Tags

, , ,

Silent Circle has come out with a major update to their so-called Silent Circle OS 3.0a that was released on 27JUN2016 with the latest cell phone operating system Android 6.0.1 (Marshmallow). It has a feature that I wanted to review to see if it is useful, specifically the ability to detect Sting Ray cell phone towers. Silent Circle calls this feature Cellular Intrusion Detection System (CIDS). Silent Circle describes this feature set as “The CIDS will warn the users when there is a potential threat on the cellular network so that members can choose whether or not they continue communicating via this network.” Of course as normal Silent Circle provides no information on how it works, what it is doing and specific threats it may or may not protect you from. But this feature may warn of Sting Ray based attacks. Thus I decided to give it a try.

SilentOS-30First thing Silent Circle allows you to perform the update without giving Google any more rights. That is critical as many of us have sought to limit how much access Google has to our data and the physical device. However, the Silent Circle 3.0a update will make your Blackphone 2 inoperable. I do not see Silent Circle warning people about this update. Thus I wrote this blog entry to try and help others.

privacy-meterAfter installing Silent OS 3.0a, all of my configured Spaces were deleted. My Space Manager would not run. Also, the phone kept throwing up errors, literally every second. The error it had with my device was “SpacesManagerService has stopped.” I push ok; then it just repeats one second later.  Thus you would dial one numeral, tell the error to go away, dial another numeral, and tell the error to go away. Repeat forever. Thus the phone was reduced to the usefulness of a brick. In the IT field, we call that “bricking” your device. Silent Circle OS version 3.0a update bricks the Blackphone 2.

When I called into Technical support, I asked how to recover my phone. Their answer was:

Jennifer replied:
https://ota-update.blackphone.ch/BP2/MP2/NA/download/BP2-OTA-2.0.8-RC4-candidate-NA-1460729363.zip
1) Put the downloaded software into an SD card
2) Power off the phone
3) Press power and vol up to start the phone in recovery mode menu
4) Select apply “update from SD card.”
5) Select the file recently downloaded
6) Click “Yes.”
7) Wait till the update is completed

Regards, Customer Support

After fighting with Silent Circle email only technical assistance for two days and doing my own research here is what I found. First with their incomplete directions. On step 3, it should read “Press power and volume up buttons and release them when the Silent Circle splash screen is displayed.”

Also, it should note that you must have an SD card even to try to recover your Blackphone 2. That is not clear to me in the above email that the only way to try this is to have an SD card. I have a lot more experience with Blackberry and iPhones and nearly no experience with Android based phones because of Google’s close cooperation with the “powers that be.”  Jennifer had the nerve to get annoyed that I was asking simple questions like “how do I perform these steps without an SD card.” Jennifer’s “enterprise support” answer “You need an SD card. If there were a way to side load it without one, I would have noted it. Step by step instructions were provided.”  Little girl, just because you say you can do it one way, does not necessarily mean there is no other way to perform that task. Your company bricks my phone, and you have the nerve to get annoyed with people asking simple questions?

Thus to save my data, which I found I could no longer drag off to my computer I went and purchased an SD card. Then come to find out that even with an SD card you cannot perform the update. Below is a snippet what “Jennifer” sent me after I notified her that I had gone and purchased an SD card, but I could not see the SD card under Tools -> File Manger to move the update to the SD card.

Jennifer replied:
Please see: https://support.silentcircle.com/customer/en/portal/articles/1710395-why-can-t-i-use-my-microsd-card-?b_id=4315

If you read that, you will see it says “yeah, you have an SD card, but it will not work.” First, Lexar SD cards do not seem to be work in the Blackphone 2 at all. I don’t know why they simply don’t tell you this.  After trying two different models of Lexar SD cards, I went out and found a SanDisk SD card. That worked, but I had to return it so I could get a “fast” SanDisk card after Blackphone 2 complained about the “slow” SD card.

I got the SD card to work eventually. I am unsure how I did it, but I formatted the SD card as mobile not internal. I probably formatted the SD card about ten times rebooting it, and not rebooting it, and it finally showed up under Tools – File Manager. I then copied the downloaded Silent Circle OS version 2.0.8. I was like success. Not so fast.

google-watchingAfter I was finally able to load this downloaded firmware onto an SD card. And after I finally was able to boot from an SD card, guess what happened after it installed the update? The Blackphone 2 came up and said: “you entered the correct password, but your data is corrupt you need to wipe your phone and all data and perform a Factory Reset.” But don’t worry if you have given your data to a Third Party such as through Google Drive, which under US law means it had no Constitutional protections from be data mined by Google and being seized, searched and stored forever by the US government and shared with all Western governments. Thanks to Snowden we know that the US government routinely sizes all Google information. However if you have given your data to Google to data mine and the US government you can restore from that Google Drive.  No thanks.  I do not understand people who claim to be interested in privacy but are willing to give all of their data to a third party that is known to cooperate with all major world governments?

cids-alert-dialogAfter all of that work I was where I was two days ago. I was going to lose all of my data, configurations, and installed applications.  After installing Silent Circle major update 3.0a the only way to get a working phone is to perform a factory reset, losing all of your data. Well since I lost all of my data, all of my applications and all of my configurations, I might as well try to get to Silent Circle 3.0a working. I had nothing to lose. Thus the new steps I did was.

1. Perform a factory reset and lose all of my data and configuration settings.
a. Make no configuration changes to Silent OS
2. Update to Silent OS version 3.0a.
3. It worked!

To put it simply the Silent OS update version 3.0a is a “destructive” update. Before you perform it, back up all the data, copy down all of your applications passwords. You also will want to set aside time to reconfigure your Blackphone 2 phone. It would be a lot easier if Silent Circle were just forthcoming with that information on their public websites, blogs, and other social media accounts.  Perhaps they should warn people not to update period until they address these issues? Apparently, they have not, so I am sharing this blog post.

I now have what I think is a working phone. Under Security Center, there is little notification “CIDS Alerts.”  Adding the ability to detect Sting Ray devices is a core function of any phone and if the CIDS function of Silent OS version 3.x works, than that is something to consider.

SC Technical Support. They are pitching the Blackphone 2 as an “enterprise” device.  It is not primarily because of the terrible technical support.  They have a technical support solution that is worse than your neighbor’s teenage kid. You can at least get him on the phone sometimes. Silent Circle technical support is email only as far as I know. They seem to have no actual knowledge of the details of the phone. They have never said, “go to this area and reset this permission to this.” Never.  They either point you to blog post on their web site and if that does not solve your issue, their default answer to any problem is “perform a factory reset losing all your data, installed applications, and configurations.” I have run many IT operations, and I would never have my enterprise depend on upon a technology that did not have enterprise phone support. Especially something as visible and personal as the C-staff’s cell phones.

I will poke around this new Silent OS version and see if there is enough here to recommend changing my opinion of the Blackphone 2.