Data Security Gets a Wake-Up Call From Blackphone
Is the world ready for a more secure smartphone designed to better protect your privacy? Encrypted communications firm service Silent Circle seems to think so, having teamed up with specialty phone vendor Geeksphone to offer the Blackphone, the prime selling point of which is data security. Essentially, a set of cryptographic and other security-enhancing services are bundled into a phone with a modified version of the Android OS.
In the hands of sophisticated users, the Blackphone could help placate companies’ mobile security worries. However, the phone will not entirely eliminate the bring-your-own-device challenge that many enterprises face. One thing it can do, however, is help illuminate the real mobile security challenge: the human factor.
Building Around Security and Privacy
As Fast Co.Labs‘ Luke Dormehl reports, Phil Zimmerman, the creator of Pretty Good Privacy, set out to provide a set of Android apps to enhance smartphone privacy and data security. His company, Silent Circle, ended up working with Spain-based Geeksphone to provide hardware specifically tailored to support the desired software features.
According to Sean Gallagher of Ars Technica, at the heart of the Blackphone is PrivatOS, an OS based on Android 4.4 KitKat. This system gives users much finer control over the permissions the OS provides to the apps running on it.
Blackphone also comes with a bundle of software and subscriptions to security-oriented services such as Silent Circle’s “Friends and Family” offerings, virtual private network (VPN) service Disconnect and SpiderOak secure cloud storage.
Is Blackphone Security for the Sophisticated?
Reviewers who have tested preproduction versions of this phone have been impressed by its suite of privacy and security tools, though its overall performance as a smartphone is only fair to middling. Given that this is the first effort to provide robust mobile security in a consumer-level package, the early results are highly creditable.
There are some inherent limitations. Like all software, Blackphone’s security software is potentially subject to zero-day vulnerabilities. Ironically, if Blackphone gains only niche interest, it will be largely safe from hackers, who will attack more widely used products. If it catches on, however, hackers will be that much more motivated to crack it.
Even aside from potential zero-day vulnerabilities, the Blackphone or similar devices will not entirely put security worries to rest. A brief perusal of the Fast Co.Labs and Ars Technica articles hints at the real challenges of mobile security, with mentions of proxy servers, public keys and VPNs. Security-minded readers will recognize these terms and have at least a general notion of how they relate to privacy and data security.
However, most mobile users have never heard these terms and are in no rush to learn them, let alone adopt more secure usage habits. As one commenter at Ars Technica noted, no one on his contact list was subscribed to the secure services he used. Often, they were remarkably unwilling to learn or try these more secure tools. While Blackphone can extend some protection to the other end of a call or Internet connection, it cannot create security consciousness.
That is the true enterprise security challenge: creating security consciousness without browbeating people, which doesn’t work very well anyway. Blackphone is one more potential security tool, and a good one for sophisticated users, but no tool can provide security by itself.