Inside Boeing's New Self-Destructing Smartphone

mpicpp writes "It looks thicker than most of the phones you see at Best Buy, but Boeing's first smartphone isn't meant to be used by the average person. The company that's known for its airplanes is joining the smartphone game with the Boeing Black, targeted at people that work in the security and defense industry. One of its security features is self-destructing if it gets into the wrong hands, although not quite in the Mission Impossible sense. According to the company's letter to the FCC, the phone will have screws with a tamper-proof coating, revealing if a person has tried to disassemble it. 'Any attempt to disassemble the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,' writes Bruce Olcott, an attorney for Boeing."

Cold disassembly?

[Megan Woods]

How would it go if it were chilled right down, liquid nitrogen or colder so the electronics stopped working and then disassembled. (I don't know if it's possible, just kicking the idea around.)

ATM keypads

[DoubleJ1024]

When I worked in the ATM industry we already had that feature built into the keypad (EPP). If you tried to extract the keys any number of ways (freeze spray, remove back cover, cut front cover, etc.) it would dump the memory and leave the attacker with nothing. All you have to do is contact one of the companies that built those EPP's and they can guide you into a LOW COST hardware method of dumping everything. You don't need to go with a fancy "custom coating" that might fail or have alternative issues. I would not buy this phone as it is over-priced, and I can do the same thing with a common android smartphone and a little software and hardware tweaking. Epoxy is your friend for keeping people out of things they don't need to see, as is encryption with delete upon failure to decrypt. What a joke, but they will sell a bunch of them to Gov. and "special" people.

Re:tamper-proof coating?

[InvalidError]

That would not necessarily work: it would definitely fry the IO front-end but most of the NVRAM matrix would likely remain intact and recoverable by stripping the top encapsulation and top metal layers then scanning the NVRAM cells with a magnetic force microscope.

Also, if the devices self-destructs through high voltage, someone who has already dissected one of these phones before would know where the high-voltage components are, how they operate, how they are triggered and would likely be able to come up with a way to prevent the high voltage pulse from reaching the NVRAM chips such as using a pneumatic framing nailer to destroy/short the high voltage circuitry faster than it can be triggered by tamper sensors.

So, even with physical destruction built-in, you would still need strong device-level encryption as a fail-safe.

The most beautiful thing about having a decryption key embedded in a secure microcontroller managing tamper-proofing sensors (which is itself embedded in the SoC running the rest of the device's functions) is that disabling tamper-proofing is impossible to do without disabling the secure micro-controller and disabling it either physically or by cutting power kills the decryption key just like tripping tamper-proofing sensors would.