August 13, 2014 By Rick M Robinson 2 min read

Is the world ready for a more secure smartphone designed to better protect your privacy? Encrypted communications firm service Silent Circle seems to think so, having teamed up with specialty phone vendor Geeksphone to offer the Blackphone, the prime selling point of which is data security. Essentially, a set of cryptographic and other security-enhancing services are bundled into a phone with a modified version of the Android OS.

In the hands of sophisticated users, the Blackphone could help placate companies’ mobile security worries. However, the phone will not entirely eliminate the bring-your-own-device challenge that many enterprises face. One thing it can do, however, is help illuminate the real mobile security challenge: the human factor.

Building Around Security and Privacy

As Fast Co.Labs‘ Luke Dormehl reports, Phil Zimmerman, the creator of Pretty Good Privacy, set out to provide a set of Android apps to enhance smartphone privacy and data security. His company, Silent Circle, ended up working with Spain-based Geeksphone to provide hardware specifically tailored to support the desired software features.

According to Sean Gallagher of Ars Technica, at the heart of the Blackphone is PrivatOS, an OS based on Android 4.4 KitKat. This system gives users much finer control over the permissions the OS provides to the apps running on it.

Blackphone also comes with a bundle of software and subscriptions to security-oriented services such as Silent Circle’s “Friends and Family” offerings, virtual private network (VPN) service Disconnect and SpiderOak secure cloud storage.

Is Blackphone Security for the Sophisticated?

Reviewers who have tested preproduction versions of this phone have been impressed by its suite of privacy and security tools, though its overall performance as a smartphone is only fair to middling. Given that this is the first effort to provide robust mobile security in a consumer-level package, the early results are highly creditable.

There are some inherent limitations. Like all software, Blackphone’s security software is potentially subject to zero-day vulnerabilities. Ironically, if Blackphone gains only niche interest, it will be largely safe from hackers, who will attack more widely used products. If it catches on, however, hackers will be that much more motivated to crack it.

Even aside from potential zero-day vulnerabilities, the Blackphone or similar devices will not entirely put security worries to rest. A brief perusal of the Fast Co.Labs and Ars Technica articles hints at the real challenges of mobile security, with mentions of proxy servers, public keys and VPNs. Security-minded readers will recognize these terms and have at least a general notion of how they relate to privacy and data security.

Read: 4 Essential Ways to Protect My Mobile Applications

However, most mobile users have never heard these terms and are in no rush to learn them, let alone adopt more secure usage habits. As one commenter at Ars Technica noted, no one on his contact list was subscribed to the secure services he used. Often, they were remarkably unwilling to learn or try these more secure tools. While Blackphone can extend some protection to the other end of a call or Internet connection, it cannot create security consciousness.

That is the true enterprise security challenge: creating security consciousness without browbeating people, which doesn’t work very well anyway. Blackphone is one more potential security tool, and a good one for sophisticated users, but no tool can provide security by itself.

More from

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today