The US National Security Agency (NSA) has developed an ultra-secure Android phone so that government staff don’t have to worry about being snooped on.
According to SC magazine, over 100 of the Fishbowl phones were developed. While they comply with the NSA’s tough information security rules, they are relatively cheap.
The phones were designed and built by the NSA’s 40 year old Information Assurance Directorate, and the division’s head, Margaret Salter, said anyone can reproduce the phone using specifications because it uses off-the-shelf components.
The phone uses commercial components, layered together and uses commercial infrastructure to protect classified data.
In the bad old days, using a commercial phone would mean having to speak in code to discuss classified information.
The phone’s users have their own app store run by the US Defence Information Systems Agency. This would ensure only secure applications were installed, and remove the need for NSA staff to otherwise vet the integrity of third party applications, Salter said.
The project hit a few snags because there was lack of interoperability between vendor products. Designers were forced to use the IPSEC standard because of this. Several other compromises were made but none that reduced the security of the phone, she said.
She said that the phone needed a voice app that did DTLS (Datagram Transport Layer Security), Suite B and SRTP (Secure Real-time Transport Protocol) and it could not be found. The industry was thinking more about session description so the agency had to use that instead.