Author Topic: "We now know that even your SIM card can and is running malware...."  (Read 2722 times)

0 Members and 1 Guest are viewing this topic.

All Spiric

  • Guest
http://mashable.com/2014/01/15/blackphone/

This is a joke.

 From a security perspective, as a general rule, the more moving parts, the less
secure (and less efficient) it is.
Whenever you see the words Android, Java, or any scripting language like PHP,
Ruby, Python, etc, this means there is a program (interpreter) that interprets
another program (application), and that whole mess is running on top of yet
another program (the OS). All of which are exploited. As soon as you decide to
write your software in any of these languages, you are automatically owned
before you even get out the gate, because any exploit in the interpreter or any
layer below it will be undetectable to your application.

This is why Java will never be secure, and by extension Android which runs a
variant of Java.

We now know that even your SIM card can and is running malware, so no matter
what security contortions go on in the application, the simple reality is that
as soon as this thing goes on the market, the Blackphone product-id will be just
another selector for the NSA. Even if the application can perfectly encrypt the
communication (which it can’t), you have just activated a nice honeypot for the
NSA and their friends, TreasureMap will light up with a nice green dot, and if
you are somebody that threatens the system, some analyst will click on the dot
and select Find, Fix, Finish.
If you are in a hot zone, time from power-on to Hellfire ringing your doorbell
can be less than 5 minutes.
Game Over.

Same thing goes for Secure Drop. The fact that this thing is geared to
journalists means only one thing when one of these stations goes live.. you are
now a person of interest. The way to do this is to make something that everybody
uses, not just journalist/whistleblowers. You want something that child
pornographers, money launderers, and college kids all use, so that there’s no
way to to track everyone in a useful way.

These people have spent money making a slick marketing video to play off
people’s fear and sell a false sense of security. Calling it NSA-proof or even
promising to provide security will not end well for these people.. it will only
end up in some EU lawsuit when the first customer gets their stuff sprayed onto
the internet, or worse.