From the land of expensive wristwatches comes a very expensive smartphone. On Wednesday, Sirin Labs, based in Schaffhausen, Switzerland, launched Solarin, a £9,500 ($13,700) Android phone that the company describes as "a military-grade super smart phone."
The company's use of the term "military-grade" should set off alarm bells. The Snake Oil FAQ, compiled in 1998 by a number of respected security researchers, including Steve Bellovin and Matt Blaze, warns against security products that use this term because it isn't clearly defined. Subsequent discussions of the topic have expressed similar skepticism of the term.
Technology has changed since then, but marketing has remained the same. EMC's Mozy storage service, for example, talks about its "military-grade security." You may be reading this article in a military-grade browser.
Organizations that talk about military-grade encryption these days are generally referring to AES-256 encryption, because that's what's required by the US Department of Defense. But AES-128 is generally considered the minimum requirement for security.
Silent Circle's BlackPhone 2 relies on AES-128 encryption to protect data. AES-256 encryption is widely used in other products like Apple's iPhone. Android specifies AES-128, with AES-256 as an option, while security-focused Android products, such as Samsung phones with KNOX, rely on AES-256.
Regardless, there's more to the security of software and hardware than the length of the encryption key employed to secure data. Key length affects the amount of computing power required to crack an encrypted file. But vulnerabilities in other systems can provide ways around encryption methods that would take too long to defeat using brute force, as the FBI demonstrated when it accessed the locked iPhone used by one of the San Bernardino shooters earlier this year.
Sirin Labs' Solarin relies on a Qualcomm Snapdragon 810 processor, a curious choice given reports that Samsung passed on the processor due to overheating. It can communicate at speeds of 450 Mbps down/150 Mbps up through X10 LTE and 802.11ac Wi-Fi with 2x2 MU-MIMO. It also supports WiGig (802.11ad), for those who can find compatible networks.
The phone features a 23.8-megapixel rear camera and an 8-megapixel front camera. It comes with 4GB of RAM, 128GB of storage, and a 1440 x 2560 pixel, 5.5-inch touchscreen display. It weighs 250g, almost twice as much as a 138g Samsung Galaxy 6, but not enough to prevent theft through heft.
The device's most innovative feature is the Security Switch on the back of the phone. The switch activates the phone's KoolSpan Security Shield hardware, which enables VOIP calls and messaging using AES-256 encryption. At the same time, there's an argument to be made that always-on encryption would be more effective than optional protection for messaging.
For encrypted email, the phone relies on ProtonMail.
Solarin integrates Zimperium's intrusion prevention system, zIPS, which relies on machine learning technology (rather than signatures) to identify malware threats. The advantage of zIPS is that it doesn't need to connect to the internet to obtain updated malware signatures.
Zuk Avraham, founder, chairman, and CTO at Zimperium, suggested in a statement that his company's technology, in conjunction with Solarin, was well-suited for "protecting high-net worth individuals, celebrities and VIPs."
According to The Verge, celebrities Tom Hardy and Leonardo DiCaprio, an investor in a previous venture of Sirin Labs founder Moshe Hogeg's, attended the London launch event.
Solarin's military-grade encryption thus might more properly be described as celebrity-grade encryption. In any event, it's celebrity-priced.