Boeing has sought regulatory approval from the FCC for a tamper-resistant phone intended to self-destruct if its case is opened. The phone, called "Black," runs Android, and is intended for use under the DoD Mobile Classified Capabilities guidelines. It will be sold with a nondisclosure agreement prohibiting tampering or service, and opening the case will trigger a system intended to wipe the phone's data.
Interestingly, it has a removable battery (something that's become increasingly scarce in smartphones). Best operational security practice holds that you should remove your phone's battery when you want to be sure that it's off, because any malware that turned your phone into a bug could also cause it to simulate being switched off while it remained running.
It's an intriguing technical problem. I'm intuitively skeptical of the security model. I can believe that this phone will be tamper-evident, but I don't know if it will be all that tamper-resistant. That is, it may be capable of preventing an attacker from surreptitiously opening the case to access the components, but how about an adversary willing to simply smash the screen to get at the components beneath?
The manufacturer could make a phone whose accelerometer tried to detect these events and wipe the device as a precaution, but I suspect there'd be a lot of spooks who'd end up cursing their self-destructing phones every time they butterfingered them while getting them out of a pocket while walking down the street. I'm pretty sure that I can use tools to remove my phone's screen in a way that generates less detectable stress than it receives during everyday knockabout and drops.
In a letter to the FCC, Boeing’s counsel Bruce Olcott wrote, “Boeing’s Black phone will be sold primarily to government agencies and companies engaged in contractual activities with those agencies that are related to defense and homeland security. The device will be marketed and sold in a manner such that low-level technical and operational information about the product will not be provided to the general public.”
As part of the justification for requesting secrecy, Olcott added that the phone is a “sealed device” that will be sold with an end-user nondisclosure agreement. “There are no serviceable parts on Boeing’s Black phone, and any attempted servicing or replacing of parts would destroy the product,” Olcott wrote. “Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable.”
The FCC filing did reveal a few things about the Black, however. We know that it has dual SIM cards and is capable of operating on GSM, WCDMA, and LTE networks. It also has a removable battery. It will also have Wi-Fi and Bluetooth capabilities (probably to support a smart card-reading sled for PKI logins), as well as an HDMI port, according to a report on Myce.
Boeing’s Black: This Android phone will self-destruct [ Sean Gallagher/Ars Technica]