There are plenty of beautifully designed smartphones on the market, but if you want a handset that combines premium build quality with high-end security features then you want to read this article about the latest DTEK60 secure smartphone from BlackBerry.
Formerly nicknamed the ‘Argon’ before its release, the DTEK60 packs a respectable set of specs: a stunning 5.5″ QUAD HD AMOLED display, a Snapdragon 820 processor, 4Gb of RAM and a 21-megapixel primary camera. Leading on from the BlackBerry Priv, the device also comes loaded with Android 6.0 which may appeal to those who previously liked the BlackBerry handsets but were reluctant to change Operating System.
There are plenty of good reviews focused on the general features of the DTEK60, so we’ll do what we do best here at DSW and focus on the layered set of security features that have been applied to the handset.
BlackBerry Hardware Security: The Root of Trust
As we’ve described in previous BlackBerry reviews the company have a history of starting their security efforts at the component level by embedding encryption keys in their device components. These encryption keys can then be used as part of a technique called hashing, where a cryptographic algorithm is used to convert data into a numeric value, which can then be used as a checksum to verify a key’s integrity.
Basically, when you switch a BlackBerry on each layer of hardware essentially has to prove its identity by using the encryption key embedded in it. Starting this “root of trust” (RoT) at the hardware level through this series of processes helps ensure that no tampering has occurred and no malicious software is running behind the scenes.
Hardened Operating System
While the DTEK60 comes loaded with Android and all its core features, BlackBerry’s influence is evident through the presence of some additional security tweaks designed to make it more robust.
Firstly, Android’s Linux kernel (the core of the Operating System) has been given a tune-up in the form of various configuration changes and added security patches. The company pride themselves on their record of rapidly plugging vulnerabilities and were the first manufacturer to release a patch for the serious QuadRooter vulnerability discovered in 2015 that applied to around 900 million Android devices.
Secondly, BlackBerry have built upon a security technique known as address space layout randomisation in the Android OS, which essentially scrambles the location of executable files making them more difficult for a hacker targeting a general Android vulnerability to take advantage of.
Thirdly, the company have further improved the Android full disk encryption functionality by using the strong AES-128 (128-bit Advanced Encryption Standard) encryption and, most importantly, keeping the encryption key safe in the BlackBerry Secure Compound – an area of the firmware separate from Android which helps keep important data safe. The equivalent TrustZone security features used by more general Qualcomm Android devices, have had kernel vulnerabilities associated with them in the past. In fairness, these specific vulnerabilities have now been patched, but they may have made it easier to extract encryption keys from an Android handset, which could have then in turn been used to help crack the device’s full disk encryption. A BlackBerry Android device would not have been subject to this wider vulnerability because the encryption keys would have been safely tucked away elsewhere.
DTEK by BlackBerry
But locking down hardware and software is only part of the battle. As cryptologist and cyber security expert Bruce Schneier has succinctly put it “only amateurs attack machines, professionals target people”.
With our hectic 21st century lifestyles and constant digital bombardment security is rarely at the forefront of our minds. This makes makes “social engineering” attacks designed to exploit our inherently trusting natures through natural human laziness, forgetfulness, or sheer gullibility a serious risk.
This problem has clearly not been lost on BlackBerry, who have installed the DTEK app on their Android device range and which aims to gently make checking a device security status as casual and habitual as say, checking the weather.
DTEK presents a visually pleasing dashboard summary of various items of security low-hanging fruit: screen lock status, factory reset protection and the ability for remote handset monitoring. Perhaps most importantly it allows a user to easily get a detailed view of what installed third-party apps are getting up to behind the scenes; for example, accessing their contacts, microphone camera, or – worse still – their carefully curated stash of selfies. All of these various aspects of smartphone security get neatly pulled together to provide an overall security rating, complete with suggestions for how the rating can be improved.
Fingerprint Scanner – Transparent Authentication
BlackBerry have consistently offered a multiple ways to unlock their smartphones including a traditional alphanumeric password and the harder to guess Picture Password feature, where a user has to move a grid of numbers over a pre-determined point on a picture.
With the DTEK60 the company have now also incorporated a fingerprint scanner onto the back of the device, just beneath the camera, which to use feels like a natural placement as it is where most peoples’ fingers will naturally come to rest as they hold a smartphone.
The scanner can recognise up to five saved fingerprints and is a powerful way to make the process as transparent and effortless as possible – giving smartphones owners or employees little excuse to leave their devices unlocked.
There have been some reported instances of fingerprint scanners being spoofed by security researchers, using high-resolution photos of fingerprints and then printing them out using copious amounts of silver conductive ink to create a workable substitute. But as yet such spoofing attacks do not appear to be particularly commonplace, so any security flaws are outweighed by the convenience offered.
All in all the DTEK60 offers a secure, refined choice of handset that doesn’t require a compromise between looks or functionality. The device is already competitively priced ($499) compared to other flagship smartphones, although businesses more concerned with cost-efficiency and security than screen real estate or build quality may also be interested in the DTEK50, which has also received positive reviews. Finally, the DTEK60 offers something a little different for tech aficionados that don’t want to join an army of clones toting identical handsets.
Did you find this post useful? Follow @DS_Watch on twitter or sign up for email updates to get more posts on security tech.