Typical.
You wait ages for a black phone and then two come along at once.
There’s one other thing we can be sure of. It won’t be cheap. You know these military contractors - the worst kind of corporate welfare. If they could think of a way of making encrypted toilet paper they’d be flogging it off to the government at $10 a roll. I’m joking of course but that’s probably what a bog-standard roll costs the US Govt in Baghdad or Kabul already.
2 Likes
Quite.
From The Register article on this:
Blackphone will set you back $629, however, we’re betting Boeing is counting on a bigger payout than that. When it launched its secure smartphone project in 2012, it observed that phones with military-grade security were selling for between $15,000 and $20,000 apiece.
“We are going to drive down towards a lower price point, but … not mass-market price point,” a Boeing VP said at the time. Taxpayers, get out your checkbooks.
1 Like
tamper resistance is moot when it was likely tampered with even before leaving the factory… at least from my perspective
1 Like
Squib? or Squid?
1 Like
Nice. All the best attacks are simple.
The battery bug to turn on only when the phone is transmitting. The transmitter is probably the biggest drain on power, and can probably be distinguished from the display back-light. You can record hours of audio on a tiny piece of memory. I bet this can be done using much less than 1% of the volume of a normal phone battery, and using less than 1% of the power consumption.
OK - the ball’s back in the phone’s court. You take out the battery and the phone knows the power has stopped. The phone can also flag when the battery compartment was opened. The phone can then display a message saying exactly when the battery was last fiddled with. This will come up when the phone is next used, and will cancel itself (say) 48 hours later. The user has no way to cancel the message other than waiting, or the person swapping the battery could cancel it.
Indeed. And hey, while we’re at it, since the NSA already knows when we’re bad or good (at any time of day or night, for goodness sake) there’s no reason not to have each of these phones monitored at all times for every little piece of data that crosses its sensors. Which makes me hope that this will cut down on the number of photos of pre-pubescent women clogging up Uncle Sam’s and GCHQ’s servers.
Damn you semi-smart-phone spelling suggestions…
Edit: No, I did mean squid… A dehydrated kraken is compressed into a coin-sized disc that is explosively released by injection of a small quantity of water.
1 Like
That is why I use cheap Chinese knock-off batteries. They already have the lowered charge capacity and a battery switch would be obvious because of labeling (another plus is that it just might blow up when they try to swap it).
Might have to use a special battery with these phones. Most Li-Ion batteries already have microcontrollers in them to control charging and discharging, and keep the battery from turning into a Roman Candle. These controllers, in many cases, already communicate with their host devices to tell them things like battery capacity (so you can have your battery charge percentage indicator).
So add a little more functionality - cryptographic authentication and tamper detection - you can only use a battery that has the code onboard to show it is Authorized, and it bricks itself if anyone peels it open, or tries hooking up extra gadgets.
That should make it more challenging to create a bugged battery.
The Secretary has preemptively disavowed any knowledge of your actions.
You could stick all sorts of smarts in the battery. Maybe people can make this work. I would suspect that someone who can get hold of a secure battery could add something that did the listening and was no thicker than the battery’s label - a sort of mini ATM-skimmer if you will. I prefer a nice dumb message that your phone has been fiddled with.
Actually, by the time you get to protecting the batteries, you have probably lost. If the person wants to crack your phone, they just swap it for a similar-looking one. They get your password next time you try to activate it. Or the pitch of your Bazooka Joe signal ring, or whatever else activates it.
This is fun! I begin to understand why people work so hard at being dishonest.
This topic was automatically closed after 5 days. New replies are no longer allowed.
