back to article The most l33t phone of MWC: DarkMatter's Katim

There’s exclusive and then there’s exclusive. If you need to ask how much the DarkMatter Katim phone costs, you’re not a serious customer. The first handset to come from the UAE-based security company doesn’t have a price. But then it’s a very unusual phone, as Suresh Bollapragada, DarkMatter VP of Systems Engineering and a …

  1. Phil W

    Regulations

    The bit about disabling the audio at a hardware level is interesting, and while certainly a good way to prevent eavesdropping via the phone, could be problematic for this phone passing regulatory hurdles in various countries, since in "Shield Mode" this phone would no longer be able to make emergency calls.

    1. Dave 126 Silver badge

      Re: Regulations

      All phones allow you to make emergency calls before they are unlocked, even the iPhone which had the FBI making lots of noise... No reason that couldn't be the case here.

      This phone claims that the NAND-cloning technique assumed to have been used by the FBI won't work.

    2. Triggerfish

      Re: Regulations

      I'm guessing the sort of people this is aimed at if they actually need themselves to make an emergency call, it's probably a bit late.

  2. Anonymous Coward
    Anonymous Coward

    Interesting

    I did a pretty extensive set of tests and evaluations on the BlackPhone 2 and found that the core of the system is that the OS regards the baseband as a hostile router by default. Does the Kubit replicate this behaviour?

    Is there a reason why the manufacturers do not offer a version with no ports at all, relying on Qi wireless charging and Bluetooth headsets? Surely that would reduce the attack surface considerably. Silent Circle don't do this for cost reasons but Kubit don't have those constraints.

    Once you get past that, it's Android. So there are still going to be issues, but ProtonMail, Silent Phone and Signal already exist so it's hard to guess how they intend to harden it much further.

    1. Anonymous Coward
      Anonymous Coward

      Re: Interesting

      "...Bluetooth headsets"

      Huge attack vector right there.

      Never seen one for a 3.5mm audio connection though.

      1. Anonymous Coward
        Anonymous Coward

        Re: Interesting

        Valid point. I was actually thinking of making the phone itself a bit tougher, which that would achieve.

    2. Dave 126 Silver badge

      Re: Interesting

      What exactly is the attack surface offered by a USB socket with no data pins?

      Remember that wireless charging isn't as quick as wired charging.

      1. Anonymous Coward
        Anonymous Coward

        You don't even need charging ability in the phone

        Have replaceable batteries, and recharge them separately. Then the only port the phone needs is a 3.5mm.

  3. Anonymous Coward
    Anonymous Coward

    "The phone won’t even boot if it can’t find the crypto keys on a customised microSD Card, a card which won’t work in any other phone other than the one assigned to the VIP."

    .... well "they" would say that woudln't they .... rather like the way Commonwealth countries were "encouraged" to use Enigma machines that "no-one had managed to crack" during WWII

    1. Pen-y-gors

      But of course...

      If you nick the phone, you also nick the microSD crypto card?

    2. Anonymous Coward
      Anonymous Coward

      Re the customised microSD card - unless physical differences have been built in to the microSD card during manufacture, which I would expect to be very expensive due to the relatively low volume, then the 'customisation' might simply amount to using a non-FAT filesystem.

      1. Anonymous Coward
        Anonymous Coward

        It might be very expensive but this whole thing seems to very expensive. So it's hard to make any kind of call on feasibility.

      2. Voland's right hand Silver badge

        Re the customised microSD card - unless physical differences have been built in to the microSD card during manufacture,

        Not necessarily. Some already have various crypto-locking infrastructure in place. Remember the early MSFT phone debacle? You put a card in it from some of the manufacturers, that card was gone - no longer usable in any other phone.

  4. Roj Blake Silver badge

    Really Secure...

    ...except for all the data going back to Google.

    1. Dave 126 Silver badge

      Re: Really Secure...

      Android Open Source Project does not equal Google Play Services. The clue is in the name. The hard bit is getting open source drivers from the hardware component manufacturers, but you're safe from Google.

      Try to refrain from commenting if you'd be better off reading up instead.

  5. Anonymous Coward
    Anonymous Coward

    No independently audited keystore management ..

    .. means no assurance whatsoever that you're the only one having the keys.

    This is again a solution looking for a problem. I like the enthusiasm, but as soon as someone tries to sell me security that depends on a magic key they have control over it's game over. Been there, done that and FIPS-140 is still but a distant dream..

  6. Adrian 4
    Flame

    Too late

    Samsung did the self-destructing phone already. Doesn't seem to have done them any good.

  7. annodomini2
    FAIL

    Snapdragon 821

    Quad core not Octo core

  8. Stoneshop
    FAIL

    Maybe his physical security

    "“The US president takes his security with him, he has Air Force One"

    But his digital security compares unfavourably with a hillbilly village mayor.

    1. Anonymous Coward
      Anonymous Coward

      Re: Maybe his physical security

      He also takes his totally insecure personal Android phone with him everywhere. Even if he doesn't use it for calls, it could be trivially compromised to provide his location at any time, and perhaps silently enable the microphone when within range of a base station to allow bugging conversations.

      1. Anonymous Coward
        Anonymous Coward

        Re: Maybe his physical security

        And the Orange One wonders how many leaks are happening...

        Sigh.

  9. Christian Berger

    Does it have separation between baseband and application processors?

    Otherwise any security hole in the baseband processor (rarely checked for, but very likely to exist) would compromise the whole machine.

    Other than that, if it has a browser, it likely has security problems. Even if you sandbox the browser, the browser can exploit itself which is bad enough for most people.

    Then there'S the problem of how tamper proof the device actually is. It likely has a wire wrapped around its insides, or perhaps some flexboard fullfilling the same purpose. If that's not done properly, it's possible to circumvent that, for example by short circuiting part of it.

  10. Message From A Self-Destructing Turnip
    Trollface

    Tsk Amateurs

    No mention of uninstalling flash, or using noscript and ghostery?

  11. Twickster

    Trusting DarkMatter and UAE will be the key, however based on history, that is not possible.

    “Blackphone is fairly expensive, it’s built for a specific market and the crypto keys are still owned by the manufacturer. We're allowing enterprises or nation states to own the keys.

    Trusting "Faisal Al Bannai", the CEO of DarkMatter and the founder of Axiom Telecom the largest phone manufacturer in the UAE is going to be the key to this. Axiom has already been known to give access/backdoors to their phones to the UAE government. So how can we trust the statement above?? You can bet your bottom dollar those keys will be stored locally within the UAE government somewhere, more than likely the internet police or DM cyber analysts will try to run keywords against everything said and generate reports for the UAE daily or build a dashboard for UAE officials to run queries and monitor the people of UAE at any given time.

    Remember DarkMatter (Who is also the Certificate Authority to the UAE government) is owned by "Faisal Al Bannai" who also owns "Axiom Telecom" who also is best buddies with the top government officials in the UAE. This phones contents will be anything but private. Good luck with an over-rated, really expensive, not private phone.

    1. Anonymous Coward
      Anonymous Coward

      Re: Trusting DarkMatter and UAE will be the key, however based on history, that is not possible.

      Thanks for that. When we do risk analysis on a possible provider, following ownership and origin of funding is a pretty fundamental first step - if your data is correct*, they would fail at that very first hurdle..

      * I'm not stating it isn't, more that we tend to double validate using both official and independent channels we have established to be trustworthy - quite hard work in itself :).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon