The National Security Agency (NSA) claims to have developed an “ultra-secure” Android-powered smartphone.
According to the NSA’s Margaret Salter, approximately 100 of the devices (nicknamed “Fishbowls”) were built using off-the-shelf kits – and are considered sufficiently secure to allow the encrypted discussion of classified material between operatives.
Salter, who heads the NSA’s Information Assurance Directorate, also noted that just about anyone can reproduce the phone using specs available online, as it is based on off-the-shelf components.
“The plan was to buy commercial components, layer them together and get a secure solution,” Salter told RSA attendees on Thursday in a statement quoted by SC Magazine.
“It uses solely commercial infrastructure to protect classified data.”
However, Salter acknowledged the NSA ultimately encountered a number of issues with “Fishbowl,” due a serious lack of interoperability between vendors. For example, the agency was prompted to use IPSEC instead of SSL VPN.
As expected, other unspecified “compromises” were made, says Salter, but none reduced the overall security of the phone.
“We needed a voice app that did DTLS (Datagram Transport Layer Security), Suite B and SRTP (Secure Real-time Transport Protocol) and we couldn’t buy it… But the industry was thinking more about session description… so we went with that,” she added.
The NSA confirms it will continue to leverage Internet standards, protocols and algorithms as its Mobility Program marches forward. An agency web page notes that several Internet Engineering Task Force (IETF) protocol standards have already been identified as having potential widespread use, while IETF RFCs were recently established to allow the use of Suite B Cryptography with such protocols.