Linked by Thom Holwerda on Mon 30th Jun 2014 19:56 UTC
Privacy, Security, Encryption

Ars Technica reviews the BlackPhone, a device which claims to be much more secure than other smartphones.

After configuring the various pieces of Blackphone's privacy armor, it was time to check it for leaks. I connected my loaner phone to a Wi-Fi access point that was set up to perform a packet capture of my traffic, and we started to walk through the features. I also launched a few Wi-Fi attacks on the phone in an attempt to gather data from it.

[...]

For my last trick, I unleashed a malicious wireless access point on Blackphone, first passively listening and then actively trying to get it to connect. While I did capture the MAC address of the phone’s Wi-Fi interface passively, I was unable to get it to fall for a spoofed network or even give up the names of its trusted networks.

So, we've verified it: Blackphone is pretty damn secure.

A very disappointing test of the essential claim to fame of this smartphone. All Ars has done is confirm it does not leak data - something you can easily achieve on any phone. This review does not spend a single word on the baseband operating system of the device, which is a crucial part of any smartphone that we know little about. There's no indication whatsoever that the baseband operating system used by the NVIDIA chipset inside the Blackphone is in any way more secure than that of others.

Unless we have a truly open baseband processor, the idea of a secure phone for heroes like Edward Snowden will always be a pipe dream. I certainly commend Blackphone's effort, but there's a hell of a lot more work to be done.

Permalink for comment 591598
To read all comments associated with this story, please click here.
minifig404
Member since:
2012-02-26

Seriously. It's against FCC regulations, because apparently people having the ability to change what bands their radio operates on is a threat to public safety.


...what?

Release the OS source code, compile, write to the chip, and set the fuses. Unless you have an enterprising hacker as a user, the bands can't be changed. Or do ARM chips not have the same write-protect fuses smaller microcontrollers have?

I'd also accept a link where that became an issue.

Reply Parent Score: 2