Blackphone, privacy centric device

Blackphone, privacy centric device

Do you want a phone that is privacy centric?

Would you like a handset that genuinely tries to transmit and receive your data in a private manner?

Are you a concerned about the sensitive nature of the information that you store on your smartphone?

It looks like there’s finally sufficient demand for such a thing and it’s called the Blackphone.

Developed by SGP technologies, the Blackphone is the result of a partnership between GeeksPhone and Silent Circle. Geeksphone makes a multi OS friendly handheld aimed at the geek market. Silent Circle specializes in encrypted communications platforms for the desktop and mobile environments.

I had the opportunity to pick up a Blackphone recently, while attending Defcon 22. I got this unit with the added tinfoil hat bonus that I paid for it in cash. I promptly demoted my Cyanogenmod Android phone that I had been using as a burner phone for my US visits. I showed my previous phone to the helpful salesperson at the Blackphone booth. He rightfully explained that the difference between my uber customized burner phone was that it is like cooking your own meal, and the Blackphone is having your meal cooked for you.

Both solutions provide you with food, but the Blackphone is more like going to a fancy restaurant. There you have a chef cook your meal, and you have a much lesser chance of food poisoning…

Street cred?

Is Blackphone a company that knows and understands the challenges of encryption and secure telephony? For starters their co-founder is Phil Zimmerman. You may recognize him as the creator of Pretty Good Privacy or PGP. He has been making private communications private since 1991.

Mr. Zimmerman is so serious about the Blackphone, that he has been quoted as saying that PGP was a detour while technology caught up and made secure telephony a viable option. SGP Technologies goal is to provide you with a handset that comes with security and privacy as the default.

“The number one priority in creating Blackphone is to uphold the objective of privacy. It’s not to serve some other business model of monetizing customer data. What we’re trying to do is to make a smartphone whose whole purpose is to protect users privacy.” –Phil Zimmermann

I have had some time to play around with the unit, and here are my preliminary results:

Less is more…

The Blackphone handset has no unwanted crud. This is something that has been a problem for quite some time with other phones. Carriers feel obliged to cram their handsets with an ever increasing amount of partner offered apps.  These do little else but eat up valuable space and resources on your handset. As an added bonus, these unwanted applications cannot be easily uninstalled.

You will not find anything of that nature on the Blackphone. It is in fact so pared down, that it does not  even include the Google Play store. While some users might balk at this omission, it makes perfect sense if you take into account who the target audience is for this device.

The Blackphone runs a forked version of Android called PrivatOS, based on 4.4.2 Kitkat, and has a more granular control of apps through the Security Center, a PrivatOS exclusive feature. (Hey Google? Are you paying attention?)

Different, but familiar.

Another trend, albeit one that is thankfully going away, is “skinning” or brand personalization. Skinning is where manufacturers further muddy the Android ecosystem by trying to make their handsets unique. A salient example of how these types of customizations can go horribly wrong can be seen here.

Thankfully, the Blackphone has none of that. The interface will be easy to navigate for anyone who has used Android in the past, and simple enough for the Apple crowd to pick up.

 

Security centric apps included

In addition to PrivatOS, the Blackphone comes with a suite of apps designed to promote private communications, private browsing, and private data storing.

Theses are:

  • The Silent Circle suite. Silent Phone, Silent Text, and Silent Contacts. This suite enables secure encrypted communications from one device to another, provided they both have Silent Circle installed.
  • SpiderOakBlack, a zero knowledge cloud storage solution that encrypts your data locally, transmits, stores, and receives said data in an encrypted state.
  • Secure Wireless from Disconnect.me, a new smarter VPN that stops wireless eavesdropping over Wi-Fi, 3G, and 4g. Searches are also anonymized by bouncing requests from major search engines through a proxy, stripping personally identifiable information in the process.
  • Smarter Wi-Fi Manager, a Wi-Fi manager that learns your trusted Wi-Fi hotspots, turns off your Wi-Fi when not in use, and protects your device from accidental connections to unsecured access points such as the ones demonstrated here.

Overall impressions

The handset is slick and slim. It feels like a flagship Android handset.

In a way, I am glad that Blackphone’s earlier chipset choice was discontinued. They were forced to go with Nvidia’s flagship, the Tegra 4i, to power the handset. This undoubtedly caused some headaches with the last minutes architecture changes, but as a result the phone feels very snappy. The UI is responsive, with no noticeable lag.

It lives up to its security centric focus, periodically reminding me to encrypt the device. Anytime I poked around the OS I was presented with setup screens to enable privacy features, such as the remote wipe. It provided me with clear and concise explanations of the services offered.

The suite of included applications is well suited for the tasks at hand, communicating in as secure a way as is possible.

There’s no Google Play market place, as ensuring all the applications available there aren’t leaking private information would simply not be possible.

This somewhat limits what your smartphone can do, but it is an understandable sacrifice, one that the target audience for such a device should grasp. Sideloading applications is possible, but would defeat the security centric mantra of the Blackphone. This should really be done after carefully considering the value of the application vs the associated risks.

Some things worth pondering:

Although the phone is a custom-built unit, many of it’s components are sourced from Asia, (as are almost all current handsets).  This leaves the possibility of hardware implants. The chipset, baseband chip, and any number of other components are closed source and thus vulnerable to this attack vector.

Minor Quibbles

There was no case or screen protector available at the Blackphone booth at the time of my purchase. As silly as this sounds, this was probably what bothered me the most. If I’m going to plunk down $600 for a handset, I want to wrap it in a case and apply a screen protector right away.

I have 10 thumbs, and my other handsets have always been immediately wrapped in the beefiest phone cases I could buy, lest I drop them on the concrete, something I am prone to do. I was assured that these would be available shortly, but I did spent the whole conference with a dedicated phone pocket, and an irrational fear every time I removed the phone from it’s relative safety.

Conclusion

While the Blackphone does not claim to be the be-all-end-all in secure communications, it certainly raises the bar for any would be snoops desiring to intercept your communications. Knowing these limitations, I still feel safer using a Blackphone to initiate sensitive communications. I’ll still do the really sensitive stuff in person, inside a faraday cage, wrapped in a tin foil cocoon, but at least the Blackphone is a step in the right direction.

@jean_taggart

 

ABOUT THE AUTHOR

Jean Taggart

Senior Security Researcher

Incorrigible technophile who loves to break stuff and habitually voids warranties.