The NSA (National Security Agency) has reportedly developed its own custom Android smart phone to support secure conversations for top-secret calls. The phone the NSA built is said to be constructed using off-the-shelf components and the devices are called Fishbowl phones. The NSA has reportedly built about 100 of the devices and distributed them to staffers who need the ability to speak securely about top-secret information.
The smartphones were designed to conform to the strict NSA information security rules while being as cheap as possible to build. NSA division head Margaret Salter says that the specifications have been published online and anyone can construct the device because it uses normal off-the-shelf components. According to Salter before the secure phone was available, top-secret calls required users to speak in code when using a commercial device.
The Android phones also support defense applications that can be downloaded from an enterprise app store ran by the US Defense Information Systems Agency. That allows the NSA and other governmental agencies to ensure only secure applications are installed and means that NSA staff doesn’t need to completely investigate commercial applications for security. Apparently, the build ran into some issues with vendor products not being interoperable.
Poor interoperability between SSL VPN options meant the builders had to switch to IPSEC. Salter says that the compromises made during the build process didn’t sacrifice security. Voice calls are encrypted two times, which is NSA policy, using IPSEC and SRTP. All traffic originating from the secure devices is routed through the NSA enterprise to ensure security.
[via SC Magazine]