Ars Technica reviews the BlackPhone, a device which claims to be much more secure than other smartphones.
After configuring the various pieces of Blackphone’s privacy armor, it was time to check it for leaks. I connected my loaner phone to a Wi-Fi access point that was set up to perform a packet capture of my traffic, and we started to walk through the features. I also launched a few Wi-Fi attacks on the phone in an attempt to gather data from it.
[…]
For my last trick, I unleashed a malicious wireless access point on Blackphone, first passively listening and then actively trying to get it to connect. While I did capture the MAC address of the phone’s Wi-Fi interface passively, I was unable to get it to fall for a spoofed network or even give up the names of its trusted networks.
So, we’ve verified it: Blackphone is pretty damn secure.
A very disappointing test of the essential claim to fame of this smartphone. All Ars has done is confirm it does not leak data – something you can easily achieve on any phone. This review does not spend a single word on the baseband operating system of the device, which is a crucial part of any smartphone that we know little about. There’s no indication whatsoever that the baseband operating system used by the NVIDIA chipset inside the Blackphone is in any way more secure than that of others.
Unless we have a truly open baseband processor, the idea of a secure phone for heroes like Edward Snowden will always be a pipe dream. I certainly commend Blackphone’s effort, but there’s a hell of a lot more work to be done.
This phone uses the same software and hardware available on any Android phone, right? So what’s different other than pre-installation and configuration?
No difference means it’s hype, and a false sense of security.
Seriously. It’s against FCC regulations, because apparently people having the ability to change what bands their radio operates on is a threat to public safety.
The best thing you can do with a baseband under this legal environment is to isolate the hell out of it. The OpenMoko phone’s baseband talks to the main SoC over RS-232, whereas pretty much every “modern” smartphone uses DMA. Unless the Blackphone isolates the baseband over RS-232 or some similarly limited protocol, it isn’t any more meaningfully secure than anything else.
…what?
Release the OS source code, compile, write to the chip, and set the fuses. Unless you have an enterprising hacker as a user, the bands can’t be changed. Or do ARM chips not have the same write-protect fuses smaller microcontrollers have?
I’d also accept a link where that became an issue.
Yes it is. Interferences are a public danger. Work for some time in engineering and listen to some horror tales (like that pharmaceutical company whose drug-making machines were offset by the CB radios the truck drivers where using while waiting for their truck to be loaded). This is life-threatening.
Do you want anybody to be able to jam or fake GPS signals?
All electronics is potentially an/several antenna(s). As soon as you have wires, you have antennas.
> Do you want anybody to be able to jam or fake GPS signals?
I’d love to jam GPS signals in my neighborhood to keep random tourists from using it as a shortcut.
Could you expand on that?