igor - Fotolia
BlackBerry and Boeing are creating a new self-destructing phone that runs on an Android operating system. How does such a device work? Is there any case this device would be considered enterprise-grade?
The majority of mobile devices are designed to appeal to the general public, where features such as screen and camera resolution are regarded as far more important than information security. This leads to a situation where many devices' security controls are add-ons or can easily be disabled. Even though Apple and other vendors are continuing to innovate and add security features to their devices to make them more attractive to government agencies, it leaves organizations where security is paramount with limited choices.
The Boeing Black is an Android-based smartphone targeted at those who put security first, second and third on their list of requirements. This means security can form the foundation of the phone's design from the very start and not be compromised by the need to appeal to the masses. It certainly won't appeal to the everyday user; it has a low-resolution screen, modest processing power and unimpressive battery capacity compared to today's smartphones. However, no other phones come with dual cellular network support and "self-destruct if tampered with" capabilities.
Behind Boeing Black's security is the proprietary PureSecure architecture. Like Samsung's KNOX platform, it has a trusted boot mode that can detect and thwart attempts to root the device. It also features onboard media encryption with embedded FIPS 140-2 key storage and the ability to block certain functions like the camera, voice calling and Wi-Fi network access based on location and other data points.
The phone has two SIM card slots, one for commercial networks and one for private government networks. The phone can switch personalities between the two and lock down data and features on the phone that are restricted to government networks when connected to a commercial provider. There is also a proprietary "modular expansion port" for the connection of secure, mission-specific add-ons for expanding power capacity, satellite connectivity and other technologies such as biometric sensors. The phone is manufactured as a sealed device with epoxy around the casing and screws, the heads of which are covered with a tamper-proof covering to identify attempted disassembly. Any attempt to break open the casing of the device triggers "self-destructing" functions that delete the device's data and software and makes it inoperable.
There's little information available about BlackBerry's role in its development other than the Black will support BlackBerry's BES 12 cross-platform enterprise mobility management technology for managing iOS, Android, Windows Phone and BlackBerry devices across the enterprise. BlackBerry also offers the only mobile messaging app that supports the Boeing Black's FIPS 140-2-validated cryptographic library. It's not clear yet which level of classification the Boeing Black is going to be cleared for within the Defense Department; there's no release date or price, but it should be sometime this year.
If an enterprise needs mobile devices to store and communicate highly sensitive information but is unlikely to be one of Boeing's select clientele, the anti-eavesdropping Blackphone device from SGP Technologies is a possible alternative. Other secure phones on the market include Sectéra Edge from General Dynamics which is certified to protect wireless voice communications classified "Top Secret" as well as access email and websites classified "Secret." If this type of product is above budget, Cellcrypt Mobile is an application that provides end-to-end real-time encryption for Android, BlackBerry, iPhone and Nokia smartphones without the need for specialized equipment.
Ask the Expert:
Have a question about application security? Send it via email today. (All questions are anonymous.)
Don't miss these best practices for enterprise smartphone security
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Michael Cobb
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading