Monday, June 30, 2014

So just how good is the secure "Blackphone"?

Exclusive review:
Both Silent Phone and Silent Text work over broadband cellular or Wi-Fi. Combined, they’re like the privacy advocate’s version of Skype: they provide voice and video calls, conferencing, and text chat, but all via peer-to-peer key exchange without an intervening server. There’s also the added benefit of encrypted file transfer.

Silent Phone is essentially an encrypted SIP phone network. The Silent Circle cloud service provides a directory service that connects users’ account names and IP addresses and then brokers a connection between them based on a public key exchange. It also provides a bridge to Plain Old Telephone Service systems, allowing users to call landlines or cell phone users who are outside of the service, encrypting and anonymizing the source of the call. Silent Phone also can create peer-to-peer conference calls, with one phone acting as the hub for a conversation.

When you place a voice or video call to another Silent Circle user, there’s an exchange of public keys between the apps and then the call begins. As an additional verification measure, the system automatically generates a two-word verbal challenge that you can use to verify you’ve actually got a secure connection. Tap the words to confirm, and Silent Phone displays three green circles to show you’re secure.

...

So, we’ve verified it: Blackphone is pretty damn secure.
But not cheap.  Almost $900 for a 2 year subscription (although that comes with 2 family licenses that lets the same software run on plan jane Android smart phones).

I can think of a half dozen ways that the NSA could try to go after this, but the cool thing is that none of the attacks are trivial.  It would take effort on their part, and effort runs against their "automagically sweep up everything" strategy.  Essentially, it's a financial Denial Of Service attack against Ft. Meade's domestic surveillance effort.  And the NSA brought this on themselves by their over reach.

I'd point out that if you want one, you'll have to wait - their entire initial production run is already sold out and it's not even shipping yet.

5 comments:

Thomas said...
This comment has been removed by the author.
Thomas said...

If the Chi-Coms are the ones mass producing the phones, no thanks.....

Old NFO said...

Hmmm... Worth looking into...

Stephen said...

As far as I know, they missed the obvious feature -- a hard switch to disconnect the battery when you want to be sure you've gone dark.

Weetabix said...

I'm hoping the NSA hasn't realized that the cheapest way to defeat this is to buy up all the production.