Author Topic: Blackphone  (Read 2146 times)

TechMan

  • Administrator
  • Senior Member
  • *****
  • Posts: 10,562
  • Yes, your moderation has been outsourced.
Blackphone
« on: January 21, 2014, 11:01:40 AM »
http://www.youtube.com/watch?v=TxuviN5_W4Y

http://www.geeksaresexy.net/2014/01/20/blackphone-promises-total-security/

Makers claims it offers complete security from snooping on all forms of communication.

Joint project between Geeksphone, a Spanish smartphone manufacturer and Silent Circle a US firm which already offers encrypted communications as a paid mobile device service.  The co-founder of Silent Circle is Phil Zimmerman, the man behind PGP.  Mash the links for more.
Quote
Hawkmoon - Never underestimate another person's capacity for stupidity. Any time you think someone can't possibly be that dumb ... they'll prove you wrong.

Bacon and Eggs - A day's work for a chicken; A lifetime commitment for a pig.
Stupidity will always be its own reward.
Bad decisions make good stories.

Quote
Viking - The problem with the modern world is that there aren't really any predators eating stupid people.

Brad Johnson

  • friend
  • Senior Member
  • ***
  • Posts: 18,381
  • Witty, charming, handsome, and completely insane.
Re: Blackphone
« Reply #1 on: January 21, 2014, 04:35:33 PM »

Makers claims it offers complete security from snooping on all forms of communication.


Riiiiiight.....

Brad
It's all about the pancakes, people.
"And he thought cops wouldn't chase... a STOLEN DONUT TRUCK???? That would be like Willie Nelson ignoring a pickup full of weed."
-HankB

HankB

  • friend
  • Senior Member
  • ***
  • Posts: 17,037
Re: Blackphone
« Reply #2 on: January 21, 2014, 04:49:50 PM »
And as proof of its security, they no doubt include the latest hardwired encryption device, the Mark XIV Clipper Chip.  ;/
Trump won in 2016. Democrats haven't been so offended since Republicans came along and freed their slaves.
Sometimes I wonder if the world is being run by smart people who are putting us on, or by imbeciles who really mean it. - Mark Twain
Government is a broker in pillage, and every election is a sort of advance auction in stolen goods. - H.L. Mencken
Patriotism is supporting your country all the time, and your government when it deserves it. - Mark Twain

Gowen

  • Metal smith
  • friend
  • Senior Member
  • ***
  • Posts: 2,074
    • Gemoriah.com
Re: Blackphone
« Reply #3 on: January 21, 2014, 04:53:25 PM »


Makers claims it offers complete security from snooping on all forms of communication.


Just give the NSA geeks a challenge.  They'll raise you one and get a judge to issue a court order for the code.
"That's my hat, I'm the leader!" Napoleon the Bloodhound


Gemoriah.com

Perd Hapley

  • Superstar of the Internet
  • friend
  • Senior Member
  • ***
  • Posts: 62,153
  • My prepositions are on/in
Re: Blackphone
« Reply #4 on: January 21, 2014, 07:45:36 PM »
Racist.
Can the liberties of a nation be thought secure when we have removed their only firm basis, a conviction in the minds of the people that these liberties are the gift of God?
--Thomas Jefferson

lee n. field

  • friend
  • Senior Member
  • ***
  • Posts: 13,822
  • tinpot megalomaniac, Paulbot, hardware goon
Re: Blackphone
« Reply #5 on: January 21, 2014, 08:00:49 PM »
http://www.youtube.com/watch?v=TxuviN5_W4Y

http://www.geeksaresexy.net/2014/01/20/blackphone-promises-total-security/

Makers claims it offers complete security from snooping on all forms of communication.

Joint project between Geeksphone, a Spanish smartphone manufacturer and Silent Circle a US firm which already offers encrypted communications as a paid mobile device service.  The co-founder of Silent Circle is Phil Zimmerman, the man behind PGP.  Mash the links for more.

A microphone in the room?
In thy presence is fulness of joy.
At thy right hand pleasures for evermore.

dogmush

  • friend
  • Senior Member
  • ***
  • Posts: 14,741
Re: Blackphone
« Reply #6 on: January 22, 2014, 12:17:25 AM »
....

[waits on Rev's input]

.....

Firethorn

  • friend
  • Senior Member
  • ***
  • Posts: 5,789
  • Where'd my explosive space modulator go?
Re: Blackphone
« Reply #7 on: January 22, 2014, 03:02:41 AM »
Just give the NSA geeks a challenge.  They'll raise you one and get a judge to issue a court order for the code.

Security through obscurity is transitionary at best.  PROPER encryption systems don't make it any easier for you to compromise them even if you have the writer of the program standing by to assist you with anything you don't understand, so long as nobody is giving you either access to the hardware or the private encryption keys.

In this case the 'best' way to set it up is that both people have a 'blackphone', and in setting up a call they use public key encryption and are verified against pre-published certificates to avoid a 'man in the middle'(MITM) attack. 

Otherwise, well, if you want to protect your calls to the local pizza place that doesn't have the capability you'd only be able to protect around half of the trip - encrypted to some server, which decrypts it and forwards the call to the pizza joint.  You don't want the server in the middle with the keys in on the session because that's just asking for MITM attacks.

Really, securing data in transition is easy.  It's properly setting up an encrypted secure session that's difficult.

KD5NRH

  • friends
  • Senior Member
  • ***
  • Posts: 10,926
  • I'm too sexy for you people.
Re: Blackphone
« Reply #8 on: January 22, 2014, 09:49:28 AM »
A microphone in the room?

A dumbass shouting their conversation in a public place?

Used to hear it all the time on the DART trains; idiots calling in a credit card order, or dealing with the bank loudly.  CC#, SS#, address, anything else you could want yelled to pretty much everybody on the train.

TechMan

  • Administrator
  • Senior Member
  • *****
  • Posts: 10,562
  • Yes, your moderation has been outsourced.
Re: Blackphone
« Reply #9 on: January 22, 2014, 10:08:21 AM »
A dumbass shouting their conversation in a public place?

Used to hear it all the time on the DART trains; idiots calling in a credit card order, or dealing with the bank loudly.  CC#, SS#, address, anything else you could want yelled to pretty much everybody on the train.

You cannot fix stupid.  SWMBO has no problem chatting on the phone in the store.  I refuse to do that.  I will call her if I have a question, but I refuse to have a conversation while I am shopping.
Quote
Hawkmoon - Never underestimate another person's capacity for stupidity. Any time you think someone can't possibly be that dumb ... they'll prove you wrong.

Bacon and Eggs - A day's work for a chicken; A lifetime commitment for a pig.
Stupidity will always be its own reward.
Bad decisions make good stories.

Quote
Viking - The problem with the modern world is that there aren't really any predators eating stupid people.

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: Blackphone
« Reply #10 on: January 22, 2014, 10:19:46 AM »
And as proof of its security, they no doubt include the latest hardwired encryption device, the Mark XIV Clipper Chip.  ;/
Just give the NSA geeks a challenge.  They'll raise you one and get a judge to issue a court order for the code.

Wrong. No need to support tin foil when you can provide the technical details.

All common carriers, facilities-based broadband Internet access providers, and providers of interconnected Voice over Internet Protocol (VoIP) service must be Communications Assistance for Law Enforcement Act (CALEA) (Pub. L. No. 103-414, 108 Stat. 4279, codified at 47 USC 1001-1010) compliant. Previously, CALEA only applied to telephone. In 2004, DOJ, BATFE, FBI, DEA asked the FCC to include the ability to monitor VoIP and broadband internet communications. In 2005, the FCC so ruled that "telecommunications carriers" under CALEA includes VoIP and internet providers. FCC affirmed again this in 2006 and the DC Circuit Court agreed.

If they offer VoIP in said phones and it is not CALEA compliant, it is illegal in the US.

"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

dogmush

  • friend
  • Senior Member
  • ***
  • Posts: 14,741
Re: Blackphone
« Reply #11 on: January 22, 2014, 12:54:01 PM »
So semi-related question:  Feel free to shut me down if we're treading too close to illegal.

I haven't read CALEA, But my understanding is the jist of it is the .gov can listen to your calls.  The hardware will let them in.

How would one circumvent this?  VPN between terminals, then VOIP?  Root phones and set up your own encryption?

Somebody has got to have gone around this, if only just because it's there.

I'm just going to make some one time pads and text everyone from now on.

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: Blackphone
« Reply #12 on: January 22, 2014, 01:37:38 PM »
So semi-related question:  Feel free to shut me down if we're treading too close to illegal.

I haven't read CALEA, But my understanding is the jist of it is the .gov can listen to your calls.  The hardware will let them in.

How would one circumvent this?  VPN between terminals, then VOIP?  Root phones and set up your own encryption?

Somebody has got to have gone around this, if only just because it's there.

I'm just going to make some one time pads and text everyone from now on.

Considering CALEA compliance is a multi hundred million dollar industry, it's not illegal to ask questions. CALEA mandates that any telecom service be wiretap friendly, no more, no less. Bigger companies have it very automated. The hardware, 99 times out of a 100, does NOT let them in. It's not out of the goodness of their heart. CALEA requests are billed back to the government. LEO, which can be locals as well as feds, sends a warrant (or national security letter) to telecom. Telecom complies with warrant, which is damn near a rubber stamped checkbox situation. "We want all call logs", "We want locational data", "We want voice recordings", "We want live stream" or "All the Above". Damn near no one wants live stream of calls, real life isn't an episode of 24. If the person is important enough for live audio stream, there's a surveillance team on the person. Different agencies get their data delivered different ways. Faxed, emailed, uploaded to FTP account, or connected through DCSnet.

It can get a bit more tricky if they want the provider to upload malware. I haven't dealt with that as much, but I do know it's getting more popular for cell phones. Only way to get around it is decentralized tech. CALEA only applies to providers, not all software. If a provider doesn't HAVE the data, they can't provide it and legally aren't required to provide it. See RIM and BES encryption keys.



To give a real world example. Everyone remember the PRISM slides proclaiming that Google was handing over the keys of kingdom to the NSA? Good. Care to guess who was the MOST surprised? Google. As far as they knew, they provided all warrant/NSL requests via sFTP. They didn't lie when they said the NSA didn't have direct hardware access, because as far as they knew they didn't. They were wrong, of course.

You can imagine how shocked Google was when they found out the NSA legally illegal wiretapped the fiber lines going in, out and between their data centers. (No, that's not a typo in that sentence.)
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

JN01

  • friend
  • Senior Member
  • ***
  • Posts: 937
Re: Blackphone
« Reply #13 on: January 22, 2014, 04:35:50 PM »
Does it come with a certificate of authenticity?