On June 23, I posted that an Amazon Fire Phone (32GB, Unlocked GSM) was selling for $179. I almost bought one, because it includes a year of Amazon Prime, which I pay $100 per year for. That meant the real cost of the phone was $79.
Today, Amazon is offering the same phone for $159, including the same one year of Prime deal. That did it for me. I bought one. I'm going to use it as my international travel phone (my iPhone is locked by AT&T so I can't use another carrier's SIM card) and a replacement phone for when my daughter drops her iPhone in the toilet. Read the rest
For the next 8 hours, Amazon is selling the Motorola Moto G (2nd generation) for $140, which is $40 off its regular price. It's got good battery life and a 5-inch HD display. It's only 8gb, so if you buy one, get a 32GB microSD card for about $14.
Motorola Moto G (2nd generation) Unlocked - 8GB White ($140) on Amazon Read the rest
The FBI wants backdoors in all your crypto, and UK Prime Minister David Cameron made backdoors an election promise, but as Stanford lawyer/computer scientist Jonathan Mayer writes, there's no way to effectively backdoor modern platforms without abolishing the whole idea of computers as we know them, replacing them with an imaginary and totalitarian computing ecosystem that does not exist and probably never will. Read the rest
Blackphone, the Swiss-based, secure hardware/OS mobile phone from PGP inventor Phil Zimmerman has announced that it will provide a store with privacy-oriented apps that are sandboxed to minimize data-misuse. Read the rest
Stock Android phones with the Darkmatter OS use encrypted storage, OS-level app controls, and secure messaging by default, but if the phone thinks it's under attack, it dismounts all the encrypted stuff and reboots as a stock Android phone with no obvious hints that its owner has anything hidden on it. Read the rest
The protesters are dependent on mobile apps to coordinate their huge, seemingly unstoppable uprising, and someone -- maybe the Politburo, maybe a contractor -- has released virulent Ios and Android malware into their cohort, and the pathogens are blazing through their electronic ecosystem. Read the rest
Developers from the Replicant project (a free Android offshoot) have documented a serious software back-door in Samsung's Android phones, which "provides remote access to the data stored on the device." They believe it is "likely" that the backdoor could provide "over-the-air remote control" to "access the phone's file system."
At issue is Samsung's proprietary IPC protocol, used in its modems. This protocol implements a set of commands called "RFS commands." The Replicant team says that it can't find "any particular legitimacy nor relevant use-case" for adding these commands, but adds that "it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a back-door. Nevertheless, the result is the same and it allows the modem to access the phone's storage."
The Replicant site includes proof-of-concept sourcecode for a program that will access the file-system over the modem. Replicant has created a replacement for the relevant Samsung software that does not allow for back-door access. Read the rest
Boeing has sought regulatory approval from the FCC for a tamper-resistant phone intended to self-destruct if its case is opened. The phone, called "Black," runs Android, and is intended for use under the DoD Mobile Classified Capabilities guidelines. It will be sold with a nondisclosure agreement prohibiting tampering or service, and opening the case will trigger a system intended to wipe the phone's data.
Interestingly, it has a removable battery (something that's become increasingly scarce in smartphones). Best operational security practice holds that you should remove your phone's battery when you want to be sure that it's off, because any malware that turned your phone into a bug could also cause it to simulate being switched off while it remained running.
It's an intriguing technical problem. I'm intuitively skeptical of the security model. I can believe that this phone will be tamper-evident, but I don't know if it will be all that tamper-resistant. That is, it may be capable of preventing an attacker from surreptitiously opening the case to access the components, but how about an adversary willing to simply smash the screen to get at the components beneath?
The manufacturer could make a phone whose accelerometer tried to detect these events and wipe the device as a precaution, but I suspect there'd be a lot of spooks who'd end up cursing their self-destructing phones every time they butterfingered them while getting them out of a pocket while walking down the street. I'm pretty sure that I can use tools to remove my phone's screen in a way that generates less detectable stress than it receives during everyday knockabout and drops. Read the rest
Blackphone is a secure, privacy-oriented mobile phone company co-founded by PGP inventor Phil Zimmerman. It integrates a lot of the privacy functionality of Zimmerman's Silent Circle, which makes Android-based privacy tools (secure calls, messaging, storage and proxies). Blackphone also runs Android, with a skin that switches on all the security stuff by default. The company is based in Switzerland, whose government privacy rules are better than most. The phone itself is a high-end, unlocked GSM handset. No info on pricing yet, but pre-orders open in late February. I'm interested in whether the sourcecode for the Blackphone stack will be free, open, auditable and transparent. If it is, I will certainly order one of these for myself and report here on its performance. Read the rest
If you have an Android or Ios smartphone, it defaults to storing the history of all the places you go, at a very fine resolution, for a very long time, and mirrors that data on remote servers from which it might be leaked or subpoenaed. Lifehacker has a great tutorial on deleting your Location History and turning off future logging of your location. They cover both Ios and Android. I just did my devices, and it was very easy. Read the rest
Bob Smolenski says: "I've released a new audio game app for blind and visually impaired. Open Field Echo Sounder uses GPS on your iPhone or Android. Walk to the center of an open field and six virtual targets will be arranged around you. Echo locate them using headphones to determine direction. Sighted folks can play it also ;)"
Well, that didn't take long: shortly after Google added a new Android feature that let you deny apps access to your sensitive personal data, they have revoked it. This is frankly terrible, and the Electronic Frontier Foundation's Peter Eckersley has some very pointed commentary, recommendations for Android customers, and advice for Google: Read the rest