You're not connected to the Internet.
SmartphoneProduct know-how 1927

Blackphone 2 – An Android smartphone for your security

It’s not just companies that need a little more security in their pockets but also private users who can benefit from the Blackphone 2. The device comes equipped with an Android version called Silent OS that is tackling mobile phone security with a radical concept.

The Blackphone 2 from Swiss manufacturer Silent Circle is a mobile like no other. Although it looks quite ordinary, it’s actually one of the top players like the outstanding CAT S60. The cryptographers at Silent Circle have taken a closer look at Android and made security their main priority. With this in mind, they developed a device that is not only attractive for private users but also for businesses who attach great importance to security. Despite the fact that encryption is becoming more and more of a survival strategy and, consequently, everybody can and should benefit from Blackphone’s security features, I’ve decided to dedicate this article to the applications in the context of companies. The reason for this being that it’s the area in which the features really come into their own. However, think out of the box just a little and it’s easy to see why the Blackphone would also be very hand in everyday life.

Risk in your pocket

These days, there are only very few people who don’t carry a smartphone on them. For the safety conscious out there, this poses a lot of risks. Facebook and Google are the largest data leeches in human history. The keyword here is big data, meaning that all collected data is sold for advertising purposes. So if a user likes the concert photo of a rock band, she will be shown concert dates of similar bands. Although that’s quite useful, it’s also quite creepy.

In a business context, mobile devices become risky when private and corporate data share the same memory. If an app on a private phone has the authorization to access the memory, it can theoretically read all data in it. To put it in simplified terms: it’s theoretically possible that Facebook can reveal business secrets. Another scenario could be an attacker planting an app on a mobile in order to tap into the data. Even though users have no admin rights on Android and iOS smartphones and therefore cannot access deeper system levels, applications on the application layer are granted almost total freedom. If this weren’t so, the user experience would suffer greatly.

The Android layer model

Since this risk was recognized, companies have been making great efforts to counteract it. One thing is clear: Smartphones in the pocket of each and every employee pose a potential threat to internal IT security and the information within the company.

The solution: spaces

One company that has dedicated itself to user security on all levels is Silent Circle. The company has not only developed an interesting device but also has an interesting story. Its founders, Mike Jahnke and Phil Zimmermann, originally aimed to develop a safe version of the VOIP application Skype. But the idea just kept on growing and resulted in the release of Silent OS.

2 (5.50", 32GB, 13MP, Black)
Blackphone 2 (5.50", 32GB, 13MP, Black)
2

Availability

  • Currently unavailable. Delivery date unknown.

Information subject to change.

View details

During the development of the Android-based operating system, Jahnke and Zimmerman realised that Canada may not be the best place in the world to launch a secure version of Android. For this reason, the company moved to Switzerland, where data protection laws are better than in other countries. The company has been based in the canton of Geneva ever since.

Silent OS focuses on a model that segments Android’s application layer. This is referred to as “spaces”. In practice, it’s as if several Android versions were running simultaneously – each of them featuring a separate application layer. Silent OS has three spaces:

  1. Personal Space: A run-of-the-mill Android version that’s barely any different from other versions on the application layer. The changes are all in the deeper layers
  2. Silent Space: Google services are inactive. In addition, there are countless configuration possibilities that e.g. do not allow screenshots or block outgoing calls
  3. Managed Space: Similar to Silent Space, Managed Space can be freely configured. The only difference is that users cannot modify settings themselves. All settings are managed by a central body, i.e. by the internal IT security office.

Some of the Silent Space options

Space management offers options for all spaces; so not only for the Silent Space but also for the Personal Space. The most important options are:

  • Exclusive Network Access: When Silent Space is active, other spaces have no access to the network
  • Mobile Only: Silent Space can only use mobile networks for data transfer. This prevents connections to hostile WLAN, thereby minimizing local man-in-the-middle attacks
  • Allow Outgoing Calls: Users are allowed to make phone calls from the Silent Space
  • Allow SMS: Users are allowed to send text messages from the Silent Space
  • Allow Location Sharing: Users are allowed to use GPS services while Silent Space is active
  • Allow Screenshots: Users are allowed to take screenshots of the system
  • Allow Microphone: Users are allowed to record audio
  • Allow Bluetooth: The device can create a Bluetooth connection
  • Space Sharing: The device is permitted to exchange data between Silent Space, Managed Space and Personal Space
  • Read Device Info: Users are allowed access device information
  • Allow Debugging: Users are allowed to access developer options for more freedom within the system. Developer options exist in regular Android distros but are hidden.
  • Allow Unknown Sources: Users are allowed to sideload apps, i.e. install them from sources other than the official app store
  • Allow App Installs: Users are allowed to install apps

All the above authorizations can either be assigned to or revoked from the space. Silent Space comes without Google Services by default; however, these can be set up at a later stage. It goes without saying that this is not recommended as Google Services allow you to install any kind of app from the app store. This in turn poses a great risk to privacy and security integrity.

Managed Space allows a company’s internal IT security to commission smartphones a gogo. Therefore, devices can be handed over to employees without them having to make any major adjustments to the settings. This makes blanket security a lot easier to achieve.

Hardware weak point

From a security point of view, the Blackphone’s software is a quantum leap. By contrast, the hardware is nothing to write home about. The device feels like a cheap bit of plastic. But this may have other reasons than simply wanting to save costs or not attaching any importance to the hardware. Even if software security is a top priority in some devices, physical security is often neglected.

Smartphones are carried around by their users on a daily basis. No matter where the users are, their smartphones are with them. This includes inherently unsafe places including bars, restaurants or public space in general. So if a phone is lying about unattended, it’s much more likely to be targeted if it has a luxurious finish like an iPhone or a shiny metal case like the HTC 10 than a device that looks like a temporary replacement phone. So the unattractive case of the Blackphone 2 could quite possibly be cleverly devised camouflage.

If users still prefer an iPhone, Blackberry or any other kind of mobile, they are not automatically excluded from secure communication. Security mainly happens in the apps programmed by Silent Circle. These apps are available for both Android and Apple iOS.

Silent Phone – Secure communication comes at a price

The “Silent Phone” app serves as a messenger, telephony app and file transfer in one, providing the full communication package. All traffic generated by the app is end-to-end encrypted, so it’s sent encrypted from the sender’s mobile and only encrypted once it reaches the receiver’s mobile.

Despite the encryption, Silent Phone looks like a standard telephony app

But the app does come at a price even if installation is free. Silent Circle applies a Software as a Service (SaaS) model. In other words: Installation is free but fees are charged for the service. In return, software updates and upgrades are included. These licenses cost money but offer unlimited calls and a certain amount of data transfer.

Renewal Silent Suite (German, French, Italian, English)
Blackphone Renewal Silent Suite (German, French, Italian, English)

Availability

  • Currently unavailable. Delivery date unknown.

Information subject to change.

View details

Renewal Silent Suite + Silent World (German, French, Italian, English)
Blackphone Renewal Silent Suite + Silent World (German, French, Italian, English)

Availability

  • Currently unavailable. Delivery date unknown.

Information subject to change.

View details

Renewal Silent Suite (German, French, Italian, English)
Blackphone Renewal Silent Suite (German, French, Italian, English)

Availability

  • Currently unavailable. Delivery date unknown.

Information subject to change.

View details

Silent Circle has built in a special feature – the so-called burn feature for messages and file transfers. Any file that is sent with a burn time of ten minutes will automatically be irrevocably deleted after ten minutes.

The burn feature in action

A new security standard

The Blackphone is a long overdue invention, as the customization of Android – named “Silent OS” by manufacturer Silent Circle – focuses neither on the beautification of user interfaces nor solely on kernel hardening. Silent OS is equipped with encryption mechanisms on every level and has the advantage that the code is open source. The source code for Android and for Apple iOS can be looked at on GitHub. It’s generally worth taking a look at Silent Circle’s GitHub Repositories.

The division of Android into separate spaces offers previously unimaginable possibilities to determine, comply with and configure security regulations. Thanks to Managed Space, regulations can even be dynamic, i.e. centrally managed and promptly modified.

The Blackphone’s weak point is its hardware. The phone is lightweight but feels cheap. If a user wishes to use Silent Circle’s full application suite, this can be done with any smartphone featuring a software as a service mode; however, Silent OS and the associated spaces are only available for the Blackphone.

These articles might also interest you

User
Journalist. Author. Hacker. My subjects generally revolve around Android or Apple’s iOS. I also feel strongly about IT security. In this day and age, privacy is no longer a minor matter but a strategy for survival.

19 comments

User KonzoomEntenschutz

Der Artikel ist ja ganz neu, habt Ihr also auch Informationen über den Zustand der Firma?
Diverse Gründer sind abgesprungen und die Firma hat nur 6000 Blackphones verkauft.
Wird dieses Produkt und deren Sevices auch weiterhin unterstützt und gewartet werden?

22.01.2017
Report abuse

You must log in to report an abuse.

You must be logged in to reply to a comment

User Speedchampion00

Die ganze Geschichte ist äusserst interessant für Firmen, jedoch nicht wirklich für den privaten Gebrauch. Ich hoffe immer noch auf ein Handy mit einer selbst eingebauten Firewall, ob physikalisch (ein bisschen schwierig) oder am besten virtuell, welche selber eingestellt werden kann und man somit..

10.01.2017
Report abuse

You must log in to report an abuse.

User Speedchampion00

selber einstellen kann, welche Apps kommunizieren dürfen und vor allem über welche Ports. Ich möchte nunmal nicht, dass irgendein Handy Game die ganze Zeit über verschiedenste Ports nach aussen kommuniziert, wenn es überhaupt irgendwie verbunden sein soll. Android 6 hat da natürlich schon einiges verbessert, jedoch fehlen mir immer noch einige Aspekte, welche die Sicherheit optimieren. Natürlich dürfte bei einem solchen OS/Handy keine Apps, wie Google, Facebook etc. vorinstalliert sein.

10.01.2017
Report abuse

You must log in to report an abuse.

User Anonymous

Die von Dir gewünschte Firewall gibt es: NetGuard.
Funktioniert ohne Rooting Deines Gerätes und gibt es sowohl im Google Playstore, wie auch bei F-Droid.
Anschliessend Deine ganzen Verbindungen "blacklabeln" und nur noch die Verbindungen freigeben, welche Du wirklich benötigest.
Ebenso alle vorinstallierten, nicht benötigten Apps deaktivieren.
Idealerweise die Grundkonfiguration Deines neuen Handys vorab ohne Simkarte und Wlan-Verbinung vornehmen.

11.01.2017
Report abuse

You must log in to report an abuse.

User Anonymous

@DaSDorT
Danke für die ausführliche Beschreibung. Eine Frage zu deinem Text: wieso sollte es bei der Einrichtung keine Netzwerkverbindung geben?

11.01.2017
Report abuse

You must log in to report an abuse.

User Anonymous

Idealerweise machst Du die Grundkonfigurationen Deines Handys ohne Netzwerkverbindung um Deinen digitalen Fussabdruck möglichst gering zu halten.
So kannst Du bereits vorab alle Apps, welche Dir nicht gefallen und oder Du nicht benötigst deaktiveren.
Ebenfalls kannst Du alle (Sicherheits)Einstellungen VOR dem ersten Netzwerkzugriff wunschgemäss einirichten und so den Sicherheitsstandart Deines Handys, verhältnismässig hoch halten.
Alternative hierzu: Blackphone oder Costum Rom wie zB CM ohne G

11.01.2017
Report abuse

You must log in to report an abuse.

User Anonymous

Ja, stimmt, drüber hatte ich mir noch gar keine Gedanken gemacht, viele Geräte lassen ja gar keine Konfiguration ohne Netzwerkverbindung mehr zu.

12.01.2017
Report abuse

You must log in to report an abuse.

You must be logged in to reply to a comment

User Verdorrterpunkt

Hmmmmm.... sitzt auf einem Gaming Stuhl

16.01.2017
Report abuse

You must log in to report an abuse.

User Anonymous

..sieht aus wie ein entflohener Straftäter, Augen wie ein bekiffter, trägt ein t-Shirt als währs ein Vorstellungsgespräch bei der Metall Band und hat nicht mal den Anstand in einer Landessprache zu sprechen. Voll daneben digitec.

25.01.2017
Report abuse

You must log in to report an abuse.

User Anonymous

Dafür redet English als käme er grad aus dem Sprachkurs

31.01.2017
Report abuse

You must log in to report an abuse.

User Wowza

Fairer Einwand von zwei Zeitgenossen, die die Landessprache Deutsch "wie grad aus dem Sprachkurs" beherrschen.

01.02.2017
Report abuse

You must log in to report an abuse.

User Anonymous

jaja, language is very dear to me, kann auch die vierte Landessprache aber leider mit Akzent und nicht so geschliffen wie der Bärlocher

02.02.2017
Report abuse

You must log in to report an abuse.

You must be logged in to reply to a comment

User Anonymous

Betriebssysteme und Kommunikationsgeräte die man nicht abhören kann verstoßen gegen das EU Gesetz zur Überwachung. Jeder Bürger ist ein potenzieller Terrorist. Über gegenteilige Ansichten kann ein Mensch mit Verstand nur den Kopf schütteln.

08.02.2017
Report abuse

You must log in to report an abuse.

You must be logged in to reply to a comment

User TheRev

Android und "Sicher" in einem Satz zu verwenden ist für mich als ehemaliger IT-Security Manager ein Nogo.. Egal wer die Software sonst noch darauf Modifiziert, es sind gleich Google-Apps installiert und somit kann Google noch immer mithören etc. -> Unsicher.

11.01.2017
Report abuse

You must log in to report an abuse.

User Anonymous

Genial ist ja der Satz: "Die Daten werden über die Server Silent Circles geroutet, was zusätzlich Datentransportsicherheit bietet." Hahahaha

12.01.2017
Report abuse

You must log in to report an abuse.

User morgulbrut

Lesen hilft. Telephiert wird einfach in einem anderen Space, ohne die Google Apps. Und Android ohne Google Apps geht durchaus.

12.01.2017
Report abuse

You must log in to report an abuse.

You must be logged in to reply to a comment

User cornelisst

Interessanter Ansatz. Gibt's das Ganze auch auf IOS? ...oder warum sind die Screenshots der Applikationen auf einem iPhone zu sehen??

10.01.2017
Report abuse

You must log in to report an abuse.

User diego.romero

die silent circle funktionen sind auch für iOS verfügbar: itunes.apple.com/us/app/sil...

10.01.2017
Report abuse

You must log in to report an abuse.

You must be logged in to reply to a comment


Please log in.

You have to be logged in to create a new comment.

Corporate logo