlie-charlie-tango-alpha
      Black Helicopters

      Re: brilliant solutions for gangstas, bankstas, terrorists and others in search of ultimate privacy

      +1 to that. Anyone who trusts any Israeli "security" company deserves all they get.

      Black helicopter - for obvious reasons.

    4. NoneSuch Silver badge

      Re: brilliant solutions for gangstas, bankstas, terrorists and others in search of ultimate privacy

      "Shun NSA snooping, enroll for Mossad snooping instead."

      Didn't you hear Snowden? It's the same thing actually.

  3. Anonymous Coward
    Anonymous Coward

    $ecure payment$

    If all it takes is a reflash, why can't Samsung, LG, etc. offer their own paranoia OS?

    Google itself must be moving base Android in a more secure direction with device encryption and Android for Work...

    1. Anonymous Coward
      Anonymous Coward

      Re: $ecure payment$

      Apple is already there, if you use Facetime it is encrypted end to end and Apple does not possess the technical means to decrypt it - the two phones use secure key exchange using device keys Apple does not hold to create a session key for the call. The infrastructure already exists for Apple to do this for all iPhone to iPhone calls. I hope they do it with iOS 9, even though (or especially because) it'll really have the government up in arms, a lot more than they were last fall when iOS and Android tightened things up for device encryption!

      I'm sure Android has some similar provision for at least those phones using Google's services to do a secure key exchange. It would be a little more difficult to do iPhone -> Android encrypted calling by default, but I'm sure the clever people at Apple, Google and Microsoft could get together on an interoperable standard.

      There should be no reason people have to rely on special firmware or special calling apps. Encrypted calling done in a way the phone/OS OEM doesn't possess the means of decryption needs to be built into all phones by default, and not rely solely on the SIM's encryption which we now know has been compromised by the NSA for years.

      I know the "paranoid OS" is more than just secure calling, but that seems to be the thing this company is basing their offering on. Without secure calling having a secure OS is like having a high security lock on your house with an open window on the ground floor in the backyard.

      1. corestore

        Re: $ecure payment$

        "but I'm sure the clever people at Apple, Google and Microsoft could get together on an interoperable standard."

        Doesn't that already exist, called 'Skype'?

        I seem to recall some acronymous agency offering a bounty to anyone who could crack Skype encryption?

        Or was that misdirection?

        No need for black helicopters in any post on this topic; they're there by default.

  4. Anonymous Coward
    Facepalm

    "Phones can be flashed by Kaymera and then sent out, or flashed by the company on-premises at secure facilities – which is what they do with government customers – or the build can be downloaded and installed by a corporate IT department."

    We all know well now how NSA loves to intercept things during delivery...

  5. Dan 55 Silver badge
    Facepalm

    Heh

    It's bit difficult to type a distress PIN into your phone while it's currently in someone else's hands as they run off down the street and about to be handed over to someone else before the rozzers get there.

    I just thought I'd use this chance to use the word 'rozzers'.

    1. Gordon 10

      Re: Heh

      Indeed - that should be the trigger phrase that activates the distress mode - like OK GOOGLE.

      "Leave me alone or I'll call the ROZZERS" <autodial 999> it wont actually prevent you getting a good shoeing but at least it will be caught on tape.

      1. Nuno

        Distress PIN

        a feature that clears the sensitive data if someone forces you to log in, would be very nice to have. Not only for phones... I can see real use for it on Laptop passwords and even more on ATM machines, to change your available balance into a lower predefined amount.

    2. PNGuinn
      Boffin

      Re: Heh

      +1 for using the word rozzers. Happy now?

  6. Message From A Self-Destructing Turnip
    Holmes

    How much?

    "It's an expensive service... of the order of a few hundred dollars per month, per device."

    No kidding there, I would have expected the SWAT team service to be thrown in at that price. It looks like privacy may be accumulating a market value that most can't afford.

    1. DropBear

      Re: How much?

      Quite so. I would love a properly security-minded Android phone, but all the (few) ones I've seen so far imply astronomical prices and / or ongoing subscriptions, which I'm not really happy to pay - as much as I value privacy, I'm not exactly printing money here. It seem privacy is a corporate-targeted commodity indeed.

  7. AceRimmer
    Flame

    Confusing Headline

    Given the Headline I thought that Paranoid Android had done a Cyanogenmod

    1. garden-snail

      Re: Confusing Headline

      AceRimmer, that's closer to the truth than you may realise. Several members of the Paranoid Android team are now on the payroll at OnePlus, tasked with developing the new official ROM for the OnePlus One to replace CyanogenMod...

      https://oneplus.net/blog/2015/02/introducing-the-oxygenos-team-a-first-look-at-the-oneplus-rom/

  8. Anonymous Coward
    Anonymous Coward

    And why should we trust this?

    The problem with yet another security offering is the question why anyone would trust this. This is not because where it comes from this time, but quite simply a generic issue.

    Don't trust that black box! Use our black box which uses more fancy words!

    Nope, not working for me.

  9. Anonymous Coward
    Anonymous Coward

    "If all else fails and the phone user is physically attacked, he or she can type in a distress PIN

    Well and good if you see it coming. How about the many types of attacks that are a surprise?

    1. graeme leggett Silver badge

      "No one expects the Spanish Inquisition! Our weapons include..... and not phoning the week before to make an appointment at a mutually convenient time.*"

      *though perhaps the real inquisition did.

  10. Anonymous Coward
    Anonymous Coward

    they just don't get it

    It's an illusion.... same as blackphone.... it's not built from the ground up for security.... it's just addons on a "secure build of Android" which just doesn't seem likely to exist...

    1. Christian Berger

      Re: they just don't get it

      Well you cannot secure Android as it's just _far_ to complex to be secured.

      Even little things like a proprietary closed source audio codec driver are large enough to hide malware.

      If you actually want to have something secure, you'd have to go through another route. You'd need to make the system _much_ simpler and open. Plus you'd need to use hardware separation for different tasks. On some modern "smart"-phones your GSM baseband can access the memory of your application processor. Since the GSM baseband runs very complex very closed source software, it's likely to be very buggy or even contain malware. If it can access the memory of your application processor there is no way it can guarantee security. However if, on the other side, you have a separate processor just to deal with the GSM, and it only talks via very simple protocols with the rest of the device, chances are much lower that a network side attack is possible.

      So if I'd be building such a device, it would just be a bunch of simple micro-controllers, each one having a single fixed task. There would, ideally, be no local storage and the software would be simple enough you could just put epoxy on the programming ports since there wouldn't be a need for updates. It would just be a simple (graphical) terminal. Application software would be run on a server belonging to the user and stored in a safe place. Phone calls would also be routed through it.

      Of course that won't save you from being tracked, but for some people that's not an issue.

  11. Anonymous Coward
    Big Brother

    PKI may now ve vulnerable to quantum computing the NSA/GCHQ have kept uner wraps, like they did with PKI

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like