back to article Boeing going ... GONE: Black phone will SELF-DESTRUCT in 30 secs

Who makes the most secure smartphones on the planet? Is it Apple? Samsung? BlackBerry? Boeing is betting the US government's answer is "none of the above." A filing with the US Federal Communications Commission first spotted by storage community site MyCE sheds new light on the aerospace giant's plans to market a smartphone …

COMMENTS

This topic is closed for new posts.

Page:

  1. John Tserkezis

    "secure enough to be used by government agencies"

    Going on what some governments have done in the past, I don't see the "security" being too impressive.

    "its workings are so hush-hush"

    Oh, Security through obscurity? Should be cracked within a week of release.

    1. Anonymous Coward
      Anonymous Coward

      Last 5 mins of Small Soldiers

      Quote: "Tell you what, add a few zeroes to the end of that number and get in touch with our military division..."

      I guess Major Android Hazard has reported for duty, sir. Question is... Who is the Gorgonite scum this time...

      1. Ben Rose
        Black Helicopters

        Re: Last 5 mins of Small Soldiers

        Maybe it has a Halo style app that will call black helicopters?

    2. Wzrd1 Silver badge

      "Oh, Security through obscurity? Should be cracked within a week of release."

      Between that and having open WiFi and bluetooth, security through what, exactly?

    3. JeffyPoooh
      Pint

      "There are no serviceable parts on Boeing's Black phone and any attempted servicing or replacing of parts would destroy the product. ..."

      So, essentially, exactly like an iPhone then.

      1. Anonymous Coward
        Anonymous Coward

        Though honestly, lots of phones are now glued together. The Apple ones might be easier to repair soon, until the pendulum swings again.

      2. John Smith 19 Gold badge
        Unhappy

        @JeffyPoooh

        "So, essentially, exactly like an iPhone then."

        Complete with rounded corners.

        Cue the fruity firms legal rottweilers

    4. This post has been deleted by its author

  2. SW10
    WTF?

    What would you do with a Boeing Black on your lab bench?

    So it's a secure phone.

    With Wi-Fi and Bluetooth, which, um, have never been part of an attack vector.

    With USB, HDMI, and PDMI ports. Which... well, which presumably need to be epoxyed up once our spook has finished her unboxing.

    I'd have thought you'd want to make such a phone (great name by the way) with no holes at all; physical or otherwise. Just because you can't unscrew the screws doesn't mean it's going to resist all other types of prodding through ports physical and virtual, does it?

    1. Anonymous Coward
      Anonymous Coward

      Re: What would you do with a Boeing Black on your lab bench?

      Just because it has ports, doesn't mean they are enabled all the time, or are general purpose.

      Perhaps the Wifi, Bluetooth and USB only connect to other device after a special key exchange to validate them as being secure. Just because you have the ports doesn't mean you can associate with Starbucks Wifi or plug it into a random laptop's USB port.

      But of course, Reg readers always like to assume that they're way smarter than everyone else and Boeing doesn't realize they're leaving their phone open to attack by including BT and USB! Too bad they don't have you working for them so you could set them straight!

      1. Christian Berger

        Re: What would you do with a Boeing Black on your lab bench?

        The key exchange for ports sounds like a good idea at first, but then we are talking about USB. Long before you can exchange any keys you'll have the USB stack talking to it. If you are lucky, you are using Linux or some BSD, then the amount of security critical bugs is probably low. If you are unlucky they are using some commercial RTOS which nobody ever checked for security issues.

        1. Anonymous Coward
          Anonymous Coward

          Re: What would you do with a Boeing Black on your lab bench?

          And it is impossible for anyone to modify USB drivers so the key exchange happens before anything else gets passed on it?

          It wouldn't be compatible with "USB" any more, but I rather expect that would be desirable in this case...

          1. Robin Bradshaw

            Re: What would you do with a Boeing Black on your lab bench?

            "And it is impossible for anyone to modify USB drivers so the key exchange happens before anything else gets passed on it?"

            And nobody would ever think to send a longer key than was expected :)

        2. dogged

          Re: What would you do with a Boeing Black on your lab bench?

          > Long before you can exchange any keys you'll have the USB stack talking to it

          Not necessarily. NFC would work here.

  3. returnmyjedi

    No mention of what kind of battery it sports, or whether the casing will be flame retardant.

    1. Anonymous Coward
      Anonymous Coward

      Any phone that starts to smoke and fire coming out of the ports, Boeing will just say that the phone was being tampered with and it was destroying all data and making the device inoperable.

    2. Lars Silver badge

      Nor if it comes with a pair of shoes.

  4. Old Handle

    The addition of those media ports is fairly unexpected. I wonder what they have in mind for that.

    1. FrankAlphaXII

      Powerpoint presentations without having to lug around a secure laptop is what comes to mind in my case.

    2. Don Jefe

      The media ports are there for the sole reason that Boeing has to be able to say their phone is at least as capable, plus a bit more, as the Blackberry devices they want to replace.

      This whole thing is 100% targeted at filling that Blackberry void that, in the US alone, is going to be just ridiculously huge as existing US Gov contracts with Blackberry wind down. Federal law doesn't permit Federal agencies to enter large and/or long term contracts with entities that can't satisfy various guarantees of stable service/continuity.

      Since Blackberry can't do that anymore, somebody has to do it. Boeing thinks that should be them.

  5. Gannon (J.) Dick

    I assume they made it impossible to "hold wrong" too ...

    Seriously, this is a terrible idea. If Boeing has privately received assurances from their competitors that said competitors will continue to behave like idiots when it comes to security then their illegal Business Plan is valid, and if not then their valid Business Plan is stupid.

    To to good side, keeping details from the Public of the illegality or stupidity as the case may be is one of the nicest things anyone has done for the droll business of Public scrutiny in a long time.

    1. Don Jefe

      What the hell are you on about? I can see why Boeing might seem like a bit of odd choice in a phone provider, but it really isn't. A mobile phone is well within their capabilities.

      I'm not sure what an 'Illegal Business Plan' is. Nor am I certain what a 'Legal Business Plan' looks like. However, if you have a vision of the 'Illegal Business Plan' concept let me know. I'll put you in contact with our 'Legal Small Projects Department' and they'll help you (Legally and free) put together a 'Legal Funding Request' and our 'Legal Investment Group' will consider the idea at our 'Legal Quarterly Dargle' at the end of March.

      It's actually a good idea you know. If you've never made a run at your own business something like this is a good (legal) place to start. A full featured 'Illegal Business Plan' software suite should prove popular. You could probably spin off a franchise type deal you know.

      You know, when people have their 'Legal Business Plans' shot down they are very vulnerable. You could sell franchise licenses to people and they could turn rejected 'Legal Business Plans' in 'Illegal Business Plans'! Most US States require the Franchisor to provide a UFOC and wait 30 days before accepting them a Franchisee. But that's an opportunity in itself! 'Illegal UFOC's' would be fucking killer. Each State has their own 'Legal UFOC' requirements and for most non-medical and non-agricultural offerings you can expect to spend $750k - $1.2m for each state you want to do 'Legal Business' in. By the time everything is wrapped up and state filing fees are paid you end up looking at around $55m for the regular documents. I don't believe it would be too difficult to convince a lot of companies to go a little further and have an 'Illegal UFOC' as well.

      You could offer just stand alone software, without the other services. But since this would be your first time I think you want to hem up as much of that market as possible. If you go pure software you're just begging for someone to ride your coattails and offer the services to the public and all you'd get would be the initial software sale.

      Until you've got a good (Legal) financial foundation having steady state funds coming in will make your life easier. Go for it!

      1. Gannon (J.) Dick
        Unhappy

        must have struck a nerve ...

        1) Colluding with one's competitors is illegal.

        2) Depending upon one's competitors to *never* address legitimate concerns (security) of the marketplace is unwise

        ...

        unless the product which Boeing itself needs is unavailable from existing sources. Then they may as well sell a few to the Public too, it will make them cheaper. They may make several billions on the next embrace, extend, extinguish cycle (or not). If they are making a broader statement in support of free(er) markets and excellence in engineering, say so. It is no secret that those two properties are sorely lacking in the consumer electronics industry.

    2. ckm5

      Boeing makes communications systems already

      It's not that much of a stretch for them to make a phone. Lockheed Martin has made sat phones in the past, why not Boeing?

      http://www.boeing.com/boeing/bds/satellites_space/index.page

      Never mind that they have a whole division building secure communications systems

      http://www.boeing.com/boeing/bds/c4isr_cyber/secure_comms/index.page

      But, hey, some guy on the internets knows exactly what business Boeing should be in (or not) ....

      1. Paul Hovnanian Silver badge
        Big Brother

        Re: Boeing makes communications systems already

        But this phone isn't a system. It has to work with commercial or even government owned networks. And that's where vulnerabilities exist. Pick up your 'secure' Boeing phone while on a business trip and for all you know, it is talking to a hacked femtocell in the room next door. Or if the telecom is in the hands of a snoopy government, no extra hardware is needed. Odds are all the telecoms equipment has been manufactured to comply with government mandated back doors (see CALEA).

        As far as the physical security: Any foreign intelligence service can easily afford to acquire a few dozen of these units to do a bit of trial and error reverse engineering. The security screws will fall pretty quickly. The people who will get caught red-handed trying to mess with the phone's innards are the lowly employees. Who might attempt to pull that micro SD card before their IT security comes around for an audit. I guess they shouldn't have downloaded all that pornhub.com stuff to begin with.

  6. Anonymous Coward
    Anonymous Coward

    I hope Boeing have the sense to check The Register's comments for advice on how to correctly implement this.

    1. Adam 1

      That should not be necessary. Boeing has proven experience in the required battery powered self destruction mechanisms that underpin such technologies.

      1. Comments are attributed to your handle
        Thumb Up

        @Adam 1

        Thanks for producing my favorite comment of the week.

  7. majorursa
    Facepalm

    Secure/Obscure

    "and its workings are so hush-hush that Boeing has filed to have its correspondence with the FCC deemed confidential and "permanently withheld from public inspection"

    Isn't that the exact wrong way to ensure security? If the doors are hidden, so are the burglars.

  8. Gene Cash Silver badge
    Coat

    Borrowed technology from the Dreamliner batteries??

    "There are no serviceable parts on Boeing's Black phone and any attempted servicing or replacing of parts would destroy the product"

    1. hammarbtyp

      Re: Borrowed technology from the Dreamliner batteries??

      No - Apple

      1. Nick Ryan Silver badge

        Re: Borrowed technology from the Dreamliner batteries??

        But you can replace iPhone batteries and relatively easily. They are intentionally designed so the average consumer can't replace them, not for the buggers to be impossible to replace. Unless you get one where the assembler got a bit over enthusiastic with the glue of course...

        Not all iPhones models are as easy as others to replace the battery though.

        1. Brenda McViking
          Thumb Up

          Re: Borrowed technology from the Dreamliner batteries??

          No indeed, in fact my Samsung iPhone* can have its battery replaced in under 10 seconds by popping off the back.

          * according to the ruling of Judge Koh. USA supreme authoritaaaah!

          1. Rick Giles
            Black Helicopters

            Re: Borrowed technology from the Dreamliner batteries??

            What the hell is a "Samsung iPhone"?

            1. Don Jefe

              Re: Borrowed technology from the Dreamliner batteries??

              The Samsung iPhone is the end result of a five year experiment designed to prove certain mathematics principles are not being utilized efficiently, and that I have wasted more than four decades in acquiring money the hard way.

              To that end, I have created the Samsung iPhone and I am suing both Samsung, and Apple, simultaneously, for copyright infringement in anticipation of countersuits from both companies.

              I do not anticipate being able to withstand those countersuits, but I will endeavor to hold out as long as possible because I plan to book the amounts of the rulings as negatives on our 2015 P&L and as even small children know, two negatives makes a positive. I will become fabulously wealthy overnight.

              I filed for, and received, a provisional patent in 2012 so as soon as I have validated the process I plan to license it out. Then sue the licensees as well. I have high hopes, I'm just kind of shocked nobody had considered this before.

        2. Don Jefe

          Re: Borrowed technology from the Dreamliner batteries??

          Apple gives zero fucks about granting or denying battery access to the general public. That is not the path to riches. The path to riches in electronics manufacturing is direct component attachment and fewer connectors.

          Connectors, then screws/fasteners are by far, by way, way, way far the most expensive thing to screw with in electronics manufacturing. If you add mechanically aided connectors (like spring loaded battery connectors) you can bump line costs up 60-70 per unit cents easily. That's HUGE in manufacturing costs. Take that figure, really, really slow down line speed & increase test times and you're talking a couple dollars. Add in the screws required for a two piece case and you're talking big money. Steve Jobs scales of money.

          Apple isn't big on anyone fiddling with their products, but battery access is nothing more than production cost reduction. What's funny is that direct board attachment is the cheapest (cost and quality) type of electronics manufacturing. Like disposable kids toys cheap. But Apple pushes its design concepts as the highest quality.

          Just because two things appear to be related (Apple being walled garden dicks) doesn't mean they are related. Cutting line costs is like reducing the weight of rotating components. Just a tiny, tiny reduction delivers enormous savings.

          1. Robin Bradshaw

            Re: Borrowed technology from the Dreamliner batteries??

            Don Jefe have you seen how many screws are inside an iphone5?

            Dont get me wrong they are really quite impressive mechanically but there are loads and loads and loads of damn fiddely screws in there holding it all together, its like a swiss watch.

            1. Don Jefe

              Re: Borrowed technology from the Dreamliner batteries??

              I haven't actually looked inside an iPhone of any generation, but only the simplest of things don't need at least a couple of screws. There are many possible variables, but inside Apple, or in a company like ours, you've got several people constantly working to maximize efficiencies of every part and every process. The calculations are exceedingly complex, take weeks to work out, and in the end you've saved .00031 cents per unit, but because the screw manufacturer has price breaks at 500k screws you end up saving 1.2 cents, per phone, and reducing logistics and labor costs because without the additional screw an entire bin of 60,000 screws is consumed between each days parts cycles. Before you always had a 1/3 full bin at each parts cycle and were having to pay for someone to not only bring in full bins and take out 1/3 full bins to the parts dept where you were paying another person to operate a machine you had custom built to open the partial bins and mix them with other 1/3 full bins to create a full bin. Now you're talking real money being saved. You've just taken nine full time people out of every line producing that (widget) (say 20 lines for 180 total employees no longer needed there) and all for one tiny screw per unit. If you want to go even further, because you're completely using an entire bin of screws you can now order 1,100 bins less and eliminate 350 truck deliveries and cut back/reassign loading bay staff and the extra space lets you reorganize the warehouse and reduce pick times .0002%. This is all because of a single screw remember.

              That's a summarized, fictional, but valid, outline. The actual processes are much more complex. Those processes are repeated every time something changes (logistics company instituting or eliminating a fuel surcharge for example).

              The point is that each category of component/part has a generic value associated with it for rough calculations of its total, actual, cost. Screws and wonky connectors are just absolutely awful to mess with. Adding or eliminating one screw will have enormous financial implications and if there's a screw in there its existence has been throughly examined zillions of times, just like every tiny part in a modern piece of tech kit.

              Money in manufacturing is made in fractions of a penny repeated millions and millions of times.

  9. FrankAlphaXII

    On the surface it sounds like a good idea since no other vendors seem to give a shit about real security, but since it can't be repaired by design I doubt that my service branch, component, or my basic branch will authorize it, unless they can manage to get an exemption from HQDA itsself. The Army doesn't like radio gear it can't fix and a cellular phone counts as a radio.

    If the COMSEC repairers can't fix, upgrade, or modify it, and it is intended to fill a S or TS information system tender, they usually can't acquire it through normal acquisitions channels.

    1. dogged

      > The Army doesn't like radio gear it can't fix

      In general, true.

      The rule is actually that if we can break it, we have to be able to fix it. Royal Signals actually have three guys in Leeds who have the full time job of breaking all radios and radio prototypes submitted to them by any means.

      To my knowledge, this has consisted of such delights as running it over with a tank, setting fire to it, leaving it overnight in strong acid, leaving it overnight in strong alkali, chucking it off tall buildings and on at least one occasion, strapping grenades to it and running like fuck.

      The radio those guys can't break may be invented one day but today is not that day.

  10. tempemeaty
    Pint

    They are now a back doored chipery target...

    So is Boeing going to use Chinese made chips and factories in like fasion to how they get their airplane parts these days?

  11. sysarch

    Security on Phones

    There are very few security mechanisms that apply to multiple protocols in the same way. There is one that I am aware of that _could_ do so. Doubtful this will be used, though in the public domain. It is patented by 3 cooperating companies. In light of this, it is problematic to implement a truly secure system. The device must be physically secure, and if not possible to do do, must be able to scrub itself when physically violated. The rest is not that complex, really.

    1. Anonymous Coward
      Anonymous Coward

      Re: Security on Phones

      "The device must be physically secure, and if not possible to do do, must be able to scrub itself when physically violated." - so, step 1: carefully drill through embedded red wire (or just discharge completely?). Let's see erase itself when it's unpowered...

      1. Nick Ryan Silver badge

        Re: Security on Phones

        Let's see erase itself when it's unpowered...

        How much electricity is required to wipe flash memory? Have a secondary battery just for that, it could even be built into the flash memory package itself and with multiple control routes to send the "wipe it now" signal it would be very hard to prevent without multiple precision drills hitting at precisely the same time.

        1. Adam Foxton

          Re: Security on Phones

          Why use flash?

          RAM takes bugger all power to maintain so a small backup battery could maintain that while the phone is 'asleep'. And if the phone's lost, so is the data. Remember this isn't just for things that could be inconvenient for the enemy to know, this sounds like it's aimed at black projects too- stuff that doesn't officially exist to the point where even the accountants don't know what's going on. I'd presume that non-Project people not knowing what's going on is very important to these people.

          Add in a dedicated bit of syncing software and you could have a device you charge with both power and data in the morning and whose contents (and value to the enemy) are lost when the battery runs out. That would be incredibly secure. A little inconvenient if your battery dies, but it could retain its mobile number (e.g. on the SIM card) so when powered up it'd reconnect to the network.

          You'd lose your contacts- so no-one would know whose it was or who they'd talked to- and you'd lose some UUID that lets you dial secure numbers.

          When whoever found it turned it on it'd register on the network and bring down men in suits to retrieve it (or drones to properly erase it). If the OS was wiped and re-loaded into the RAM during the Sync process every morning you'd have a system that wouldn't exist long enough for most malware to get a proper handhold.

          You'd get a good, reactive UI too if it was all RAM and no flash. So it'd feel like a premium product as well as being very secure.

          1. Nick Ryan Silver badge

            Re: Security on Phones

            @ Adam Foxton

            That sounds like an even better idea... however isn't it theoretically possible to retrieve the contents of RAM even when the power has been lost or is this only particular types of RAM?

            1. Charles 9

              Re: Security on Phones

              The Cold Boot attack. Perhaps encrypt the RAM and use a secure SoC where only the CPU can read the key. There's already commercial examples of such systems.

        2. Don Jefe

          Re: Security on Phones

          Secure satnav systems have an onboard battery and a fairly big capacitor in them (I don't recall the specs on the cap) but it is far and away the biggest thing (other than the screen) inside them. The idea being someone can't steal the satnav, or steal the vehicle to get the satnav and use it to track down the president/hitchhiker/gold bars by retracing the routes in the system. I would assume something very similar for phone memory.

  12. I. Aproveofitspendingonspecificprojects
    Facepalm

    Bring Me the Head of Agent Garcia

    I can just see Warren Oates collecting the reward now.

    1. returnmyjedi

      Re: Bring Me the Head of Agent Garcia

      Errmm... Mornington Crescent!

Page:

This topic is closed for new posts.

Other stories you might like