Sirin Labs Launches Solarin, a $14,000 Privacy-Focused Smartphone (venturebeat.com) 95
An anonymous reader writes from a report via VentureBeat: Sirin Labs has launched its high-end Android smartphone called Solarin. The company's mission is to create the Rolls-Royce of smartphones -- an advanced device that combines "the highest privacy settings, operated faster than any other phone, [and is] built with the best materials from around the world." Solarin promises "the most advanced privacy technology, currently unavailable outside the agency world." It has partnered with KoolSpan to integrate chip-to-chip 256-bit AES encryption, which is similar to what the military uses to protect its communications. As for the specs, Solarin features a Qualcomm Snapdragon 810 processor, with support for 24 bands of LTE, and "far superior" Wi-Fi connectivity than standard mobile phones. There's a 23.8-megapixel rear camera sensor and a 5.5" IPS LED 2K resolution display. The phone goes on sale June 1st for nearly $14,000 ($13,800 to be exact).
Snapdragon (Score:1)
Do they even *know* what's in the Snapdragon SoC? I mean, even with an (hypothetical, but thanks to LowRISC perhaps reachable) open design SoC you'd have to trust the foundry to not play shenanigans on you [1], but blindly buying from Qualcomm/ARM and whatever other parties are in there, with a mutual assured destruction level of NDAs between them?
Hmmm.
[1] http://static1.1.sqspcdn.com/s... [sqspcdn.com]
Re: (Score:3)
Yeah. This thing smells of snakeoil like those $50k gold audio cables.
Re: (Score:2, Informative)
> Then again, gotta start somewhere.
Definitely. And (even as a free software zealot I am) I won't spank, e.g. Purism for using Intel chips, although we have a rough idea of what is in them, and it ain't pretty.
But I expect them to be up-front on it. Especially on those mass-produced SOCs, where the processor controlling the boot and having access to all of RAM isn't the one you see (it's the graphics proc or the baseband proc or whatever) and is running a firmware you don't see, which most probably is OT
Re: Quite possibly (Score:1)
Then start here: www.j-core.org
Re: (Score:1)
What custom hardware? Everything described sounds like COTS hardware.
Re: (Score:3)
Re: (Score:2)
Yeah. This thing smells of snakeoil like those $50k gold audio cables.
Big difference. The audio cables are in your home, where nobody sees them until they already know you. But this cellphone can be used to make a first impression. When a human male reaches mating age, he develops a need to display fitness and social status in order to attract a desirable mate. We already have $15,000 watches, so why not a $15,000 cellphone, that he can display by setting it on the table during a first date. He could even prearrange with one of his friends to call the phone, and pose as
Re: (Score:2)
Also wouldn't the privacy be useless unless the other party has a similar phone? I mean sure, your end of the exchange could be secure, so it would just mean the 3 letter agency would go after whoever you are communicating with.
and face it, if they are after you -- to the point where they are trying to drop eaves on your conversations, they already know who you're associating and communicating with. And probably have a warrant to get your phone records anyways.
So there's this wonderfully secure phone... (Score:5, Insightful)
Re: So there's this wonderfully secure phone... (Score:1)
Secure/privacy "phone" had camera -- fail.
Re: (Score:2)
And a microphone! Can't have a private phone with a microphone. What does a phone need with a microphone anyway?
Seriously though, a camera can be effectively taken care of by a piece of tape if someone is that worried. The microphone is a much more tricky reality.
Either way, this device is BS preying upon the rich and gullible (frankly I doubt that's a big market, people don't generally get/stay rich if they are so gullible).
Re: (Score:3)
you can't secure android. cannot. be. done.
android is a steaming pile that ONCE was a respectable linux install.
google had their way, they messed it up and its broken by design, now.
even if we ignore the software, there are many layers to the radio system and you cannot, just CANNOT secure that. diff entities (groups) have access to diff layers of the radio and phone mgmt.
yes, this is for the gullible.
the real secure guys would not be using a phone network, not be using off the shelf carrier-approved chip
Re: (Score:2)
you can't secure android. cannot. be. done.
As opposed to? You think you can trust Apple, or Microsoft, or even Blackberry?
At least with Android, you could theoretically compile your own from source.
Re: (Score:1)
A phone isn't much of a phone if you are unable to talk to the person on the other end due to no microphone.
Re: (Score:2)
It was game over once the SIM was installed and the power turned on. Connecting to the legacy network that has no notion of privacy means that no matter how privacy-focused your phone is it doesn't matter at all.
Re: So there's this wonderfully secure phone... (Score:1)
He's probably talking about the ss7 vulnerabilities.
https://en.m.wikipedia.org/wiki/Signalling_System_No._7
Or using non-trustable baseband, modem drivers etc...
Re: (Score:2)
Re: So there's this wonderfully secure phone... (Score:1)
presumably the audio and video is encrypted before it reaches any hardware not totally designed by them.
Which is what they mean by "chip to chip"
Problem solved.
Re: (Score:1)
Re: (Score:3)
...and then the Facebook app gets installed. Game over.
Much like OpenBSD, this device is likely designed to be secure by default.
Unfortunately, exactly 0.00% of people will want to run it that configuration.
Hypervisor or micro-cluster on phone? (Score:3)
I'm wondering at what point we'll have a phone that is a hypervisor or physical cluster under the hood, capable of delivering a virtual environment or separate physical environment for secure access.
All the insecure shit like Facebook or other dubious software applications could go in its own VM or on the "insecure" side, along with the baseband hardware. It'd be nice to be able to deploy multiple VMs for multiple VMs for various security levels.
Re: (Score:3)
Already exists, actually.
ARM supports hypervisors, and most hi
Private App Store? (Score:1)
Re: (Score:3)
At this price tag and if they really enforce security it should come with a private app store where everything is verified thoroughly by the constructor. 256-bit AES encryption won't do any good when the user starts installing malware...
Needless to say, at this price point they're targeting what I would like to call "celebrity-grade" security.
Re: (Score:2)
This phone will garner interest of high-roller criminals.
. . . which may be the point. Consider it trolling of the criminal class. . .
I've seen weirder ideas implemented. . . .
Re: (Score:1)
This phone will garner interest of high-roller criminals.
. . . which may be the point. Consider it trolling of the criminal class. . .
I've seen weirder ideas implemented. . . .
Speaking of weird, is it strange when I read the words "criminal class" I immediately think of bankers and too-big-to-fail organizations?
Re: (Score:2)
This phone will garner interest of high-roller criminals.
It's probably easier to have an unlimited supply of burner phones, that's what the major drug dealers seem to do,
Learning from Apple. (Score:2)
"...The phone goes on sale June 1st for nearly $14,000 ($13,800 to be exact)."
Still cheaper than the "Rolls Royce" Apple Watch models.
C'mon, you can do better than that for people who have money to burn. Where's my solid gold option? This smartphone is only the price of a car. Surely you can figure out a way to charge as much as a house would cost for an electronic device that will be obsolete in 3 years.
Sirin, did you not learn anything from Apple?
Re: 256bit AES... (Score:1)
Did you even read that blog entry?
'It's a related-key attack, which requires the cryptanalyst to have access to plaintexts encrypted with multiple keys that are related in a specific way.
The attack only breaks 11 rounds of AES-256. Full AES-256 has 14 rounds.'
QUALCOMM SNAPDRAGON BASEBAND (Score:1)
This overpriced heap of junk uses a Qualcomm Snapdragon baseband, It is dead on arrival.
https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf
https://www.youtube.com/watch?v=fQqv0v14KKY
Qualcomm often designs their basebands to have shared memory access to the RAM of the Application Processor that runs your Android/OS
Qualcomm is one of the worst from a security and privacy standpoint.
The Neo900 http://neo900.org/ is going to be much more secure, and much cheaper
Ennetcom were raided by Dutch Police (Score:5, Interesting)
Well Ennetcom produced a PGP phone, they even marketed it to lawyers as secure enough for lawyer - client privileged conversations. It was built ontop of Blackberry's platform.
The Dutch police raided it, seized its servers claiming the phone was being used by criminals hence it had the right to close it down as a tool of crime. It looked a bit from the timing like the Dutch police wanted to influence the iPhone encryption court case.
So we were sure it actually WAS secure only after this (blatantly illegal) police action.
And in turn we're also sure the Blackberry phone is backdoored, because police are very happy with that phone and make no attempt to raid Blackberry servers these days, and Blackerry CTO says they take a more balanced approach to end to end encryption than some of their competitors (i.e. Apple).
So we won't know that this phone is secure, till its shutdown by an out of control police force.
Re: (Score:1)
Re: (Score:2)
How does that allow you to run an open money laundering operation?
Re: (Score:2)
So we were sure it actually WAS secure only after this (blatantly illegal) police action.
You mean aside from the business itself being investigated and shutdown for money laundering, and the owners brought up on charges of weapon possession, and the police after seizing the servers informing all users that the servers are shutdown and not using them for a potential honeypot.
Yeah all sounds suspicious to me, but not at all for the same reasons you're suggesting.
100% stupid (Score:2)
All that is needed is a pure android with some added functions to detect when you are on a government or police fake cellphone tower and other crud that leaks information.
no need to build any hardware as a nexus unlocked phone or even a oneplus unlocked phone will do what is needed. it is simply a clean install of android with no added bullshit shovelled in and some extra tools.
Viewing angles (Score:5, Interesting)
You may scape the NSA but you will not scape the prying eyes of your neighbor.
Re: (Score:2)
Do they offer a privacy enhancing screen protector for it? In east Asia (and probably on Amazon) you can get ones that are polarized to reduce the viewing angle down to about 20 degrees, with optional matte or mirror finish. They also have little cleaning pads on spring cords so you can wipe the screen and erase any fingerprints, but most western phones (and western models of phones released in east Asia) seem to have removed the strap holes.
Re: (Score:2)
In fact you never know whether your neighbor works for a three letter agency. In the case of the silk road founder for example, he was in a public library, when two federal agents faked a quarrel so he was distracted and another federal agent then grabbed his laptop while it was unlocked. Its a quite low tech attack and even the best hdd encryption didn't help him after that.
Most likely the Solarin phone wouldn't have protected him in this situation either.
Re: (Score:2)
Then add a daemon in the background that watches for your something you wear (bluetooth watch/nfc ring) and when it's out of range lock everything down.
Re: (Score:2)
And yet "Tempest" computing has been dead since the mid-90s. The shielding required, at least on the old model of RF emination protection, would make a handheld phone impossible.
Re:Cost might be justified (Score:4, Informative)
Re:Cost might be justified (Score:4, Insightful)
You really do know next to nothing about security, it seems.
Re: (Score:2)
The real security threat is physical access to the phone itself, but you can reduce that threat as well with encryption and strong passwords to key elements.
What About MetaData? (Score:3)
1. The remote phone numbers that you call, or, if themselves for mobile devices, send SMS messages to.
2. Potentially, the phone numbers that call you.
3. Your location, as determined by triangulation from cell towers [assuming that you don't have a compromised GPS sensor in the handset.
4. The duration of the calls you make and/or receive, plus your location, time of day, etc, whilst those conversations happen.
5. The superset of data relating to you - that is: the location and activities of the counter-parties you communicate with, the on-chain communications that *they* participate in...
6. All of your web and email activity [unless you have an effective S/MIME solution, and/or have a remote proxy server that you can configure into your phone browser.
In other words, it is trivially easy to gather so much additional data from even the most secure handset that it simply isn't possible to disguise the activities you perform through a handset. EVEN IF YOUR OBSERVER CAN'T CRACK YOUR HANDSET.
I would be very reluctant to dismiss this handset as the mobile phone equivalent of snake oil, but I wonder if clients are fully aware of the inherent limitations of the solution they are being offered, and if they think it's still worth $14,000?
Just in time for my birthday! (Score:2)
100 Euros ... (Score:2)
... that some half-wit web/mobile developer n00b can find a hack for this in under 30 minutes.
Another 100 Euros that any small Linux PC set up by a decent admin with Ekiga Voicechat over SSH is a bazillion times safer and way harder to crack for ye 3-letter agencies.
Who runs Bartertown? (Score:2)
Guess who just failed before starting (Score:4, Informative)
From twitter [twitter.com]:
Farewall, $14,000 phone. We hardly knew ye.
Re: (Score:2, Funny)
And why does the submitter keep other figures at 3 significant digits? For consistency it should be:
"AES encryption above 250 bits (256 bits to be exact)"
"a nearly 24-megapixel rear camera sensor (23.8 megapixels to be exact)"
Marketing Scam 101 (Score:2)
Sounds like a marketing scam to me, or perhaps just a scam.
I'd suspect the market for a $14,000 phone is kinda slim. Unless it lets me talk to my future self in my domed habitat on Mars, I'll pass.
I'd also suspect that anyone buying a $14,000 "privacy" phone will immediately go on a heightened surveillance list because, you know, terrorism.
In addition, who's to say it's not a front company for the CIA/FBI/DHS floated out there as a way to lure in the suckers who want a secure phone to conduct illegal busine
At that price, you only need to sell a few (Score:2)
I'd suspect the market for a $14,000 phone is kinda slim
Well, the market for cell phones is in the billions. If they only sell to 0.01% of the richest and stupidest of possible customers, that's a billion dollars of sales.
Heck, if they just sell seventy or eighty of them, that's a million dollars. Not bad for a hundred dollars worth of hardware and some coding that none of the users are likely to understand anyway.
Re: (Score:2)
If they only sell to 0.01% of the richest and stupidest of possible customers, that's a billion dollars of sales.
Maybe, but I've seen this wishful statistical thinking before. Let's say I decide to sell my special super-pencils for $1000 a piece...all I need to do is sell 10 of them and I've made $10,000! Whoo hoo! That would be fantastic, except no one pays $1000 for a pencil, not even NASA. In reality my sales will be zero and I'll make nothing. This "you-only-need-to-sell-a-few" idea is great in theory, but doesn't usually translate well into reality.
Now this phone may be different, but to find that 0.01% of the ri
Who would buy this? (Score:3)
So I'm supposed to depend on some company I've never heard of, who doesn't own the intellectual property involved, who clearly doesn't have the resources to evaluate the code or audit the hardware properly, is "partnering" with other companies I've never heard of (who the F is Koolspan?), and who wants to sell me a phone "focused on privacy" (whatever that is supposed to mean) for an outrageous amount of money? For a piece of hardware that even if it makes it to market will be obsolete faster than the milk in my refrigerator will spoil.
Umm, ok. What a deal.... [/sarcasm]
How freaking much? (Score:2)
For that price, it had better come with a beautiful girl who blows you every time you make a phone call.
Well I'll guess we'll see. (Score:2)
But cyptography and marketing don't really mix. The marketing subtext is that because this uses the very best chips and is too expensive for ordinary people to own, it's secure. But of course that's nonsense. Security is a system property. It's not the chips or algorithms, it's how you use them. And it costs money to figure out how to use them securely, an expense that you amortize over the total number of units sold.
And at number of units you'll sell at a unit price of $14K, the gross revenues you have
Re: (Score:2)
Only if it promises gold and delivers brass.
Pointy corners (Score:2)
At $14k you'd think they would round off the corners, but instead they made them taper into points. I see complaints of them wearing hold in Armani's suits left and right.
Ok (Score:2)
Toss out all the "valuable" materials (I don't give a shit if the phone is out of brushed steel or plastic, what matters is that I notice if it's been tampered with), lose the camera (privacy also means no picture), lose the insane resolution screen (it's a phone. As long as it can display numbers and letters we'll be fine). Then we're talking about a device for the security conscious, not yet another toy for people with more money than brains.
No such thing as a secure phone (Score:2)
The only way to secure a modern smartphone is to shut it off, remove the battery, and then snap the thing into two pieces and then run the pieces through a shredder.
And even then I'm not so certain about it being secure.
Let's face it: once you make a call, at least the carrier and most likely the NSA, has metadata on your call. Does the phone come with a secure carrier that answers to no one? Didn't think so. Then there's GPS tracking. Then there's looking over your shoulder at the screen. Then there's the
Awfully strong wording, and another comment (Score:2)
Selling a secure phone (whatever that even means) but with such weeping, drooling, confident marketing speak... Well, they are just begging to be a target. This is assuming they have written their own super-duper security software version 1.0. Either this is total bullshit or they will end up with egg on their via courtesy of their hu
Monster Cables (Score:2)
built with the best materials from around the world
If they aren't using Monster cables, I'm not buying it.
Re: (Score:2)