John McAfee unveils 'hack-proof' smartphone. Except it costs $1,100
John McAfee unveiled plans for the “first truly private smartphone” on Thursday, 27 April. This came just as researchers from the University of Michigan released a paper showing how hundreds of apps in the Google Play Store have gaping security holes that allow hackers to implant malware and steal data from Android smartphones.
Hackers using open 'ports' has long been the gold standard. Researchers studied popular but rarely studied apps and found plenty of open ports on smartphones.
McAfee's unveiling comes just as our smartphone security is being threatened. McAfee's believes his $1,100 Android smartphone is the “most hack-proof phone” ever. He's calling the phone, which has been created in partnership with cyber security firm MGT, the McAfee Privacy Phone.
Who is McAfee?
McAfee is known for founding McAfee Associates back in 1987. The company released the first ever commercial computer anti-virus software called McAfee, which has gone on to be immensely popular.
Seven years later, McAfee left the company. As one of the most outspoken people in the tech industry, he has over the years put his money in a number of tech ventures.
For many years he lived in Belize, and in 2012, the Belizean Police Department searched him as a "person of interest". This was for the murder of one of his neighbours. McAfee then fled the country and ended back in the USA.
A 2016 documentary threw more light on McAfee as a mentally unstable person. The documentary on the Showtime cable TV network alleged that McAfee was involved, in not one, but two murders and that he also engaged in rape, drug use and other criminal activities. McAfee, for his part, denied all the allegations. Nothing has been proven as of yet.
McAfee Privacy Phone
Earlier in the week, McAfee took to Twitter to post an image of what is the first prototype of the phone running Android, though we can't tell which version.
The John McAfee Privacy Phone, by MGT - first prototype. World's first truly private smartphone. You gonna love it. pic.twitter.com/n06CuO3Jay— John McAfee (@officialmcafee) April 25, 2017
He claims that making a phone hack-proof lies in its hardware. “The smartphone contains a bank of switches on the back cover that allows the user to physically disconnect the battery, the antennas for WiFi, Bluetooth and geolocation, the camera and the microphone. It also will not allow the phone to connect to a Stingray or any other IMSI catcher device. In addition, it contains a web search anonymizer.”
IMSI catcher devices are basically designed to intercept both mobile phone traffic and location data. The inbuilt web browser will include an anonymizer, which means when you search, you won't get hit by ads.
The phone will cost a whopping $1,100 and primarily target enterprise users. McAfee sees retail customers buying the phone as well.
McAfee doesn't want to reveal the hardware specifications of the phone just yet. He's choosing to wait till the week prior to the release of the phone. Nonetheless, he seems confident enough in the phone's success that a second version is already in the works for the summer of 2018. That phone, McAfee claims, “will be as hack proof as humanly possible".
McAfee is not the first
McAfee isn't the first person or company to come out with a 'secure' Android smartphone. Sirin Labs debuted a $16,000 privacy-centric Android phone last year that basically bombed.
BlackBerry has been selling its own devices touting its 'security' features, but that too has soured in recent times. Silent Circle’s Blackphone is another example but that too has failed, putting the company in debt.
With a market full of privacy phone failures, and a price higher than that of Samsung's recently launched Galaxy S8, will anyone even buy this phone?
Insecure Android phones
The team at the University of Michigan used a custom tool to scan 24,000 apps and found 410 potentially vulnerable applications. One of those applications has been downloaded millions of times.
"These newly discovered exploits can lead to a large number of severe security and privacy breaches," the researchers explain. "For example remotely stealing sensitive data such as contacts, photos, and even security credentials and performing malicious actions such as executing arbitrary code and installing malware remotely."
That app that has been downloaded over 10 million times and causes security nightmares is WiFi File Transfer. It lets users connect via Wi-Fi to an open port on their phone.
The user can then access files like photos, application data and even anything stored on the phone’s SD card. Due to insufficient security, doing so is not merely limited to the owner of the device.
“To get an initial estimate on the impact of these vulnerabilities in the wild, we performed a port scanning in our campus network, and immediately found a number of mobile devices in 2 minutes which were potentially using these vulnerable apps,” the researchers continued.
Furthermore, the researchers confirmed that 57 of the 410 apps were vulnerable. One of them being AirDroid, a popular app that allows users to have full control of their Android device on their PC.
AirDroid has an authentication flaw, the researchers found, and this lets malicious intruders access ports. The makers of AirDroid quickly patched the problem after being notified by the researchers.
They also demonstrated, in a series of videos, the various attacks and showing how the "app opens ports by default and no client authentication or incoming connection notifications are engaged, which put the device user into severe danger".
The user can do nothing. Google can do nothing,” says Yunhan Jia, one of the Michigan researchers. “The developer has to learn to use open ports correctly.”Unless Google directly addresses this issue in a software update, your best best is to uninstall these 'insecure' applications. Maybe you can buy McAfee's '
Unless Google directly addresses this issue in a software update, your best best is to uninstall these 'insecure' applications. Maybe you can buy McAfee's 'privacy-focused' smartphone, but besides setting you back $1,100, the smartphone isn't even guaranteed to protect you from this potential hack.