An ambitious statement was made by Steve Chao, founder and CEO of Quasi-Stellar Alpha Inc., earlier in July that the company will start manufacturing “unhackable” phones. Quasi-Stellar Alpha (also called QSAlpha) is a three year old San-Francisco based mobile cloud security company that protects communications between mobile devices by assigning a unique encrypted digital identity to every mobile user making mobile data transfer virtually unhackable.
Recent revelations by Edward Snowden about digital spying on ordinary citizens by government intelligence agencies have sparked controversies and concerns about online privacy all around the globe. Several firms refused to use cloud services offered by US firms in the wake of Snowden’s revelations. Fifty-nine percent of people recently surveyed by the Pew Research Center agreed that they should be able to use the Internet completely anonymously, and 86 percent have attempted to cover their Internet tracks. Chao said people are now more concerned about their online and mobile privacy and QSAlpha is aimed at making data transfers secure.
“We have government surveillance. We have hackers. Every time we send a message out there, Internet hackers are all trying to crack our phones.” – expressed Chao.
A recent e-mail to Ars Technica from QSAlpha confirmed that the company has started development of its ‘unhackable superphones’ and promises to provide “perfect” security. This ‘super’-phone, dubbed as ‘Quasar IV’, will be their first offering and based on Android 4.3, with various modifications to improve security, the Quasar will use a hardware-level encryption module. The contents of the phone are encrypted, and communication with other users of Quasar IV phones are encrypted as well using public and private keys. Android phones can already be encrypted using a standard setting, but Chao says Quasar does it better. A draft of the Kickstarter page and an accompanying video shared with Ars Technica calls it the “world’s most secure smartphone,” featuring “unprecedented security with a military-grade encryption.”
While general descriptions of its technology may sound reasonable, claims of being ‘un-hackable’ might attract a lot of skeptics and curious code-breakers wanting to give it a shot. Researcher, Steve Thomas and Jean-Phillippe Aumasson, principal cryptographer at Kudelsky Security (Switzerland) stated that claims like “unprecedented security” without detailed technical explanations do not inspire confidence.
Aumasson wrote (to Ars Technica):
Overall, the tone and content of this [Kickstarter] page suggest that it hasn’t involved credible security experts.
That said, the idea of a “crypto phone” with a hardware root of trust is good, and would bring better security compared to software-only solutions (things like Silent Circle).
However at this point “Quasar IV” does not provide sufficient technical details to rigorously assess its security, and the marketing tone and FUD on that page suggest that it’s unlikely to be a reliable technology, in my opinion.
For example, they write: “Both algorithms [RSA and Diffie-Hellman] are on the verge of being ‘cracked’ (proven to be vulnerable to attack) by academic mathematicians, according to researchers who presented at the Black Hat security conference in Las Vegas in August.”
This is plain wrong, and shows that the authors do not know what they are talking about.
Chao calls his encryption technique “Quatrix”. Besides encrypting phones, QSAlpha says it plans its own app library where developers will be able distribute applications signed by Quatrix. Chao also said that Quatrix uses both AES-256 and ECC (elliptic curve cryptography), which is similar to BlackBerry’s.
“More often crypto fails due to a poor combination and usage of good building blocks, than because of ‘weak’ algorithms”: stated Aumasson, unimpressed by the use of AES-256 and ECC.
The above ad was published by QSAlpha in the New York Times using their own encryption system and the fact that no one has been able to decrypt it proves Quasar IV’s effectiveness.
QSAlpha also claimed that it has roped in the world’s largest phone manufacturer to bring the product to the market. “We have also fully validated every single component in the Quasar IV and teamed up with a reputable component procurement company to ensure timely delivery to the manufacturer for final assembly,” the company wrote.
The company provided the following specs of the Quasar IV, which do sound appealing:
QSAlpha is seeking $2.1 million to build the Quasar IV. Pledges starting at $395 would reserve backers a phone estimated for an April 2014 delivery, which indicates that the phone may come at a premium price and not everyone will be able to afford “perfect security”. But if it does come at a premium price range, it may emerge as a competitor to Apple Inc. In order to compete with the existing smartphones QSAlpha will have to expand production so as to lower per-unit cost.
A preview of the Kickstarter link was temporarily live but is offline currently. QSAlpha was planning to start the crowdfunding campaign this week, but said because of a backlog at Kickstarter it’s been delayed until September 12.
Source: Ars Technica