Several people have asked me for my recommendation concerning the new $800 Blackphone 2. To complete that, I have reached out to the company Silent Circle several times. I have been unable to get anyone from Silent Circle to return my calls or answer any of my questions. A few times I have spoken to technical support they were unable to answer these questions and promised a call back. I do not know if they have not answered these questions because they do not have answers, or because this blog has such as tiny community. I will continue to reach out to them to try to get information to your questions. At this time, I can only perform this recommendation from publicly available information.

First a comment about “meat space” or “The Real” as some call it. Anyone who knows security does not carry a cellphone, talk on a cell phone, or use the Internet for any Freedom Operation. The German military has moved back to typewriters. We are not smarter or more capable than the German Intelligence Services. If anyone wants to talk to you over the phone about “something” he / she is a government plant. Leave your phones and electronics at home. If you want to carry a cell phone for emergencies, keep the battery out, and put it in an ammo can in your trunk. If you go to a meeting, and others have cellphones ask them to turn them off, take their batteries out if possible and put them into the refrigerator.

Now here is the truth. The vast majority of you do not only exist in “meat space.” The vast majority of us still use cell phones and computers to talk and text friends. Thus we created the patriot darknet aka American Redoubt Darknet (AmRD) to help you when you do use electronics to use them more securely and anonymously. I strongly recommend you stop giving your electronic information away for free and force “the powers that be” to work for it. You are soft killing those who contact you. I mean the IRS which has been proven to target political enemies of the President have Sting Ray devices. Train as you fight, or practice now what you may need tomorrow. To do that I recommend you using some form of decent security or anonymity. In the cellphone area, I recommend Silent Circle or Red Phone on your iPhone or Android. If you are a leader (target), then the Blackphone is better. If you are really serious than the $3,500 CryptoPhone may be required.

I really like Silent Circle as a company and I covered them on this blog before they moved into the smartphone market in the post Another Patriot encryption company goes dark back in 2013. It is true that the $800 Blackphone 2 is more secure and privacy-conscious than any other smart cellphone at this price point, but it still has serious unmitigated security risks. And I don’t consider these risk to be of the nature “…we don’t try to solve every problem.” These are clear and present dangers to the privacy of cell phone users in the US. If you search Google for “stingray device” it returns over 500,000 results. If you search Silent Circle website for the term stingray, you get zero returns. Also Silent Circle don’t address baseband or SIM card risks? Come on guys.

I am unsure if others have been forthcoming about these weaknesses. If you have the Blackphone 1 keep it. If you do not, you may consider “going dark” and the Blackphone 2 as long as you recognize these risks. Here are my core concerns with the Blackphone 2, which are the same concerns I had with the Blackphone 1. You can read about these concerns in depth in my post Review of @Blackphone_ch mitigation of security & privacy threats from over a year ago.

1. No Sting Ray protection

2. No Baseband protection

3. Unknown SELinux / App Armor profiles

4. Cannot disable e911

5. Unknown protection from Google Play Store

No protection from Sting Ray devices. I have covered that one of the major issues facing Americans concern with cell phone security is the ungodly and unconstitutional use of Sting Ray devices which we have covered on this site. The only cell phone that I know of that can find Sting Ray devices in the wild is the German $3,500 GSMK’s Cryptophone. The way it does this is installing a “baseband firewall” on their phone. I believe it is technically possible for Silent Circle to implement such technology. To the best of my knowledge, they have not.

No protection from second operating system on phone. This is related, but separate to the first issue. There are at least two operating systems on every cell phone. In the case of Blackphone 1 and 2, there is Google’s Android and then there is the operating system created and maintained by the radio manufacturer. In Blackphone 2 case, it is QUALCOMM firmware. This is the firmware that hackers “hack” to “jail break” a phone. There has never been a case where hackers have not found a way to break this firmware. It is that insecure as these researches (30c3) from Germany demonstrate. This firmware is not released for public review, it is known to have huge security risks. To ensure you can rest at night, (another joke) Qualcomm is forced to give this source code to various governments around the world such as China, the US, and Saudi Arabia. There is no reason Qualcomm needs to write “back doors” into its firmware as it is very insecure.

“For example, as several commenters over at Hacker News have pointed out it’s virtually impossible to build a truly secure phone without addressing the baseband processor and SIM card. They’re two of the biggest weaknesses in our devices.”

It is if people simply leave the doors and windows open to their home, and then give their security information of how insecure it is, and when they come and go from the house to various governments. Then they say “we don’t build back doors.” You don’t have too. You can confirm it is insecure (by reading all the researchers / hackers who have gone over its insecurity in detail) and also because every new version of its firmware is quickly hacked by hobby hackers that allow others to “jail break” their phone. Qualcomm and other cell phone manufacturers have moved their hardware to “System-on-a-Chip” which means there is a single piece of hardware that basically runs both Google’s Android and Qualcomm’s very insecure operating system. You know, like your cell phone camera and microphone. Silent Circle does a good job of trying to secure Google’s Android. It does nothing to secure Qualcomm’s operating system or protect the BP2 from being exploited through Qualcomm’s known weak operating system.

The only way I know of securing this is to build a “firewall” between Qualcomm’s insecure operating system and things like the camera and microphone. To the best of my knowledge, Silent Circle does not do this. What I personally feel is less than honest is that Silent Circle refuses to warn even its users that there is this unsecured, proprietary (closed) OS on their secure phone.

Unknown zero-day protection. Silent Circle turns on Security Enhanced Linux (SELinux) on its version of Android. This is great. You can consider SELinux as an internal firewall. It tries to build “sandboxes” for each application. The reason it does this is that it helps against “zero-day” risk such as Stage Fright which we covered in the post Stagefright one of the worst vulnerabilities of any system to date. Zero Day risk are risk, we do not know about yet. If Android’s video processor was sand boxed with SELinux (or AppArmor) then Stage Fright would have posed “less of a risk” as it would be much harder to “break out” of its sandbox and attack other parts of the phone which themselves would have been sand boxed. Silent Circle has turned on SELinux, but it is unknown if it has written specific SELinux policies for the Silent Circle application and any other critical applications on its Silent OS (previously PrivatOS) or if it has simply turned on the default SELinux policy which is called “targeted.” Something is better than nothing, but if Silent Circle wants to protect its user community from the next “Stagefright” (and there will be another Stagefright) it needs to do the hard work of writing SELinux or AppArmor policies for as many critical applications on its phone as possible.

Cannot disable e911. All cell phones sold after 9/11 in the US have a capability called Enhanced 911 (e911). This allows remote people to “find your phone.” It is also believed that e911 allows for people to turn remotely on your microphone. This is so the government can “help you” in case of emergency. The question is does the police state abuse this ability. No, I joke, I joke we know the government abuses the e911 system like it abuse every other system that exists. It is interesting to me that Blackphone has a “US version” of its phone and the “Rest of the World.” Both can run things like at&t and Verizon. Why? Could it be that the US version has the e911 “chip” on board, and the “rest of the world” does not? If this is true, then you need to get someone overseas to buy you your Blackphone 2 and then ship it to you. My recommendation for Silent Circle is simply building a hardware switch that turns off the e911. To the best of my knowledge, there is nothing that says the capability cannot be turned off by the user. The law says OEM must sell phones with it enabled. Something similar to airbags on the passenger side. Also, Silent Circle can anonymously leak how we we can disable this e911 chip at my contact page. I would ask Silent Circle to tell us about the e911 system on their phones. I would like to know the differences between the US and “rest of the world” versions of the Blackphone.

Google Play Store. Blackphone 2 now allows you to install Google Play store as part of its setup. We know that Google Play store itself harvest approximately 30 different variables from your phone every 9 seconds and reports that data to Google. Google then sells that data to anyone who wants to buy it, including your government. Google has admitted it is primarily a data mining company trying to find out more about its users. That is why everything is free. This is why the first Blackphone didn’t allow users to easily install Google Play Store. Now since Silent Circle knows this, I would like to ask them if they have built any protection from the Google Play Store harvesting data from their user community. I also would recommend that Silent Circle more clearly warns its user community that just by installing Google Play Store they are giving Google access to the data on their phone in a very significant way.

There are other issues such as the small operating system hiding in your SIM card, rouge carriers hacking your phone, but here are several issues that are well documented, in the press and I cannot find any public documents addressing them from Silent Circle. Again, I have been unable to get in touch with Silent Circle and perhaps they have answers for all of this, but I have not seen any information from Silent Circle addressing these security concerns. Until these major security risks are mitigated or at least addressed by Silent Circle, I find it hard to get overly excited by the $800 Blackphone 2.

This site has been attacked by tyrannical foreign governments, Obama-era federal agencies, candidates for governor, and multiple progressive outlets. Progressives seem to hate any black conservative who walks off the liberal “woke” plantation. Social Media Internet ghettos have greatly diminished distribution of our content. This is called “Shadow-banning.” Please take a moment and consider sharing this article with your friends and family. Also please support our ability to continue to bring you a different perspective. Donate here. Another way to support us and show your spirit is to purchase CCS Partisan merchandise. Thank you.



Like this: Like Loading...