Posted on 02/24/2014 1:59:18 PM PST by Nachum
BARCELONA (Reuters) - Following the U.S. snooping revelations, there is a growing interest in a range of mobile phone products with one central selling point: privacy.
The latest contender is the Blackphone, which runs on a customised version of Google's Android software and encrypts texts, voice calls and video chats was launched in the Spanish Pavilion at the annual Mobile World Congress industry fair in Barcelona on Monday.
It aims to tap into the market for so-called mobile security management (MSM) products which was estimated to be worth $560 million in 2013 and is expected to nearly double in size to $1 billion a year by 2015, according to ABI Research.
Separately Deutsche Telekom said it is also preparing to launch a smartphone app that encrypts voice and text messages, making it the first major network operator with a mass market-compatible product that will be rolled out to all its users
(Excerpt) Read more at news.yahoo.com ...
Interesting specs but it appears this will be the first of many.
If Apple is paying attention, this could be REALLY big.
unless they use a completely redesigned dsp chip, forget it. the problems start at the hardware
Looks like Snowden has created more jobs than Obama.....................
Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...
For any smartphone to be secure it MUST have open-source firmware for the baseband processor.
The NSA can backdoor any program.
open source people are so funny
you see source... and you think the software (or chip) actually uses that exact software?
hilarious
I’ve compiled open source software many times and written some of it. It is compiled as it was written. As for chips, documentation is available for preferred devices for systems like OpenBSD. Devices can also be injected, probed, etc.
Ultimately you can not know for certain anything is safe from being compromised. Instead, you must take steps to assure the risk falls below reasonable levels, and that exposure is mitigated to reasonable scope. In that regard open source reduces the difficulty to achieve those ends.
ever done an md5 on the binary posted and the one you generated?
how often do they match?
Sponsoring FReepers are contributing
$10 Each time a New Monthly Donor signs up!
Get more bang for your FR buck!
Click Here To Sign Up Now!
for the 0.01% of the crowd that will (or know how to) compile a project... that might work
for the other 99.99%... they’re screwed
Anyone who needs prodding to not be evil probably shouldn’t be trusted!
SSL sessions are best for such uploads. Writing to DVDs and getting checksum matches is another matter and can be frustrating with bad drives. There are better checksums than MD5s now, BTW. It’s best to use a good SSL session for both uploads and downloads (common in NetBSD work).
I said open source for the baseband was a must for security.
I did not say that was all that needs doing :-)
There is no easy way to be certain that the silicon is secure. You would have to have faith in a chip fab and also all the designers.
What can be done quickly is to create blu tooth enabled snap-on hard cases for the most common smartphones. Inside this case would be an ARM processor, a microphone and two speakers.
The ARM processor inside the case would encrypt/decrypt audio to/from the phone using perfect forward secrecy public key protocols.
The case would cover the front facing camera of the phone and the 2nd speaker in the case would be directly above the mic of the smart phone so it can emit white noise audio to ensure that mic is useless for snooping.
Secure calls could only be made to similarly equipped phones. Call audio would suffer slightly.
This would give secure audio but would not protect against metadata collection.
This device would cost less than 20 dollars to manufacture in quantity.
It is possible to have faith in a common blu tooth chip and a simple ARM processor. Plus, there would be no way possible to tamper with the firmware remotely. To compromise the security of the device would require physical interdiction.
This is how you create secure data transfer across an untrusted link.
I’m an embedded systems guy, such a device would be very easy to construct using COTS devices.... I’d say not more than 200 man hours for the hardware and firmware.
The NSA would not like such devices.
Checksums are for comparing files to copies of those files in case of accidents from copy to copy (e.g., yes, files in transit). If a file is corrupted during upload, a checksum can be used by the server to alert the uploader and avoid writing the corrupted file to a public archive.
But checksums don’t prevent someone from cracking an end user’s machine and corrupting a file on that machine after download. If a capable individual is out to get another individual, that is possible.
More security is desirable to less security for most developers and users. Open source software audited by open source developers is preferable to closed source software, especially closed source software with a big pecuniary-autocrat interest behind it.
You wrote:”I said open source for the baseband was a must for security.
I did not say that was all that needs doing :-)
There is no easy way to be certain that the silicon is secure. You would have to have faith in a chip fab and also all the designers.
What can be done quickly is to create blu tooth enabled snap-on hard cases for the most common smartphones. Inside this case would be an ARM processor, a microphone and two speakers.
The ARM processor inside the case would encrypt/decrypt audio to/from the phone using perfect forward secrecy public key protocols.
The case would cover the front facing camera of the phone and the 2nd speaker in the case would be directly above the mic of the smart phone so it can emit white noise audio to ensure that mic is useless for snooping.
Secure calls could only be made to similarly equipped phones. Call audio would suffer slightly.
This would give secure audio but would not protect against metadata collection.
This device would cost less than 20 dollars to manufacture in quantity.
It is possible to have faith in a common blu tooth chip and a simple ARM processor. Plus, there would be no way possible to tamper with the firmware remotely. To compromise the security of the device would require physical interdiction.
This is how you create secure data transfer across an untrusted link.
Im an embedded systems guy, such a device would be very easy to construct using COTS devices.... Id say not more than 200 man hours for the hardware and firmware.
The NSA would not like such devices.”
I ask:
Please form a start-up and market such a device for my Android Tablet. A similar device for a desktop server would also be appreciated. I understand the theory but do not have the technical skill to create such a device.
Already been talking to a couple of teams that are hot on the trail.
Even that McAfee guy wants in.
This is an incredibly simple technique and is the only means of smart phone security in a world where everyone knuckles under and trust is a rare thing.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.