Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NSA Publishes Blueprint For Top Secret Android Phone

samzenpus posted more than 2 years ago | from the you-keep-using-that-word-I-do-not-think-it-means-what-you-think-it-means dept.

Android 172

mask.of.sanity writes "The National Security Agency has designed a super-secure Android phone from commercial parts, and released the blueprints(Pdf) to the public. The doubly-encrypted phone, dubbed Fishbowl, was designed to be secure enough to handle top secret phone calls yet be as easy to use and cheap to build as commercial handsets. One hundred US government staff are using the phones under a pilot which is part of a wider project to redesign communication platforms used in classified conversations."

cancel ×

172 comments

Sorry! There are no comments related to the filter you selected.

I want one. (3, Interesting)

roc97007 (608802) | more than 2 years ago | (#39215957)

That'd be the coolest geeky thing to have. Although I suspect it doesn't do you a lot of good unless both sides of the conversation is using them.

Re:I want one. (5, Funny)

Dunbal (464142) | more than 2 years ago | (#39216001)

Surely you mean all three sides of the conversation...

Re:I want one. (0)

Anonymous Coward | more than 2 years ago | (#39216037)

Three? That my good sir is a very conservative estimate.

Re:I want one. (0)

Anonymous Coward | more than 2 years ago | (#39216155)

Oh I'm sure they have whatever equipment they need, no reason to fret.

Re:I want one. (4, Interesting)

roc97007 (608802) | more than 2 years ago | (#39216597)

If you're implying a back door, the overriding problem as far as I can see is that if you have a secret double encrypted phone with an option, no matter how secret, for someone else to listen in, as a secret organization you wouldn't dare use the phone. Because somehow, by hook or by crook, by bribery, blackmail or corruption from the richest countries and individuals of the world, that back door *will* be made available to foreign powers. It's inevitable.

And so, the NSA will have created a phone that the NSA itself could not use.

If it had been intended as a honey pot, then bravo. Otherwise, no.

Re:I want one. (1)

Spy Handler (822350) | more than 2 years ago | (#39216623)

don't rely on it too much... these are the same folks who sold captured German Enigma machines to foreign governments in the 50s saying they're unbreakable.

Re:I want one. (1)

roc97007 (608802) | more than 2 years ago | (#39216661)

Right, but they weren't stupid enough to use the Enigma machine *themselves*, knowing that it had been broken. If the NSA is planning to use the phones, the NSA must think they're secure. If they're planning to build them and not use them, the phones are bait for very stupid organizations. Either way it would be interesting to own one, although you probably shouldn't call your tax accountant with it.

And as I said in another article, if the NSA thinks they can include a back door and somehow think they can keep it secret so that they could use the phones themselves, I'd be very very disappointed in them.

Re:I want one. (2)

cavreader (1903280) | more than 2 years ago | (#39216733)

Well they probably didn't really care since the Polish and England scientists already figured it out. And the "folks" making the statement you mentioned were most likely utterred by an one or two individuals not the organization as a whole. The US was more interested in moving nuclear physics from the white board to real world applications such as building nuclear weapons. Wasting resources on something already accomplished by others would have been a waste. And by the way England had a large head start with the information 2 Polish scientists were able to get out of the country before the Germans took control. The early versions of the enigma machine were targeted at business uses and had been around a while before it was applied to military uses. The Poles got their hands on one of these earlier machines before the war even started and security protocols were not as stringent as they were during the war. People make the mistake of judging US capabilities displayed in the past with the capabilities it now possesses.

Double Encryption??? (5, Funny)

msgmonkey (599753) | more than 2 years ago | (#39215969)

Wow sounds very secure, hopefully they did n't decide to go with ROT-13 twice.

Re:Double Encryption??? (-1, Flamebait)

Anonymous Coward | more than 2 years ago | (#39216031)

God forbid you actually read something in your life before making a comment. I think the image in the article was pretty clear...

http://i.haymarket.net.au/News/NSA%202%20layers%20of%20encryption.PNG

Re:Double Encryption??? (5, Funny)

Dunbal (464142) | more than 2 years ago | (#39216047)

Watches the contrails of the age-old ROT-13 twice joke go streaming by far, far above AC's head.

Re:Double Encryption??? (1)

Anonymous Coward | more than 2 years ago | (#39216273)

I think you mean "chemtrails" - this is the guvment after all :)

Re:Double Encryption??? (1)

JAlexoi (1085785) | more than 2 years ago | (#39216293)

I'm using Cyrillic alphabet, you insensitive clod!

Re:Double Encryption??? (1)

Anonymous Coward | more than 2 years ago | (#39216359)

What's wrong with ROT-13 encryption? It's less than AES-256, right?

Re:Double Encryption??? (1)

Dunbal (464142) | more than 2 years ago | (#39216433)

Why don't you ask the Romans?

Re:Double Encryption??? (1)

Skapare (16644) | more than 2 years ago | (#39216431)

It started as TRIPLE-ROT13, though.

Re:Double Encryption??? (0)

Anonymous Coward | more than 2 years ago | (#39216373)

God forbid you actually read something in your life before making a comment. I think the image in the article was pretty clear...

http://i.haymarket.net.au/News/NSA%202%20layers%20of%20encryption.PNG

hahaha... you're pretty dumb. hahaha... how can you not get what he is saying? God forbid you actually have a personality.

Re:Double Encryption??? (1)

Anonymous Coward | more than 2 years ago | (#39216985)

Tbq sbeovq lbh npghnyyl ernq fbzrguvat va lbhe yvsr orsber znxvat n pbzzrag. V guvax gur vzntr va gur negvpyr jnf cerggl pyrne...

uggc://v.unlznexrg.arg.nh/Arjf/AFN%202%20ynlref%20bs%20rapelcgvba.CAT

You were saying??

Re:Double Encryption??? (4, Funny)

alostpacket (1972110) | more than 2 years ago | (#39216283)

Not only double secure, but if you're caught doing something nefarious, they put you on double secret probation. They have also contacted Double Mint Gum about possible trademark licensing.

Re:Double Encryption??? (1)

Ihmhi (1206036) | about 2 years ago | (#39217497)

They even got Falcon Northwest on board to paint every phone in a unique "Double Rainbow" theme.

Re:Double Encryption??? (0)

Anonymous Coward | more than 2 years ago | (#39216379)

Presumably, it would be possible to break the encryption using a double rainbow table?

Re:Double Encryption??? (3, Interesting)

icebike (68054) | more than 2 years ago | (#39216557)

Actually, I remember reading somewhere that consecutive encryption of a file (or a data stream) provides no additional protection against brute force attacks. The brute force needed to decrypt the end result is virtually the same, whether you encrypt once or twice. Something about a "meet in the middle [google.com] " attack.

Not sure if this is true in all cases because TripleDES is a common encryption technique.
I (obviously) don't understand all that I read about this stuff.

Re:Double Encryption??? (1)

Beryllium Sphere(tm) (193358) | more than 2 years ago | (#39216711)

Anything is vulnerable to attacks on reduced-round variants. For full security, do what I did for this post: the full 16 rounds of ROT-13.

Re:Double Encryption??? (1)

izomiac (815208) | more than 2 years ago | (#39216977)

Something lost on most people (hopefully not the NSA) is that there is no such thing as encrypting something twice. If you add two encryption functions together, you have effectively just made one new encryption function that is the sum of the two. (Probably crossproduct or something if someone who understands the math wants to be pedantic.)

Say you encrypt your secret message with a Caesar cipher. That's not very secure, so you do 8 more rounds of Caesar. Now, to crack the encryption they have to break the Caesar cipher nine times right? Oops, what you've actually done is use ROT-1. Better do 43 more rounds of Caesar so it's even more secure!

The point is that your new encryption algorithm that's a combination of, say, GOST and Blowfish, hasn't been studied. It's entirely possible you've made a very weak algorithm (I say quite likely, since making a good encryption algorithm is very hard). This became an issue back when people used DES. You'd think two rounds of DES with two different 56 bit keys would have 112 bits of security. In actuality, it's 57 bits of security. Three rounds of DES is vulnerable to a meet-in-the-middle attack, so Triple-DES is actually DES-encrypt with key one -> DES-decrypt with key two -> DES-encrypt with key three (or key one if you really want 112 bit security and know better than to do Double-DES).

Re:Double Encryption??? (0, Troll)

Anonymous Coward | more than 2 years ago | (#39217063)

Pretty much everything you posted there is wrong.

uh (0)

Anonymous Coward | more than 2 years ago | (#39215981)

not quite top secret anymore. Unless they think Slashdot's following just doesn't matter. I cry fowl!

Re:uh (1)

Anonymous Coward | more than 2 years ago | (#39216005)

not quite top secret anymore. Unless they think Slashdot's following just doesn't matter. I cry fowl!

Chicken.

Re:uh (2)

Skapare (16644) | more than 2 years ago | (#39216449)

The article references conversations as secret, not the phone. Titles do get morphed on Slashdot. That's just the way of things.

Re:uh (1)

ozmanjusri (601766) | about 2 years ago | (#39217461)

RFC 2549 is not an encryption standard, and is highly vulnerable to man-in-the-middle (with shotgun) attacks.

Will it fit... (5, Funny)

ackthpt (218170) | more than 2 years ago | (#39215991)

In a shoe?

Re:Will it fit... (1)

ndogg (158021) | more than 2 years ago | (#39216341)

Will it give you a clue?

Re:Will it fit... (5, Funny)

Maintenance Goof (1487053) | more than 2 years ago | (#39216393)

Since this is not a secure channel, I think we should use the cone of silence!

Re:Will it fit... (0)

Anonymous Coward | more than 2 years ago | (#39217285)

What?

Flip side of that coin? (1)

aoeu (532208) | more than 2 years ago | (#39216013)

If you get caught with one you are presumed to be working for a TLA.

Re:Flip side of that coin? (1)

FooAtWFU (699187) | more than 2 years ago | (#39216137)

Maybe, but there are plenty of people who walk around working for TLAs all the time and not really trying to hide it. Perhaps they'd still like to encrypt their conversations?

Re:Flip side of that coin? (1)

mlts (1038732) | more than 2 years ago | (#39216541)

That's why I wish these could be sold to the US masses. That way, it may or not be someone working for a TLA, but perhaps someone who wants some decent on phone security.

Pre-ICS, one thing that Motorola [1] phones had as an advantage was the ability to encrypt internal storage as well as the SD card. The advantage of this, especially coupled with remote wipe and wipe after "x" amount of bad password tries should be obvious.

It would be nice to have an Android device that can run apps, but still be designed for decent security, even if someone's E-mails matter to only them.

[1]: OK, since Google owns Motorola Mobility fair and square, they really need to start unlocking bootloaders.

Re:Flip side of that coin? (0)

NFN_NLN (633283) | more than 2 years ago | (#39216713)

That's why I wish these could be sold to the US masses.

Whoa whoa... hold on just a minute. The average person is innocent and therefore has nothing to hide thus rendering encryption unnecessary.

Re:Flip side of that coin? (2)

tqk (413719) | more than 2 years ago | (#39217089)

The average person is innocent and therefore has nothing to hide thus rendering encryption unnecessary.

Yo, identity theft? The TLAs aren't the only people after all your seeeecret stuff. If I drop my phone and don't notice it, I like to know it's locked and nobody's going to get any use of it, or any of the data that's stored on it. I'd really hate it if losing it hurt someone who's info was stored on it.

On the other hand, would I trust the NSA to not enable a back door? Probably not (and I don't even particularly dislike them).

Re:Flip side of that coin? (2)

mlts (1038732) | about 2 years ago | (#39217515)

One can do mental gymnastics, but this is how I look at it:

If the NSA has a backdoor, eventually someone will find it and then glean knowledge of how they work. This may weaken them in the end. Plus, even if the NSA did, they can't really use it unless it would be an extremely high value target, or else their hand gets tipped.

A similar argument can be mounted against SELinux and PGP, where if the NSA did have backdoors, they would have to be extremely clever, as well as not used unless the target is extremely high value.

Re:Flip side of that coin? (1)

currently_awake (1248758) | about 2 years ago | (#39217427)

I agree. And as an added bonus you reduce the opportunities for other countries to steal your countries business secrets. And before you get worried about your government not catching terrorists, realize that the key servers would be kept safely in your country (accessible by warrant). Google could score big by including this in their next version (only usable with other android phones of course).

Re:Flip side of that coin? (1)

ozmanjusri (601766) | about 2 years ago | (#39217537)

It would be nice to have an Android device that can run apps, but still be designed for decent security, even if someone's E-mails matter to only them.

It's been there for a while. Look under Settings/Security/Encrypt Tablet for ISC. Earlier versions had the setting under Location and Security.

transparent case and dip switches... (5, Interesting)

jdogalt (961241) | more than 2 years ago | (#39216117)

All I've really wanted for christmas for the last 10 years is a phone easily disassemblable, with a transparent case, and user facing dip switches for the mic, the antennas, the battery, and these days, the power line going to the camera. Or alternately for the camera, a physical piece of plastic that slides to expose/cover the camera. Also the dip switches should be placed in such a way that it is reasonably convincing to technical users that they are in fact breaking the relevant physical traces/wires.

Maybe in 10 more years...

Re:transparent case and dip switches... (1)

Nethead (1563) | more than 2 years ago | (#39216607)

You can have that. There are developer kits that you can glom together to make them. But it will be the size of a lunchbox, and be engineered just to your specifications. I suggest that you look to ham radio to to start your development.

Remember, if you wanted all that capability ten-ish years ago you would have something the size of, and the cost of, a news van.

see: http://en.wikipedia.org/wiki/Electronic_news_gathering [wikipedia.org]

Microsoft about to sue government? (5, Funny)

JonahsDad (1332091) | more than 2 years ago | (#39216121)

Just wondering when Microsoft sues the NSA for patent infringement for using Android.

They are smarter than that (5, Interesting)

Sycraft-fu (314770) | more than 2 years ago | (#39216641)

MS knows that the government controls patents and that national security is a grounds that the government can take a patent away and make it public domain.

Interestingly enough the NSA has special status when it comes to patents. They can file secret patents that remain classified until someone tries to patent the same thing. At such time their patent is revealed and is valid from that date of revelation.

Gotta love /. headlines... (3, Funny)

RareButSeriousSideEf (968810) | more than 2 years ago | (#39216133)

Sensationalistic, inaccurate, or self-contradictory, pick any two.

Re:Gotta love /. headlines... (1)

ThatsMyNick (2004126) | more than 2 years ago | (#39216159)

Is all of the above not an option?

Re:Gotta love /. headlines... (3, Funny)

kat_skan (5219) | more than 2 years ago | (#39216361)

It is but there's a trick to it. You just have to pick two different ones when they post the dupe.

Re:Gotta love /. headlines... (1)

Nimey (114278) | about 2 years ago | (#39217343)

s/any/at least/

Security Violation (0)

Anonymous Coward | more than 2 years ago | (#39216147)

Having a classified conversation or meeting without prior notification to your FSO and/or outside of a classified environment is a no-no.

So what is the point of having a mobile phone?

Re:Security Violation (4, Informative)

oodaloop (1229816) | more than 2 years ago | (#39216299)

Um, maybe being able to use it inside the secured faciltiy? I worked at DIA for a while, and if someone wasn't at their desk, aside from leaving a sticky note for them, the only thing you could do is walk around and look for them or wait. Outside of work, I could call, text, email, facebook, IM, etc. But at work, there was email to their desk, call their desk, or nothing. A secured cell phone to take with you when you walk around would make things so much easier.

Re:Security Violation (0)

Anonymous Coward | about 2 years ago | (#39217443)

The point is that there are hundreds of thousands of staff who actually work inside a SCIF and are perfectly authorised to have classified communication without prior notification to anyone (because everyone they work with operates at the TS level); almost every discussion they have would be at the TS level.

That being said there is no codeword on this device making SI frustrating.

Specification, not blueprint (1)

Anonymous Coward | more than 2 years ago | (#39216151)

The link is to a specification, not a blueprint. A blueprint is enough information to build the product. A specification defines the products behaviour, but is only the first step. You still have to design the product.

Hmmmm... (3, Insightful)

olsmeister (1488789) | more than 2 years ago | (#39216179)

(dons tin foil hat) Do they really want phones like these to become inexpensive and easy to produce? Would we have been able to locate bin Laden if the courier and the whole group had these? Is there a back door hidden in the design that allows the NSA access? (removes tin foil hat)

Re:Hmmmm... (1)

Anonymous Coward | more than 2 years ago | (#39216657)

My assumption would be it's much easier to hack/leverage the endpoint (maybe with a pipe?) to tap into the transmission than to intercept the communications to begin with, so if they actually need to be in on the conversation they'll either bug one of the suspects, or exploit the server used as the vpn endpoint (assuming they're not actually phone to phone vpns, in which case A. neat and B. Internet accessable IP?)

Re:Hmmmm... (1)

currently_awake (1248758) | about 2 years ago | (#39217459)

These phones wouldn't have saved him. The calls still use the public network so are still traceable, and all the phones need access to the same key server. Knowing that MR x is a terrorist, you can assume anyone he calls might be a terrorist so you investigate them. And knowing where the key server is means you can get the codes to read the call.

Research In Motion (3, Insightful)

Mabbo (1337229) | more than 2 years ago | (#39216191)

Well, that should be the final nail in the coffin for the Blackberry. I've been saying for the last 2 years: All RIM has going is the fact that they have a secure phone. All someone needs to do is offer an Android-based phone with the same level of security, and they will have lost the only real selling point remaining that they had.

fishbowl !=blowfish (5, Interesting)

optimism (2183618) | more than 2 years ago | (#39216195)

re: "The doubly-encrypted phone, dubbed Fishbowl"

A strange combination of clever and ironic.
Fishbowl is an anagram of Blowfish, though I dunno if they use that cipher.
However to most folks, a fishbowl is something in clear view, under close observation.
Quirky.

Re:fishbowl !=blowfish (2)

Anonymous Coward | more than 2 years ago | (#39216517)

It's doubly-encrypted, so they use Twofish.

Re:fishbowl !=blowfish (1)

treeves (963993) | more than 2 years ago | (#39216719)

"Did you ever fly a kite in bed? Did you ever walk with ten cats on your head?"

Re:fishbowl !=blowfish (1)

Nethead (1563) | more than 2 years ago | (#39216619)

This had to bring a smile to Bruce's face.

Anyone remember NATO's phones? (0)

Anonymous Coward | more than 2 years ago | (#39216217)

Back when cell phones had analogue circuits you could sometimes spot a red NATO phone. On the technological trash heap of history now.

Wait (1)

eclectro (227083) | more than 2 years ago | (#39216219)

Where is the schematic for this thing??

In the Darkness of Redaction... (0)

Anonymous Coward | more than 2 years ago | (#39216267)

Anyone Read the PDF?

Page 98 ... Anyone wonder what was Redaction in and around the red horizontal box?

"The Mobility Program enables the mobile warfighter to access secure
government enterprise services from any device, anywhere, anytime."

now seriously ctrl-c ctrl-v did the job... but i wonder what wireshark + SRTP/SDES dev tool kit and a 2L of coke and Large NYC pizza would produce ;) bah only the imagination can Dream!

Where was it made? (1)

OzPeter (195038) | more than 2 years ago | (#39216271)

I hope not in China for the obvious reasons.

The design of the phone itself may be super-secure, but for it to be genuinely secure you need to have absolute faith in the integrity of the company building the thing.

Re:Where was it made? (1)

DMUTPeregrine (612791) | more than 2 years ago | (#39216335)

The NSA has its own fab. They can make their own chips if they so choose. Depending on the level of security needed I'm sure they will.

Re:Where was it made? (2)

OzPeter (195038) | more than 2 years ago | (#39216427)

The NSA has its own fab. They can make their own chips if they so choose. Depending on the level of security needed I'm sure they will.

They may have their own fab .. but from TFA ..

“The plan was to buy commercial components, layer them together and get a secure solution,”

You have to be able to trust the entire supply chain. In addition, they are talking about 3rd parties building these (who won't access to NSA systems) .. so why should I trust a 3rd party any more than I trust any other telecoms supplier?

Re:Where was it made? (-1)

Anonymous Coward | more than 2 years ago | (#39216701)

chinese have uh sma penis. Not have uh bih penis rike amelicans.

Re:Where was it made? (1)

Anonymous Coward | more than 2 years ago | (#39217033)

I think that the NSA of all organizations realises that the secret to security isn't to make something impossible to crack, but to take a good, long look at the value of the secret(IE the cost to hide the cat once it's out of the bag) versus the cost of the equipment. If it costs less to hide the cat while it's running around enjoying its freedom than it costs to keep the cat in the bag, then it makes no sense to spend more than that amount keeping the cat tied up.

To put it another way, you don't have to make it impossible for someone to compromise you, you just have to make it really really difficult for them to do a good job at reliably compromising you, which qualifiers imply that the expense is much greater in the latter case.

Re:Where was it made? (0)

Anonymous Coward | about 2 years ago | (#39217423)

The cost of a SIPRNet compromise might as well be infinite which is why no expense is spared in protecting it. The cap is on how much value worth of intel you can put in SIPRNet based on funding limitations. At some point, you have more intel than you can fit in your budget so presented with a choice between erasing intelligence or giving up on risk/reward calculations, your job eventually becomes spending enough money on protection so that no adversary exists which can get past the barriers to entry to the infinite rewards of success.

In other words: the fastest camper philosophy is for mortals. When you've got lucky charms, you have no option but leaving your dick hanging in the wind and hoping nobody can jump that high.

Double encryption.... (0)

Anonymous Coward | more than 2 years ago | (#39216313)

...like double DES, because that's theoretically TWICE as secure as DES, right? Right? Of course, it MUST be. It's DOUBLE!

Or maybe this phone uses the awesome power of Double ROT-13!

Rogue Apps (2)

losttoy (558557) | more than 2 years ago | (#39216317)

Remember, double encrypting rogue apps in AES does not make them good. The traditional approach towards security doesn't work very well in the mobile world especially Android. You have to not only do the regular things like encrypt but have a strict login such that they cannot run any app other than authorized. Not even the HTML5 stuff because it doesn't matter how locked down the phone is - once you allow an app on the phone that can access the data, it is game over.

Re:Rogue Apps (0)

Anonymous Coward | more than 2 years ago | (#39216463)

Please refer to the recent developments whereby the NSA has released their famed Security Enhancements now for Android. Strong Type Enforcement and Mandatory Access Controls addresses exactly what you said needs to be addressed.

Done and done.

You could RTFA (2, Insightful)

Sycraft-fu (314770) | more than 2 years ago | (#39216759)

Where you'd find out the encryption isn't about apps, but about the calls. The NSA requires it so that in the event there is a failure in the implementation of one of the encryption layers, that isn't an automatic compromise.

In terms of app control yes, it only gets apps from a DoD run app store. The phones can only get apps that the NSA has decided are ok. The control actually goes further than that, in that to place a call you connect to signals and they then route your call to the requested party. So you can't even just call whomever you'd like, you have to go through a central point (which means they can track who called who).

You have to remember the NSA is not new to this game. They are pretty much the best the world has ever seen at signals intelligence, and they were doing encryption back in the days when nobody had heard of such a thing. They are pretty good at it. Well their mission isn't only signals intelligence (as in capturing and decoding information from non-US entities) but also information assurance, meaning protecting US government communications.

Further, they have a mission to help protect US civilian interests like helping keep electronic banking secure. This is why you see things like this phone, or SELinux, released to the public.

Re:You could RTFA (3, Insightful)

MartinSchou (1360093) | about 2 years ago | (#39217473)

You have to remember the NSA is not new to this game. They are pretty much the best the world has ever seen at signals intelligence, and they were doing encryption back in the days when nobody had heard of such a thing.

Are you suggesting they also invented time travel and ventured back in time to before AD?

Encryption is a VERY old discipline, and was being used for more than a thousand years by the time Leonardo da Vinci was even born.

Re:Rogue Apps (1)

currently_awake (1248758) | about 2 years ago | (#39217511)

You could achieve high level security on an otherwise standard iphone by inserting an inline encryption engine before the radio/modem and having it handle the security. Proper sand-boxing of apps and only allowing apps that passed a security audit will round out the requirements.

Pay to have them done in the USA (1)

WindBourne (631190) | more than 2 years ago | (#39216457)

Seriously, NSA, DOD, CIA, etc should be paying motorola/Google to build these SECURELY in the USA. Having this produced in China is NOT how you get secured communications.

Re:Pay to have them done in the USA (0)

Anonymous Coward | more than 2 years ago | (#39216927)

and...they took our jerbs!

Re:Pay to have them done in the USA (1)

mlts (1038732) | more than 2 years ago | (#39217231)

I wouldn't mind Motorola doing exactly this.

Heck, Motorola can use the same hardware for their mass produced phones so they benefit from economies of scale. The difference could be a dedicated sub-ROM chip that gets code loaded on at a TS/SCI cleared facility (the same way the old Clipper chips were made in a normal facility, then the Skipjack algorithm was loaded.)

This way, most phones can have unlocked bootloaders and are free to run the latest CM version, while the phones for secure duty get the added code.

secret phone? (0)

Anonymous Coward | more than 2 years ago | (#39216461)

This is a top-secret comment.

It'll be three weeks... (0)

EmagGeek (574360) | more than 2 years ago | (#39216513)

... until Anonymous and WIkileaks publish recordings of phone calls made on the phones...

I kinda doubt it (3, Insightful)

Sycraft-fu (314770) | more than 2 years ago | (#39216683)

So let's have a look and see what classified information has ever been leaked by Wikileaks. Looks like just the diplomatic cables and video that came from Bradley Manning. Well guess what? That wasn't a hack, that was a person with access, that misused their access to give the information to an unauthorized party. That kind of thing has been going on as long as there have been spys and it is something the intelligence community works on (preventing or exploiting depending on) all the time.

Past that? Nothing. I see nothing from Anonymous getting on to JWICS and grabbing and releasing tons of documents. They've DDoS'd webservers (and failed to DDoS others, Amazon proved to be too big a target) and gotten in to people who have security holes, but they don't seem to be able to get at the classified networks.

Maybe, just maybe, the NSA is a little better at signals security than you give them credit for.

Not a good article (5, Informative)

Anonymous Coward | more than 2 years ago | (#39216527)

I was at the talk yesterday (at the RSA Conference) where NSA IAD director Margaret Salter presented this information. While the linked article is mostly factually correct, it glosses over or misses quite a few things. In no particular order:

* NSA's goal was to produce a spec for how to use commercial devices and commercial carriers yet still meet the requirements for SECRET or higher classified comms *without* forcing every user to be a COMSEC custodian. IMO, this represents a *huge* change in NSA's outlook on COMSEC and security in general. In the past, their focus has always been "security first, regardless of the impact on usability." Fishbowl's goals are an intriguing departure from this mindset.
* The selection of Android was not a starting point, but the outcome of a selection process that included requirements like "we have to be able to get the OS tweaked to meet our needs." The relative openness of Android played well against this requirement.
* Fishbowl currently only works on one handset. Salter declined to say which one, but it was clearly a Motorola product. Again, this was related to technical requirements around customization, boot loaders, etc
* The article gets it right about IPSEC vs SSLVPN but falls short of detailing the laundry list of things NSA wanted but was ultimately unable to obtain. It's clear that as the landscape evolves, NSA will update the fishbowl spec. For example, if someone made available an Android that supported Suite B, I think that would appear on the spec immediately.
* Salter did address the issue of rogue apps directly. She said that Fishbowl basically required policy support for locking out unapproved app installs, and that only NSA approved apps from the NSA enterprise app store would be allowed. "we don't want to be in the business of accrediting Angry Birds" is as close a quote as I can manage from memory.
* The best question from the audience was when someone asked if, by publishing a spec on how to do encrypted secure comms on an Android, her division hadn't made the job of the SIGINT spooks impossibly more difficult. She somewhat artfully dodged/refused to answer, and simply said that her job was to protect the data and communications of the US Government. My take: draw your own conclusions about NSA's ability to break IPSEC.

The talk was interesting, well presented, and completely sold out. I got one of the last 5 or 6 seats before they stopped letting people in the room.

Re:Not a good article (1)

Sulphur (1548251) | more than 2 years ago | (#39216755)

* Salter did address the issue of rogue apps directly. She said that Fishbowl basically required policy support for locking out unapproved app installs, and that only NSA approved apps from the NSA enterprise app store would be allowed. "we don't want to be in the business of accrediting Angry Birds" is as close a quote as I can manage from memory.

Disgruntled Poultry, the classified version, because everything on this is probably classified.

Re:Not a good article (0)

Anonymous Coward | more than 2 years ago | (#39217039)

Honestly maybe I've got the wrong take on it but the NSA *SHOULD BE CONSTANTLY TRYING TO MAKE SIGINTS JOB HARDER*. While it sounds douchey on the one hand, if the NSA can pull it off, you can bet there are suitably intelligent, motivated and financed 'persons of interest' doing the same. The best thing possible is for the NSA to be 3 steps ahead and hopefully give SIGINT the lead time to to either crack stuff that's still cutting edge or know that it is currently infeasible and plan for alternate methods of communications interception (perhaps discovering that either more assets or personnel need to be placed into a foreign organization in order to gain access to necessary information before it hits the lines.) Assuming access to either route of information is placing your eggs in one basket, which I very much doubt any intelligence community does.

Re:Not a good article (1)

Anonymous Coward | more than 2 years ago | (#39217209)

Someone please mod the parent up, if for nothing else than at least for the first point and Salter's take on the last question mentioned.

I think that, as someone else mentioned, the name "Fishbowl" is significant in that it signals the NSA's realization that you can't balance secure communications against an ability to intercept communications, since any backdoor will be leaked or discovered. This is meant to be a fishbowl in the sense that you know exactly what the phone is doing -- it's a promise that there are no back doors, but that this is actually secure communication. At the government level this makes total sense: it's frankly more important to secure internal comms from the Opposition than it is to be able to spy on internal comms.

Whether or not Fishbowl is ever commercially available is another question; this may well be restricted to government distribution only without any thought to having a consumer version available. On the other hand, if a Fishbowl product does enter the retail market, I wouldn't count on cryptography to provide the interception ability that NSA wants, but rather on side channels like Facebook-style quasi-spyware collecting information (even dsp'ing and transcribing voice ala Google Voice on a customer's own hardware?). Government-run MITM interception may be in for legal scrutiny as the pendulum of permissibility swings from fevered heyday of PATRIOT-style legislation to the current and unanimous SCOTUS slapdown against GPS tracking: there's a new emphasis on privacy, especially as the US sees itself lagging in that field in comparison to Europe, and the NSA may be hedging against having their interception abilities curtailed. Someone at Ft. Meade has to have already gamed out, "What if Congress or SCOTUS shuts down our wiretapping abilities so that cryptographically attacking intercepted encoded phone calls is verboten? How do we still get the intel we want?"

On the third hand, if the phone does reach the consumer market, maybe NSA thinks that truly secure communications doesn't pose as much of a threat to national security as insecure communications. Maybe allowing the Opposition (whoever that may be) to communicate securely and without interception is considered a lesser price to pay than letting industrial and financial secrets leak from the sieves.

Did they check for Carrier IQ? (0)

Anonymous Coward | more than 2 years ago | (#39216549)

Unfortunately the government didn't read the small print on the EULA and didn't notice that CarrierIQ was installed on the phone....'for their benefit'... but hey Carrier IQ promise not to do anything bad with all the data on their servers.

Bomb the Taliban? There's an app for that! (0)

Wookie_CD (639534) | more than 2 years ago | (#39216625)

it'll be interesting to see what official uses such a secure infrastructure will be put to as time passes

NBA Shoes (-1, Offtopic)

afra99 (2015780) | more than 2 years ago | (#39216627)

Regardless of what age you're in,put on a set of NBA Shoes [nbashoes-cheapsale.com] association Footwear allow you to own enought confidence, pleased mood and youthful Lebron 8 V2 [nbashoes-cheapsale.com] hearts. Trust me this brand Kobe 6 [nbashoes-cheapsale.com] footwear count you to definitely purchase. These Kobe 6 won't ever allow you to feel disappointed.I am certain our Kobe Bryant Shoes [nbashoes-cheapsale.com] web store may be the reliable website to give the top quality Lebron 9 [nbashoes-cheapsale.com] for you.

In Soviet Russia (1)

Roachie (2180772) | more than 2 years ago | (#39216667)

Telephone leaks YOU!

Aaaand that about wraps it up for RIM (0)

Anonymous Coward | more than 2 years ago | (#39216703)

One of RIM's most ironclad money-for-life lynchpins has been their contracts with the government and the military, providing secure communication devices. As the narrator of Fallout once said, "Life in the Vault is about to change."

cool one to try (1)

Anonymous Coward | more than 2 years ago | (#39216753)

in your browser address bar - type "illuminati" backwards and then add ".com" and see what site pops up ... they have a sense of humor!

It's clear what's going on here. (-1, Flamebait)

Calos (2281322) | more than 2 years ago | (#39216807)

It's clear what's going on here.

Google bribed the feds to use Android. Now, Android is pretty secure, because it's on Linux. But it's not as secure as iOS, because not only is iOS based on OS X, OS X itself is based on BSD.

So it obviously makes no sense for an agency which deals with secrets and security to use anything less than the most secure option. Therefore, Google paid them off. Probably not with money, but instead by letting the NSA access all of Google's information on, well, everyone.

Why would Google do that, give up that info for practically nothing? Well, Google isn't stupid. They know Android is a blatant rip off of iOS and that real soon the software patents held against Google will shutter Android. So what does Google do? It makes sure the NSA is using Android. Now, no politician is going to go against the NSA, and hell, it's hard to stop bureaucratic momentum regardless. So the government legitimizes Android; Android is now at the center of national security and is untouchable; and therefore all of Apple's patents are useless.

Yes, I do own funds that trade in tin. Why do you ask?

it is SELinux stupid. (1)

bussdriver (620565) | more than 2 years ago | (#39216891)

SELinux has a history with the NSA; it's known. anything Linux related will leverage that history. Actually, I thought that MS complained and used their corrupt influence to cut down on the governments contributions to linux.

Re:It's clear what's going on here. (0)

Anonymous Coward | about 2 years ago | (#39217539)

Nice conspiracy theory. The government chose Android for the same reason the military is giving the finger to defense contractors every time they try to sucker them with vendor lock-in.

Get serious. We're talking about Apple here. This is the same company that forces end customers to deal with warranty service through them directly instead of retailers. Idiot consumers may be stupid enough to sign off on "the human centi-pad" but the national security types apparently can actually read before they sign up for Apple's dick in their mouth.

Old line (1)

MrShaggy (683273) | more than 2 years ago | (#39216837)

Since the USA claimed that pedo-terrorists were the only ones that used encryption, what is the NSA trying to tell us.

Redacting a PDF... how not to do it... (0)

Anonymous Coward | more than 2 years ago | (#39216859)

Well you can highlight and copy the text in the redacted areas...

GG NSA.

stupid does not work like wise (0)

Anonymous Coward | more than 2 years ago | (#39217311)

stupid secures stuff by more stupidity only

What? (1)

Grindalf (1089511) | about 2 years ago | (#39217575)

So someone's been selling insecure phones eh? Every phone sold should be completely secure, what went wrong with regular phones and can it be fixed?

To bad none of you actualy read the PDF (1)

FlyingGuy (989135) | about 2 years ago | (#39217597)

First of all it is not a "blueprint" for the device, it is a specification for a very secure device.

Second of all no place in the document does it say, "this device uses android"

The references to Android are as follows, all of them:

Requirements Description DC.1 "The Device Configuration and Policy Management service shall be able to determine the configuration of the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2."

Requirements Description DC.3 "The Device Configuration and Policy Management service shall be able to configure the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2."

Requirements Description DC.4 "The Device Configuration and Policy Management service shall be able to configure policy settings for the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2."

Requirements Description RR.1 "The Remediation service shall be able to remediate the configurations of the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2. "

Requirements Description LT.1 "The Location Tracking service shall be able to track the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2. "

Requirements Description W.1 "The Secure Disable and Wipe service shall be able to request audit reporting from the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2. "

Requirements Description D.AC.1 "The Device Audit Collection service shall be able to request audit reporting from the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2.. "

So Sorry Android Fan boys and girls nothing in this document requires of specifies ANY Phone running ANY particular OS it simply references some of the features of the Motorola Droid Pro running Android 2.2

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>