2014 has seen its fair share of debutants in the smartphone world and so far it’s been a good year for the newbies to enter the market. OnePlus seem to have done extremely well with their flagship OnePlus One, besides the odd hiccup…not mentioning any names…invite system, Ladies Only. Another new device from (effectively) a new company was the Blackphone. This ominously named smartphone is the brainchild of SGP Technologies – collaboration between Silent Circle (encryption communications firm) and Geeksphone (smartphone manufacturer). The two came together with the sole intention of producing a device which was free from prying eyes and putting security and privacy above all else. The device runs a modified version of Android under the guise PrivatOS (forked from Android 4.4.2), encrypts calls, emails, and texts and provides internet access via a virtual private network (VPN). All in all, this is generally considered to be one of the safest smartphones on the market and hence its USP.
In fact, Blackphone takes security so seriously that they have launched what they refer to as the ‘Blackphone Bug Bounty Program’. As the name suggests Blackphone are asking (even challenging) people, developers, hackers, security experts to find the bugs in their system. Now this is not just a show of force by SGP but instead the company explains that the integrity and security of their system will be partly attributed to their relationship with the security research community. As such SGP explain the secondary purpose of the program is to offer transparency to its users (and the wider community) on how vulnerable (or not as the case may be) their system really is.
To temp users into finding bugs SGP are offering a minimum bounty for each bug found of $128, also adding there is no maximum to the amount (depending on the significance of bug). As well as hard cash (probably actually PayPal) SGP will also offer prizes and gifts which again will be based on the severity/significance of the bug and its vulnerability to the system. It was also announced that they will be working on an annual award too for the biggest (or most severe) bug hunters. SGP do stress though that while you are hunting that hunters do not disrupt the service for customers, adding that this “would be bad form”. They also advise at some point in the future they will have test systems in place where DDOS and other service interruption techniques can be effectively tested. So fancy the challenge? Can you find the bugs in one of the securest smartphones available? If you can then money and prizes galore could be yours. If you are interested then either head over to the Blackphone blog for more information or head straight to the bounty rules to get started. Get hunting bug finders and Godspeed!