The Real Innovation at MWC: The Blackphone and Your Personal Privacy

Keep the internet from looking over your shoulder
Keep the internet from looking over your shoulder

Considering all the coverage that Samsung’s inevitable fingerprint scanning 64-bit S5, Nokia’s surprise Android handsets and WhatsApps voice call features have garnered at Mobile World Congress, you’d be forgiven for thinking that the world has a short attention span. Threats to technology-users’ privacy come to light almost as often as the petrol price increases. The lion’s share of attendees at MWC seem blinded by the shiny newness that the most important innovation for the average person is being overlooked: The Blackphone.

The Blackphone is the first personal communication device to bring privacy and security to the mass-market. Born through a joint venture between secure communication company Silent Circle and specialist smartphone manufacturer Geeksphone. The device’s hardware is not particularly interesting – a 4.7″ IPS display hiding a 2GHz quad core processor, 2GB of RAM, 16GB of onboard memory and an 8MP rear camera. Like all the other players in the smartphone space after 2010 what sets the Blackphone apart is the software.
Make your own choices and regain the ability to keep your life private
Make your own choices and regain the ability to keep your life private

Running a forked version of Android dubbed PrivatOS, Blackphone protects your identity, your personal communication and files by bundling in a suite of apps that work to block snooping eyes. First up is Silent Circle. Silent Circle provides peer-to-peer connections for voice and video calls, text messages and file transfers that are encrypted end-to-end between you and your contacts. Silent Circle also makes it impossible to log or farm any of the data generated through these activities. And you can be sure that there is no back-door for the NSA to sneak through.

Next up is Disconnect. Founded by a former Google and DoubleClick engineer, this smart filter augments the Blackphone browser to protect your identity from advertising-, analytics- and social widgets. Inside knowledge of the way that websites extract personal data makes it possible for Disconnect to visualise the real-time requests made when browsing from this device. Disconnect even encrypts the data that you decide to share with a website.

Then there’s SpiderOak, a Zero-Knowledge DropBox-like service that let’s you sync, backup and share files privately. This privacy comes from how SpiderOak’s software was architected. Files are encrypted before being uploaded to the SpiderOak server. Once uploaded, the files remain encrypted on the server. That’s not all, your password along with the encryption key for your files are themselves encrypted making it even more secure from unscrupulous agents – Government or otherwise.
Kismet’s Smart Wi-Fi Manager is also bundled on the device. Kismet provides a number of smart features that save battery and increase quality when playing audio across Bluetooth. It’s most relevant features for the Blackphone, however, prevent your device from automatically jumping onto untrustworthy Wi-Fi access points and protect you from Wi-Fi snoop attacks.
This is but a brief rundown of the Blackphone (never mind the Security Centre, Activation Wizard and Remote Wipe features that are specifically built for the device). While a number of these apps are available for other smartphones, the Blackphone is the first direct-to-consumer solution aimed at protecting user data straight out of the box. This shows a unique understanding of the forces that are affecting people in their daily lives and it provides a new approach in tackling these forces for the betterment of how these people live. This makes it the most innovative piece of technology to come out of Mobile World Congress in years.

  1. It is somewhat disingenuous to suggest that users can be sure there is no backdoor for the NSA:
    First off Silent Circle was founded by Phil Zimmerman along with a few ex-navy seals, so there is sufficient basis to be a little suspicious.
    Secondly no phone can even possibly be secure without re-architecting the
    application CPU to baseband processor interface and opening up all
    firmware code for public inspection.
    Does it protect your privacy better than other phones in some ways?
    Possibly. Does it provide any meaningful assurance of privacy? No.
    In a computer (and smartphones are computers with radios attached),
    the entire state of existence is stored in memory. Most tasks operating
    on and changing that state are carried out by the CPU (calculating the
    trajectory of your avian projectile, etc.). However, to talk to the
    outside world at high speed, system architects sometimes delegate
    authority to directly change that state to input/output devices.
    The ‘baseband processor’ in a cellphone, the thing that’s directly
    connected to the radio chain and handles untrusted data from literally anywhere within radio range, is AFAIK always
    given the authority to change the phone’s state directly (this is known
    as ‘Direct Memory Access’, or DMA). The baseband processor is itself
    essentially a self-contained computer and runs its own program which is
    always closed-source and proprietary, and therefore extremely difficult
    to audit for security holes.
    Because baseband firmware (the program running on the baseband
    processor) has to be certified by a regulatory agency before it can be
    used, there is a powerful incentive for OEMs not to change anything once
    they get a version certified. This carries over into the next
    generation of radio standards (2G, 3G, UMTS, etc.) and you’re left with a
    phone that runs old, often shoddy code in a hardware element that can change any part of the state of your phone at any time, invisibly to the user.
    Baseband exploits are nothing new, and they present an enormous
    security risk to any mobile device: it’s quite possible that anyone with
    the right equipment within a few miles from you can remotely pwn your
    phone so badly you won’t even know you’ve been pwned.

Comments are closed.