August 13, 2014 By Rick M Robinson 2 min read

Is the world ready for a more secure smartphone designed to better protect your privacy? Encrypted communications firm service Silent Circle seems to think so, having teamed up with specialty phone vendor Geeksphone to offer the Blackphone, the prime selling point of which is data security. Essentially, a set of cryptographic and other security-enhancing services are bundled into a phone with a modified version of the Android OS.

In the hands of sophisticated users, the Blackphone could help placate companies’ mobile security worries. However, the phone will not entirely eliminate the bring-your-own-device challenge that many enterprises face. One thing it can do, however, is help illuminate the real mobile security challenge: the human factor.

Building Around Security and Privacy

As Fast Co.Labs‘ Luke Dormehl reports, Phil Zimmerman, the creator of Pretty Good Privacy, set out to provide a set of Android apps to enhance smartphone privacy and data security. His company, Silent Circle, ended up working with Spain-based Geeksphone to provide hardware specifically tailored to support the desired software features.

According to Sean Gallagher of Ars Technica, at the heart of the Blackphone is PrivatOS, an OS based on Android 4.4 KitKat. This system gives users much finer control over the permissions the OS provides to the apps running on it.

Blackphone also comes with a bundle of software and subscriptions to security-oriented services such as Silent Circle’s “Friends and Family” offerings, virtual private network (VPN) service Disconnect and SpiderOak secure cloud storage.

Is Blackphone Security for the Sophisticated?

Reviewers who have tested preproduction versions of this phone have been impressed by its suite of privacy and security tools, though its overall performance as a smartphone is only fair to middling. Given that this is the first effort to provide robust mobile security in a consumer-level package, the early results are highly creditable.

There are some inherent limitations. Like all software, Blackphone’s security software is potentially subject to zero-day vulnerabilities. Ironically, if Blackphone gains only niche interest, it will be largely safe from hackers, who will attack more widely used products. If it catches on, however, hackers will be that much more motivated to crack it.

Even aside from potential zero-day vulnerabilities, the Blackphone or similar devices will not entirely put security worries to rest. A brief perusal of the Fast Co.Labs and Ars Technica articles hints at the real challenges of mobile security, with mentions of proxy servers, public keys and VPNs. Security-minded readers will recognize these terms and have at least a general notion of how they relate to privacy and data security.

Read: 4 Essential Ways to Protect My Mobile Applications

However, most mobile users have never heard these terms and are in no rush to learn them, let alone adopt more secure usage habits. As one commenter at Ars Technica noted, no one on his contact list was subscribed to the secure services he used. Often, they were remarkably unwilling to learn or try these more secure tools. While Blackphone can extend some protection to the other end of a call or Internet connection, it cannot create security consciousness.

That is the true enterprise security challenge: creating security consciousness without browbeating people, which doesn’t work very well anyway. Blackphone is one more potential security tool, and a good one for sophisticated users, but no tool can provide security by itself.

More from

CISA hit by hackers, key systems taken offline

3 min read - The Cybersecurity and Infrastructure Security Agency (CISA) — responsible for cybersecurity and infrastructure protection across all levels of the United States government — has been hacked.“About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson announced.In late February, CISA had already issued a warning that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Ivanti Connect Secure is a widely deployed…

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today