Home » Articles » Battle of the Secure Smartphones
Click Here To Hide Tor

Battle of the Secure Smartphones

Dark web users just love having their smartphone communications spied on, right? (Detect any sarcasm there?)

While no internet-connected device is 100% secure, some definitely are more armored than others.  In the smartphone arena, several phones consistently rank among the best.

To which ones might I be referring? The Kali Linux NetHunter 3.0, Copperhead OS, and Blackphone 2 are a few favorites. Obviously these devices can be used by more than just those who explore the dark web, but if you’re someone who does, a little protection can’t hurt, right?

Kali Linux NetHunter 3.0

kali-nethunter-n10-2

Those of you in the pen testing field already know the Kali Linux name. Given that it’s almost synonymous with security, I expected nothing less of the latest NetHunter distro.

NetHunter was created as a joint effort between Kali community member “BinkyBear” and Offensive Security. Specifically, it’s compatible with Nexus devices, including Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and OnePlusOne.

NetHunter 3.0 supports the following attacks (and tools):

  1. Wireless 802.11 frame injection and AP mode support
  2. USB HID Keyboard Attacks
  3. BadUSB MITM Attacks
  4. Full Kali Linux toolset
  5. USB Y-cable support in the Nethunter kernel
  6. Software-defined radio support

In addition, the NetHunter features many of the pentesting weapons that its desktop counterpart has in its arsenal, such as Aircrack-ng (a suite of tools to assess Wi-Fi network security); BBQSQL, which simplifies blind SQL injection tests; and Ghost Phisher, a wireless and Ethernet security auditing and attack software program.

So, great, I have an armory of “attack” tools, but can the NetHunter defend itself? Of course!

While it includes a number of tools for defensive purposes as well, one of its more impressive features is the ability to cause the  Linux Unified Key Setup (LUKS) to self-destruct, a.k.a. a “nuke option.” (This feature is available on its other platforms as well).

The self-destruct process hasn’t officially been implemented yet, but if you’re already a Kali user and would like to try it out, there are more detailed instructions here: Testing the LUKS Nuke Patch

Beyond this, the same tools that can be used to simulate attacks against other systems could be used to find vulnerabilities on yours.

As with the versions of Kali on other platforms, however, I wouldn’t recommend them to a beginner with Linux distros. It’s possible that it could either prove frustrating, or you might do something with it that you don’t intend. Its tools have a specific user base in mind.

One possible security issue to note: if you’re using an older device (such as the Nexus 7) with Nethunter 3.0, it may have trouble encrypting the device.

A collaborator named jmingov on Github suggested the following fix for this problem:

kalilinux_issue.png

“Atm, the easiest way is to remove the chroot from Nethunter app, encrypt the device, and then reinstall the chroot.” (For the full conversation, see GitHub: Kali NetHunter issues.)

Overall, however, it seems to be well protected.

Copperhead OS

secure_android_phone-86fb917c460bbea15bf5dc43e74c3480

Like the venomous snake that inspired its name, CopperheadOS is an Android operating system you don’t want to mess with.

Though it isn’t necessarily designed for pentesting like the NetHunter, it features its fair share of security attributes as well. Want to know more? Here are just a few examples:

  • Full Disk Encryption (FDE) at the filesystem layer securing all data with AES-256-XTS and all metadata with AES-256-CBC+XTS.
  • Full verified boot for all firmware and partitions of the OS. Unverified partitions containing user data are wiped via a factory reset.
  • App permission model allows ability to revoke permissions and supply false data

CopperheadOS  also uses the Zygote service to launch apps using the fork and exec commands, as opposed to Android, which only uses fork. The main purpose of this change is to add buffer overflow protection.

In addition, the system makes it simple to adjust security levels. A slider located under Settings->Security->Advanced enables you to balance performance speed with security. The slider starts at 50% by default, but can easily be changed when necessary. Besides using the slider, all of the security settings can be changed manually, if that’s your preference.

Beyond these basic features, CopperheadOS offers:

  • Hardened allocator: CopperheadOS replaces the standard system allocator with a port of OpenBSD’s malloc implementation, i.e. it basically manages the memory.
  • Protection from zero-day exploits: It patches up many vulnerabilities and makes it more difficult for an attacker to gain access
  • Improved sandboxing and isolation for apps and services: A stricter set of policies guides the SELinux security engine, and apps are sandboxed according to seccomp-bpf.

This is only a very basic summary of the features, but more or less, CopperheadOS is saying, “Go ahead. Attack me. I dare you.”

Despite its numerous protections, it is still possible that Copperhead may have security issues under certain circumstances.

A user on Twitter recently asked about being able to install Open GApps onto his device, and CopperheadOS replied, “Sideloading stuff like opengapps compromises the security of the system by requiring an insecure recovery and no verified boot.”

It sounds as though installing certain types of apps like this one can have unintended consequences for the security of the OS. It’s for this reason that the developers always recommend that you always use F-Droid to download apps.

Blackphone 2.0

Angle-frontBack_homescreen_v3.png

You may already know the name Blackphone – like Kali Linux, its brand conjures images of Mr. Robot-like scenarios, where privacy is of the utmost importance.

One of Blackphone 2’s basic features that offers protection right off the bat is its Security Center, which sits at the bottom-right of the home screen. In this area, you can configure how much access individual apps have to any of your data.

The Security Center gives you the ability to seclude apps and services from one another, while still giving you an all-inclusive overview of your phone’s features.

Beyond this, it also offers a feature called Spaces, which gives you the ability to build remote, secure areas within the system. It’s very much akin to the way that Qubes OS sandboxes its virtual machines so that they have limited access to one another.

Yet another valuable tool is Blackphone’s Remote Wipe feature, which lets you power off your phone, kill specific apps, or even completely wipe the device (in case of theft or loss). You can set up these features through the Blackphone Remote Access page. Of course, this can only be accessed with a passphrase, so as I always say, make sure it’s a strong passphrase, and one that you won’t forget!

By the way, part of configuring the remote wipe process is giving your phone a name. I think I’d name mine “Nick Fury.”

Unfortunately, like any OS, Blackphone 2.0 is not without its flaws. On January 6, 2016, ZDNet featured an article entitled Severe Silent Circle Blackphone vulnerability lets hackers take over, in which they explained that there was a socket left open on Blackphone 1 that’s also used by SELinux on Android.

Specifically, they found certain apps that interact with said socket, in particular agps_daemon, which has, as they put it, “…more elevated privileges than a normal shell/app user since it is a system/radio user.” It appears that they’re still searching for a solution to this problem.

That aside, the Blackphone 2, for the most part, is still a pretty hardened device, and has stronger defenses than most phones of its type.

You Blew My Cover!

As with any high-security technology, these phones (and the accompanying OS’s) may take some getting used to. Plus, in spite of their numerous security features, the user has to take steps to make sure that the private info inside remains just that…private.

That being said, I’d recommend them to any average citizen who places a high value on confidentiality. And maybe to anyone who likes a “vodka martini, shaken, not stirred.”

4 comments

  1. None of the above solutions are really secure vs. physically tracking the hardware through IMEI in cellular networks, though, as far as I know. This just happens to be a huge part of the problem. Keeping your personal data (as in, that on your file system) safe is a minor part of the problem, keeping your metadata safe is next to impossible, and cellular network IMEIs are pretty much a homing beacon shouting your location in all directions all the time. Not that great for privacy.

    • not carrying a smartphone is already a great step, not carrying a dumbphone is the next step.

    • Yeah, it’s difficult nowadays to keep anything safe if it’s “online”; you make a good point, Mumrik. If you have a way of encrypting your data, that’s about as safe as you can get (unless you choose to avoid the interwebs altogether). Thanks for your critique!

  2. Except for the fact blackphone 2’s company, silent circle, is flirting with disaster. Please research before posting these things.

    http://www.forbes.com/sites/thomasbrewster/2016/07/06/silent-circle-blackphone-losses-layoffs-geekphone-lawsuit/

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *