The U.S. National Security Agency (NSA) released the specifications for a new, super-secure smartphone for use by government officials and based on Google’s widely-used Android operating system, inviting the public to make use of its research.
The intelligence agency produced a limited run of about 100 phones as part of Project Fishbowl, and has distributed to government employees who needed to be able to discuss top secret information, according to SC Magazine Australia.
The phones were developed with help from the Information Assurance Directorate (IAD), a division of the agency that helps protect the US Government’s communications and IT systems. The NSA used commercial ‘off-the-shelf’ technologies and published its specifications (.PDF) for the phone, according to IAD’s head, Margaret Salter who spoke about the device at the RSA Conference in San Francisco this week.
Among the Fishbowl Phone’s security features is two-fold encryption using Internet Protocol Security (IPsec) and Secure Real-time Transport Protocol (SRTP) and is based on layered security.
“Layers of commercial encryption, hardening of devices, Government provisioning (including keys and certificates), boundary protection (again layered), and controls within unclassified access networks all contribute to the overall security,” reads one part of the NSA report.
The Android-based phones also support the use of NSA-sanctioned apps, including a “police app” to log the phone’s activity and a custom VoIP application. When users make a call, the call goes through the VoIP app that ships the data off to a server with the NSA where it’s verified, logged and re-encrypted.
The phone is just the beginning of the NSA’s Mobility Program, an effort the agency launched to develop security-conscious communication technologies using commercial “off-the-shelf” components.
Android is one of the most widely used smartphone operating systems. But Google’s hands-off approach to the security of its Android Market, and the balkanized market for Android phones has led to security headaches. Android malware increased by 472 percent in the second half of 2011, and reports of Android based botnets have already surfaced. In February, Google announced that it would begin doing automated security assessments for applications on the Android market and remove applications it finds in violation of its terms of service.
