[batberryz30]

This Phone Is An NSA-Free, Secret-Storing Black Box | Popular Science

This might be the phone that kill blackberry what do you guys think?

PGP

Base on Android OS

Posted via CB10

[batberryz30]

Ah.�Another day, another�NSA spying revelation. Here, at least, is a potential alternative for people who'd like to keep their gadgets and their privacy. Meet Blackphone, a sleek smartphone that encrypts communications.

Blackphone, according to the creators, is an Android-based gadget that can make video and voice calls, as well as send texts and files--all the while�blocking out prying�eyes through a custom operating system called PrivatOS. The creators are still quiet on most of the details, but the phone does come with an impressive pedigree: a�joint project from security company�Silent Circle and phone company Geeksphone, the team includes Phil Zimmerman, the creator of Pretty Good Privacy (PGP), the popular encryption system for�sub rosa�talks.�

Still, we might have to wait until more info on the phone is released next month to know how well the phone works as, well, a phone. Although as you will see in the video here, there is a person dressed in all black and sunglasses using the phone. She probably has secrets! Perhaps they are being well-hidden!

[thurask]

This has been posted already, but, in short:

This Phone Is An NSA-Free, Secret-Storing Black Box

Base on Android OS

Pick one, Blackphone.

[jcarlos100]

Isn't this in the crackberry articles? Also isn't there also a "secure" android version from Samsung available now

Posted via CB10

[skibnik]

Isn't this in the crackberry articles? Also isn't there also a "secure" android version from Samsung available now

Posted via CB10

Lol Knox? It was supposed to be Samsung's answer to BES that proved to not be so secure as they hyped it to be.

Z10 Running 10.2.1.1925 Take that Mr App Gap!

[Richard Buckley]

It could be made secure. The people building it have the cryptography cred to build secure communications protocols. But then someone will want to put Snapchat on it. What I don't see is the the OS security credentials.

The DOD has famously produced several hardened versions of Android, the most secure being SE Android. But if you think the BB10 application situation is a problem, SE Android is even more limited. The greatest weakness of a smartphone is always going to be the application echosystem. Neither BlackBerry nor Blackphone will be immune to this. As soon as you install a poorly written or malicious application and give it access to the data you are trying to protect, your protection is potentially gone.

[Baber Sultan]

That's why I say Richard that all smartphone software developers need to ensure applications (whether developed in-house or through other parties) need to have SECURE SOFTWARE DEVELOPMENT included right from the start. And that goes regardless of the mobile OS being used (Android, BB10, iOS). Believe me in the world of cyber security poor application development is the major contributor to application vulnerabilities and malicious activity going through. I wish BlackBerry would at least catch up on this fact and put on a game plan to promote "secure software development" . ISC2 (the major association for cyber security) has had their CSSLP cert available for a while now. With mobile companies like BlackBerry taking it seriously why not "certify" your software developers while you're at it? Making a headline in the media of this move would certainly up BB's reputation for taking cyber-security seriously.

On the other hand you could be "attracting" more malicious activity by touting yourself as bieng "top of the notch in security", but at the same time if you've done your job and secured your platforms then there's nothing to fear anyways.

[Baber Sultan]

Take for example here:

Starbucks plans to secure user information with updated iOS app

If they can produce a secure app for iOS it's all about building the same secure app for BB10. Do companies care enough to build tighter and more secure applications for the BB10 platform?

BlackBerry and John Chen have their work cut out for them if the momentum for this effort doesn't start.

[Richard Buckley]

Companies will only build the level of security their customers demand. Neither I nor BlackBerry would recommend storing sensitive customer data in the clear. But if a BB10 application does that in the easiest place, the data wouldn't be available so easily. Submission to BlackBerry World specifically asks about storing user data and how the application protects it. BlackBerry provides examples and guidance on how to do that. Certification would be great, but certified developers are not always able to use best practices if avoiding them is cheaper and faster.

It has long been Apple policy that user experience is more important than security, and BlackBerry policy that security is more important. The difference shows up in the OSs, and consumer desire shows up in sales figures.



Posted via CB10

[Brickleberry]

There is absolutely no way to secure a software based keyboard. Encryption must be done at hardware level before any software has a chance to peek at your key strokes.

[RJMarc]

Acquire them now.

[BobWalker]

There is absolutely no way to secure a software based keyboard. Encryption must be done at hardware level before any software has a chance to peek at your key strokes.

Precisely. And guess who owns all the firmware encryption patents? I'll give you a hint: it's not "Blackphone."

[Richard Buckley]

There is absolutely no way to secure a software based keyboard. Encryption must be done at hardware level before any software has a chance to peek at your key strokes.

Software and hardware keyboards can be secured, providing you trust the OS. If you don't trust the OS there isn't much point in worrying about any thing else. This is one of the reasons third party developers can't write new keyboards for BB10.

Posted via CB10

[Brickleberry]

Software and hardware keyboards can be secured, providing you trust the OS. If you don't trust the OS there isn't much point in worrying about any thing else. This is one of the reasons third party developers can't write new keyboards for BB10.

Posted via CB10

I beg to differ. Hardware keyboard can be secure independent of the OS.
On the other hand the XY matrix of any capacitive screen can never be secure regardless of the OS - private or open source.

[Richard Buckley]

I beg to differ. Hardware keyboard can be secure independent of the OS.
On the other hand the XY matrix of any capacitive screen can never be secure regardless of the OS - private or open source.

Reasons?

I submit both are input-output devices that are interpreted by software to produce a character stream. If access to the hardware is resticted to privileged software only (the OS) and that software is secure then the input stream is secure.

Posted via CB10