Biz & IT —

“World’s most secure smartphone” looks like snake oil, experts say

Encrypted phone concept a good one, but secrecy and FUD inspire skepticism.

No one will ever hack this phone. Just trust us.
No one will ever hack this phone. Just trust us.
QSAlpha

Do you want a phone that secures all of your data and communications, and can't be hacked by even the savviest of criminals and governments? Of course you do. But if you're a realist, you'd probably say that while strong security can be achieved with discipline, perfect security doesn't exist.

Yet, perfect security was the promise of a company called QSAlpha when it recently sent me an e-mail titled "Un-hackable Superphone to be Unveiled via Kickstarter." QSAlpha is seeking $2.1 million to build a phone it dubs the Quasar IV. Pledges starting at $395 would reserve backers a phone estimated for an April 2014 delivery.

A draft of the Kickstarter page and an accompanying video shared with Ars calls it the "world's most secure smartphone," featuring "unprecedented security with a military-grade encryption." Those kinds of claims—coupled with a lack of technical detail—make security experts who reviewed the Kickstarter page suspicious.

The phone a ninja would use

QSAlpha says it started by asking the question, "If a ninja had a phone, what would it look like?"

"The essence of digital security is the ability to operate in stealth mode, moving about undetected, leaving no trace in the digital world, the same way that a ninja leaves no trace in the real world," CEO and founder Steve Chao said in the video.

QSAlpha describes Chao as "an internationally recognized pioneer in digital security, communications and augmented reality." He said he previously built a now-defunct mobile search engine, Cgogo, which was used by China Mobile.

His encryption technology is called "Quatrix." Besides encrypting phones, QSAlpha says it plans its own app store where developers can distribute applications signed by Quatrix.

A preview of the Kickstarter link was temporarily live but is offline as of this writing. QSAlpha was planning to start the crowdfunding campaign this week, but said because of a backlog at Kickstarter it's been delayed until September 12.

Based on Android 4.3 and with various modifications to improve security, the Quasar IV uses a hardware-level encryption module. The contents of the phone are encrypted, and your communication with other users of Quasar IV phones are encrypted as well using public and private keys. Android phones can already be encrypted using a standard setting, but Chao says Quasar does it better.

"Instead of having a third-party hosting or giving out the public key, we have managed to create what we call a seed public key matrix that produces all possible keys up to 10^77 of keys for all the users out there," Chao told Ars in a phone interview. The chip contains both the public key matrix and the user's private key. When initiating communications with another user, the Quasar IV uses the recipient's identity to calculate their public key and encrypt the data. Once received, the user decrypts it with their private key.

All e-mails, text messages, and VoIP calls can be encrypted, he said. Quasar IV can still communicate with users of other phones and devices, but not in an encrypted manner.

If you don't use a Quasar phone, you're basically doomed, QSAlpha CTO Ben Vaughan said in one of the company's videos. "Every time you visit a website, every time you send an e-mail, and every time you make a phone call, you are exposing yourself to criminal activity," he said.

Experts: Proprietary encryption can't be trusted

While QSAlpha's general descriptions of its technology sound reasonable, claims of being "un-hackable" are bound to draw derision from security experts. After talking to Chao, Ars reached out to two experts to get neutral opinions on Quasar IV, speaking to Steve Thomas, who recently discovered a critical flaw in Cryptocat, and cryptographer Jean-Philippe Aumasson.

Thomas was blunt in his response. "The only thing you need to know about this phone is 'proprietary encryption.' If you aren't aware, this means it's probably broken. Don't trust me, just Google 'proprietary encryption,'" he told Ars in an e-mail. "They also 'absolutely guarantee the security of their personal data.' That sounds like something a cryptographer would never say."

According to the OWASP (Open Web Application Security Project) Guide to Cryptography, "Proprietary encryption algorithms are not to be trusted as they typically rely on ‘security through obscurity’ and not sound mathematics. These algorithms should be avoided if possible."

Aumasson agreed with Thomas, noting that claims like "unprecedented security" without detailed technical explanations do not inspire confidence. Aumasson wrote:

Overall, the tone and content of this [Kickstarter] page suggest that it hasn't involved credible security experts.

That said, the idea of a "crypto phone" with a hardware root of trust is good, and would bring better security compared to software-only solutions (things like Silent Circle).

However at this point "Quasar IV" does not provide sufficient technical details to rigorously assess its security, and the marketing tone and FUD on that page suggest that it's unlikely to be a reliable technology, in my opinion.

For example, they write: "Both algorithms [RSA and Diffie-Hellman] are on the verge of being 'cracked' (proven to be vulnerable to attack) by academic mathematicians, according to researchers who presented at the Black Hat security conference in Las Vegas in August."

This is plain wrong, and shows that the authors do not know what they are talking about.

Don't trust us—trust Fox News

We passed Thomas' and Aumasson's concerns to QSAlpha's spokesperson. The spokesperson told us that "The RSA and Diffie-Hellman example does not come from QSAlpha—it comes from a news story recently published on Fox News."

Obviously, we don't look to Fox News for security information. For a more nuanced discussion of the RSA and Diffie-Hellman algorithms, you can check out our story from the Black Hat conference.

QSAlpha hasn't yet provided any further details in response to Thomas and Aumasson, although they tell us the company has a "security team that will be publishing technical papers on how Quatrix works." They also pointed to an ad they published in the New York Times last year with a message encrypted using their system. The fact that no one has decrypted this message is supposed to be proof of the Quasar IV's effectiveness:

Can't argue with that logic.
Enlarge / Can't argue with that logic.
QSAlpha

When I interviewed Chao before this followup exchange, he explained that the company uses proprietary encryption schemes "because we have to secure the safety of all app developers and consumers on the Quasar device."

Quatrix uses both AES-256 and ECC (elliptic curve cryptography), he said.

"We use a combination of ECC and our own algorithms to create those public and private seed key files," he said. "Once a file has been encrypted by AES-256, that key has been re-encrypted again using our own algorithm. It's a combination of several algorithms for trusted identity authentication and also file encryption. This is different from popular services out there such as Samsung Safe, which uses AES-256, Blackberry uses just ECC. We use a combination of such."

BlackBerry actually uses both ECC and AES-256.

Chao said QSAlpha's approach of tying the private key to a chip that also calculates all possible public keys is superior to any system that relies on a third-party server to store and authenticate public keys. With Quatrix, "there's no way to get hold of a third-party server to forge other peoples' identities," he said. On Quasar, all authentication happens offline, he said.

Quatrix's encryption can't be broken by conventional computers, he claimed. "The only possibility is if you use a quantum computer and try to break it from different angles, there's a possibility there," he said. "Using conventional computers, I would say it's impossible. It's very difficult. We are looking for ways to protect the system from quantum computers, and we will likely release a paper [on that topic] at the end of this year."

Aumasson wasn't impressed by the use of ECC and AES-256 in the absence of more details, saying, "More often crypto fails due to a poor combination and usage of good building blocks, than because of 'weak' algorithms." This isn't the first time Aumasson has seen companies "trying to impress with either many algorithms, very long keys, or exotic concepts, and in general it does much worse than a minimalist approach based on a robust and scientific architecture."

“Largest phone manufacturer” on board

QSAlpha claimed on its draft Kickstarter that it's "secured a relationship with the world’s largest phone manufacturer to bring the product to the market."

"We have also fully validated every single component in the Quasar IV and teamed up with a reputable component procurement company to ensure timely delivery to the manufacturer for final assembly," the company wrote.

The specs of the device do sound appealing. They include a quad-core 2.3GHz Snapdragon 800 processor, 3GB of RAM, and 64 or 128GB of "encrypted local storage" along with 128GB of encrypted cloud storage. QSAlpha promises dual-rear facing 13MP cameras for "a new generation of augmented reality experiences," and a front-facing 8MP camera. It will support LTE, CDMA, and GSM. Gorilla Glass 3 will protect a 5" display with 1920x1080 resolution.

That's all good, but if you're looking for a phone that prevents any and all security threats, this probably isn't it—nor is such a thing likely to exist anytime soon.

UPDATE on Sept. 17: QSAlpha's crowdfunding project has gone live (now on Indiegogo rather than Kickstarter), with additional details on its encryption scheme.

Channel Ars Technica