March 7, 2014
Mobile devices that deliver secure voice and data emerged as a dominant theme at the recent Mobile World Congress in Barcelona -- albeit from a surprising roster of companies offering radically different approaches.
Two announcements in particular captured the growing interest for much stronger security within the huge government market, as well as regulated industries where price elasticity remains high.
Boeing announced a secure phone dubbed Boeing Black, while a new joint venture called SGP Technologies announced Blackphone.
Boeing unveiled its first foray in the smartphone market, an Android-based phone engineered to boot securely, with a "hardware root of trust." It features embedded FIPS 140-2 encrypted key storage and configurable operating system security policies. It seems to adhere to the various security requirements set forth by the National Security Agency's Mobile Capability Packages and the NSA's associated Commercial Solutions for Classified (CSfC) program.
[Will remote disabling switches become the norm? Read: Kill Switches: Phones Just The Start.]
Rebecca Yeamans, director of communications for Electronic & Information Solutions at Boeing, said the new device is "rooted in trust through a combination of hardware and software components and secure assembly in the US," utilizing Boeing's PureSecure architecture. She refused to talk pricing, but it may be $1,600, from what I hear.
Blackphone (Source: Geeksphone)
Maryland-based Silent Circle and Spanish smartphone player Geeksphone announced a joint venture under the SGP Technologies umbrella with a product called Blackphone, aimed at those looking for a phone that puts a premium on privacy. Dutch Telecom giant KPN will be the first launch partner for the phone, which is priced at $630 for an unlocked phone and comes packed with $250 of additional software for free.
The company's services are based out of Switzerland (a country known for its predilection for privacy). It pairs Geeksphone's PrivateOS, which is also built on an Android operating system, with Silent Circle's suite of privacy-protection products, including Silent Phone, Silent Text, and Silent Contacts. It also includes an anonymous browser, VPN, and secure cloud file storage from SpiderOak.
Tools like Silent Text include the ability to destroy messages, files, photos, videos, or voice recordings or set a timer for them to self-destruct. Similarly, Silent Phone allows users to anonymously make VoIP phone calls. The company claims that no one can listen in or wiretap a call.
Silent Circle has taken a privacy-first approach to its offerings. This approach is radically different from established players in the smartphone space such as BlackBerry, Apple, and various Android OS developers, in that the company is focusing on individual privacy concerns rather than standards bodies of any one country. The Blackphone employs a host of technologies that seek to anonymize communications -- attempting to seal the door against individuals or nations trying to eavesdrop.
Toby Weir Jones, managing director for SGP Technologies, told me, "We know this device doesn't take you off the grid, but it does greatly enhance privacy. It's certainly a step in the right direction." He added that his company seeks to offer customers a baseline of privacy in a manner that does not depend on any one nation state.
Indeed, the product is designed to appeal to individuals and companies that do not necessarily care about specific technologies, standards boards, or government oversight. "We have developed a product that is for users who don't need to know what Elliptical Curve Cryptography is and don't want to know," says Jones.
Dan Ford, a member of Capitol College's IA Advisory Board and lead professor for mobile security, shared with me his observations about Boeing Black and Blackphone: "Clearly both companies have raised the bar on security. However, they have done so in different ways. The Blackphone from Silent Circle-Geeksphone essentially is taking a [commercial, off-the-shelf] device, packing in thousands of dollars of privacy services, and making the Android-based device significantly more secure at a really attractive price point."
Ford hasn't yet used the Boeing Black, but he commented on the "sealed and tamper-resistant" device, saying, "I wonder how this would play out with operators in the field... if the device is broken or needs repair." They would be out of luck in a mission-critical situation, he feels.
These two devices are aimed at radically different end-users. While Boeing has taken a traditional and US government-sanctioned approach, SGP has taken an "individual, privacy-first" approach without regard for any government buy-in.
The competitive approaches are likely to be good for government. Both companies promise further announcements. Given the state of mobile security today, it will be interesting to see which approach gains the greater following.
IT is turbocharging BYOD, but mobile security practices lag behind the growing risk. Also in the Mobile Security issue of InformationWeek: These seven factors are shaping the future of identity as we transition to a digital world. (Free registration required.)
About the Author(s)
You May Also Like
Perspectives on Security for the Board - 3rd Edition
3 Real-World Challenges Facing Cybersecurity Organizations
Responsible data use: Navigating privacy in the information lifecycle
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Acceleration
Ultimate Guide to the CISSP