Papas Fritas writes:
"Reuters reports that Boeing has unveiled a smartphone that deletes all data and renders the device inoperable if there is any attempt to open its casing. 'The Boeing Black phone is manufactured as a sealed device both with epoxy around the casing and with screws, the heads of which are covered with tamper proof covering to identify attempted disassembly,' says a letter included in the FCC filing. 'Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable.' Boeing's Black phone will be sold primarily to government agencies and companies engaged in contractual activities with those agencies that are related to defense and homeland security. The device will be marketed and sold in a manner such that low level technical and operational information about the product will not be provided to the general public. 'We saw a need for our customers in a certain market space.' says Boeing spokeswoman Rebecca Yeamans."
(Score: 4, Funny) by swisskid on Friday February 28 2014, @12:36AM
Here catch!
Wait, I'm not rea....
Welp, there goes all my data.
(Score: 1) by samwichse on Tuesday March 04 2014, @05:41PM
So... like a regular cell phone then.
(Score: 3, Insightful) by bob_super on Friday February 28 2014, @12:45AM
Yep, that's Steve Jobs's ghost wondering how easily he would have gotten extra cash with a totally unrepairable phone, "for your own safety, because you're sooo the most important customers in the whole world".
(Score: 5, Insightful) by frojack on Friday February 28 2014, @12:49AM
All those government guys carrying blackberrys, believing they were safe, are going to jump on this. Probably even Obama and Merckel.
But you watch, someone will backdoor it for the NSA.
No, you are mistaken. I've always had this sig.
(Score: 2) by edIII on Friday February 28 2014, @09:53PM
If the NSA wasn't in the room while it was being designed, I would be utterly shocked.
They paid the RSA to sabotage large scale cryptography, why I am to believe they couldn't do the same with another military-industrial complex corporation?
If you use their products and think your data is safe from them, I have a bridge to sell you....
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by frojack on Friday February 28 2014, @10:01PM
There is any number of ways this could already be back-doored.
Even using Public/Private Key encryption, there is nothing to prevent the phone from sending another copy, encrypted with the NSA's key directly to some repository.
I've got to believe that since it is primarily developed for the Government, its backdoored right out of the gate.
No, you are mistaken. I've always had this sig.
(Score: 2, Insightful) by Marvin on Friday February 28 2014, @11:08AM
The iPhone is as (un)repairable as many other options. Samsung's Galaxy series or the Google Nexus series for example.
(Score: 4, Interesting) by frojack on Friday February 28 2014, @12:47AM
Hey Boeing, what about us?
The other thing this does is encrypt each outgoing voice stream with the target parties public key. (And decrypt voice streams coming in with with its own private key).
Meta-data (who called who) is still collectible if any part of the call goes over the commercial network. But The feds have their own net in many places.
Encrypted voice was always intended to be in the GSM spec. My old razor even had some settings for it buried in setup screens. However, the way they did it required the decryption and re-encryption at the towers, and nobody wanted to install that, and the feds put the whole issue to bed making encrypted calls illegal, unless the user does it himself.
No, you are mistaken. I've always had this sig.
(Score: 1) by swisskid on Friday February 28 2014, @12:56AM
Of course, you can only encrypt your metadata as long as your company/the government have the decryption key.
(Score: 3, Insightful) by frojack on Friday February 28 2014, @01:09AM
Well, you can't even encrypt it then, because calls have to travel on common carriers.
When you dial, each network along the route has to know where to send your call (what tower had that target phone last).
No, you are mistaken. I've always had this sig.
(Score: 5, Interesting) by BsAtHome on Friday February 28 2014, @12:48AM
This simply begs for a test. It looks simply like a another challenge for those who can put quite a bit of money in reverse-engineering. Non-breakable is something that has yet to be created. I seriously doubt that /this/ device is it.
(Score: 5, Insightful) by frojack on Friday February 28 2014, @12:51AM
It doesn't attempt to be non-breakable. It just attempts to flush all content if you try to break into it.
Voice is encrypted too, which was mentioned in the press a few days ago, but now seems scrubbed from the story.
No, you are mistaken. I've always had this sig.
(Score: 1) by weilawei on Friday February 28 2014, @05:34AM
I think that defeating the tamper-evident part of the product itself constitutes a challenge. It's the modern equivalent of being able to successfully open someone's mail by steaming the envelope and then resealing it without detection.
(Score: 1) by tibman on Friday February 28 2014, @06:27AM
Seems like getting at the data via non-destructive means would be the best. I wouldn't think disassembling a phone would get you much? I can't imagine someone would desolder a flash chip and put it into a custom assembly. Even if they did that the data could be encrypted.
SN won't survive on lurkers alone. Write comments.
(Score: 2, Informative) by BradleyAndersen on Friday February 28 2014, @02:44PM
IIRC, voice and data are encrypted, but only on their network. So if you and your friend each pay $629 for this thing, then it is encrypted.
(Score: 2) by frojack on Friday February 28 2014, @06:44PM
Right, both ends have to use this phone for voice encryption.
I suspect the data encryption would be exactly like any other phone, using HTTPS, and SSL, etc.
The only data that would be encrypted by this phone's special functions would be data transmissions direct from one of these phones to another of these phones, OR from one of these phones to a VPN, but that is sort of undefined by any of the writeups I can find.
No, you are mistaken. I've always had this sig.
(Score: 1) by Geotti on Friday February 28 2014, @09:28PM
Watch me playing angry birds until the battery dies then drilling through the power source of the tamper protection, the location of which I obtained by putting it in a TSA x-ray scanner and then taking a picture of the monitor with my iPhone at the right moment.
What a load of BS... Oh wait a moment it's Boeing we're talking about. Nothing to see here, carry on!
(Score: 2) by frojack on Friday February 28 2014, @09:37PM
So then what?
You have to power it up again to get at any of the data (unless its on a microsd card).
As soon as the CPU comes back on line, it detects the opening and kills the phone.
(Think you found all those tiny switches? I'm betting not, besides, its bound to be
password protected).
Or you have to unsolder the memory chips, and somehow read them on another
device. Good luck with that.
So skip the Angry Birds, Just put a bullet through the processor, then harvest
the memory chips. Yeah, that will work.
No, you are mistaken. I've always had this sig.
(Score: 1) by Geotti on Friday February 28 2014, @10:13PM
Well, to be fair, unsoldering those memory chips is rather easy with the right tools (i.e. some tin-foil and a heat gun), but I like your variant; it has a certain Clint Eastwood flair to it.
(Score: 2) by frojack on Saturday March 01 2014, @12:57AM
And, if you buy this phone, chances are you also have a supply of tin foil close by. ;-)
No, you are mistaken. I've always had this sig.
(Score: 1) by MickLinux on Friday February 28 2014, @10:04AM
This begs for a test, nothing! This begs for another Snowden!
Mannings are NOT the way to go-- When Obama said he'd have the most transparent government ever, and introduced the Whistleblower Protection Act, our elimination of whistleblowers went through the roof.
And we never addressed any of the problems or real criminals (so there's no controlling authority).
If anyone didn't see that coming, they don't understand the word "transparent".
But see this coming -- we're attempting to further empower the Watchers, and haven't figured out how to watch the watchers.
Or maybe they now have a NEW (tm) secret (tm) Quantum (r) superkomputer (tm) that will Automagically Watch the users of this phone, and never have a shred of conscience past loyalty to ... umm... the presid... no, the director of natio...no, ummm, the director of technology at the NS...no, um, the software installation company's CEO?
(Score: 4, Interesting) by EvilJim on Friday February 28 2014, @01:10AM
it'll only take one failure before the trigger is exposed, whether it be light sensor (open in a darkroom and tape the sensor), reed switch (open next to an old HDD magnet) or physical switch (use dremel to cut away a hole in the case leaving a portion over the switch) it will only be hours/minutes before the NSA is hardware backdooring these.
(Score: 4, Interesting) by SMI on Friday February 28 2014, @02:36AM
I find IronKey's solution [ironkey.com] (page 4) to this interesting:
"Protecting against physical access: ... some cryptographic chips use a metal mesh cladding that acts as both protector and sensor, and an automatic self-destruct function that is set in motion whenever the mesh senses it has been compromised. Within those drives, if a hacker tries to physically open up the device and peel off the epoxy coating to get to the semiconductor die directly and read the memory inside the smart card chip, the chip when powered up, will sense that the surrounding metal mesh has been tampered with will render the chip non-functional."
(original typos not corrected)
(Score: 1) by EvilJim on Friday February 28 2014, @02:47AM
Hmmm, interesting indeed... to hack one of these devices wouldn't piggybacking onto the chip be easier that opening it to interface (how I don't yet know)? or are we talking about something that encrypts at a hardware level here? would the most value be in retrieving data from a device? or inserting hardware to provide a backdoor/data capture so you can pick up future conversations/messages?
(Score: 2) by Khyber on Friday February 28 2014, @03:55AM
Oh fucking please. It's gotta be an electrical signal they're using for detection. Fucking easy to figure out and bypass.
Man can make it, man can break it. Try again Boeing, when you understand this.
Destroying Semiconductors With Style Since 2008, and scaring you ill-educated fools since 2013.
(Score: 1) by weilawei on Friday February 28 2014, @05:36AM
You raise a valid point--what is within the power of one fool to do is also within the power of another (and sometimes to undo what another fool has done). Cryptography, security, even the continued evolution of species will always be this sort of arms race. Despite the seemingly treadmill aspect of it, it happens because it's part of a natural, ongoing competition to reproduce and continue to exist.
(Score: 2) by zim on Friday February 28 2014, @04:41AM
because they don't want to be spied upon by their hardware.
(Score: 1) by EvilJim on Friday February 28 2014, @04:49AM
you cant tell me the NSA doesn't want to know what the other customers are talking about can you? they're not the only ones this is targeted at.
(Score: 5, Insightful) by naubol on Friday February 28 2014, @01:17AM
Angela Merkel
(Score: 5, Interesting) by mmcmonster on Friday February 28 2014, @01:48AM
So it runs a function to erase the data when you open it up?
What happens if you purposely drain the battery? Will the program still run?
(Score: 1) by Acabatag on Friday February 28 2014, @02:29AM
Perhaps the data is only battery backed-up, and not stored in flash memory?
(Score: 3, Interesting) by SMI on Friday February 28 2014, @02:43AM
Computers have long since been designed to include an alternative [wikipedia.org] power source. It's not beyond possibility to take the same idea and change the specs for different functions.
(Score: 1) by mmontour on Friday February 28 2014, @03:33AM
Many years ago there was a Dallas Semiconductor product called the Crypto iButton [thefreelibrary.com]. It was basically a Java smartcard with a built-in battery, and it would wipe its secure memory if it detected an attempt to bypass the tamper-resistant packaging. It was a nice product (although slow), but it never caught on and it's now discontinued.
(Score: 2) by mmcmonster on Friday February 28 2014, @11:15AM
Doesn't really answer the question. Even watch batteries die in a couple years.
What stops me from putting this in a small faraday cage and opening it up a couple years later?
(Score: 1) by SleazyRidr on Friday February 28 2014, @05:46PM
Nothing, other than the fact that your information will be a couple of years old. Nothing is ever foolproof.
(Score: 3, Funny) by lx on Friday February 28 2014, @02:52AM
It's made by Boeing so the battery will most likely burst into flames when tampered with. Or when not being tampered with. [bbc.com]
(Score: 0) by Anonymous Coward on Friday February 28 2014, @05:47AM
(Score: 1) by bogibear on Friday February 28 2014, @02:27AM
So what happens if you drop it and crack the screen, does it self-destruct?
If it is tampered with, do you get some effects like they showed in the old Mission: Impossible series (magic smoke)?
It'd be interesting to figure out how they make it self-wipe.
The world's cumulative IQ is a constant. The population is growing.
(Score: 0) by Anonymous Coward on Friday February 28 2014, @02:42AM
Maybe it doesn't use flash memory for most of its non-volatile storage, but CMOS SRAM or something similar that still requires some power to maintain the data. Trying to open the case results in immediate power cut somehow.
(Score: 0) by Anonymous Coward on Friday February 28 2014, @05:19AM
I imagine the self-wipe is probably based around the same principles as DBAN. Not sure what that means about how they implemented it though.
(Score: 2, Funny) by radu on Friday February 28 2014, @10:57AM
"that low level technical and operational information about the product will not be provided to the general public"
If I don't tell you my password is '42' you'll never be able to read my emails!
"tamper proof covering to identify attempted disassembly"
If you steal my phone and disassemble it, steal my data, send a link to goatse to all my contacts, then bring the phone back to me, I'll take a look at the screws and know you disassembled it, so don't even try, ok?
(Score: 1) by Wootery on Friday February 28 2014, @11:55AM
I'm more inclined to trust the upcoming Silent Circle [silentcircle.com] phone. Open source goodness, developed by people who seem genuinely committed to the cause.
They have [wikipedia.org] the guy who wrote PGP on team, which is also a plus.
(Score: 1) by Cere4l on Friday February 28 2014, @03:59PM
oh dear that link loads quite slow at the moment. Could this be the first soylent version of the slashdot effect?
On that topic... soylent effect doesnt have a nice ring to it. I propose the soyled effect!
(Score: 1) by quacking duck on Friday February 28 2014, @02:19PM
So if the iPhone scores a 2 and the HTC One scores a 1 [ifixit.com], I expect this Boeing black phone will score a zero?
And this is acceptable to the DIY repair communities that frequent S/N and /. because, hey, security?