YotaPhone 2: Innovation and Security
On December 2, the presentation YotaPhone 2 took place at the MSI Garage in Gorky Park. The company Aktiv, in which I work, is a technology partner of YotaDevices, so I managed to join the new smartphone even before the presentation. As an adherent of the iOS platform, I was very cool about the appearance of this device, but still the innovation attributed to it was curious.
Details under the cut
In addition to having a second screen that uses E-Ink technology, the YotaPhone 2 smartphone has another obvious advantage over many analogs - the domestic developer company. Yes, in spite of the widely researched online research on the quantitative relationship between “Russian” and “non-Russian” in its structure, it’s impossible not to admit that YotaDevices is Russian, with a real (and very beautiful) Russian office, The solution was developed by us and focused on our market, in particular in the aspect of information security.
But back to the phone itself. Looking ahead, I want to admit that my “cold” attitude was absolutely unreasonable and unfair - the device is healthy and interesting.
')
The first thing that catches your eye is an excellent Super AMOLED screen, which gives a very clear and rich picture. The phone works nice and fast, while possessing decent battery life. YotaPhone 2 is pleasant to hold: a fashionable plastic is used, a high-quality assembly (it is worth noting that something noticeably fluctuates inside when shaken - whether it is so interesting provided by the design, or the “cant” of the pre-production sample).
But, of course, the most interesting is the second screen with electronic ink. Using Yota Snap on it you can put any static data that will not disappear if the phone is discharged (I personally had such troubles a couple of times, it was especially sad to be without a hotel address in an unfamiliar city). Yota Mirror is even more interesting - the back screen can be used to fully manage applications. The speed of the used E-Ink display allows you to do this very comfortably. As a result, the owner of YotaPhone 2 has, for example, the ability to put the phone on the table and monitor what is happening in any application with virtually no battery power — this is very cool.
Since I work in an information security company, I was interested in researching the YotaPhone from this point of view, including testing it with our product Rutoken EDS Bluetooth, which, as the name implies, can connect to mobile devices via Bluetooth.
Note that YotaDevices can boast of a certificate received by the FSB for KS1 in cooperation with InfoTexC, provided that ViPNet Client for Android is installed on the smartphone. The company wants to become a supplier for government projects, which is quite logical.
However, it is not a secret for anyone that the Android operating system has a lot of vulnerabilities. According to Kaspersky Lab statistics, 100% of the most common mobile malware infects the Android platform. Similar conclusions are contained in the Group-IB 2014 High-Tech Crime Trends Report. The vulnerability of the system to various malicious software severely endangers the private keys stored in the device memory.
To solve security problems on mobile platforms, our company has developed an electronic identifier Rutoken EDS Bluetooth, using hardware GOST to encrypt the Bluetooth channel and allowing the use of external secure key storage on smartphones.
We decided that using a wireless channel is much more practical than devices connected to a smartphone, be it a classic smart card reader (you can imagine how cumbersome and inconvenient the design is) or a microSD memory card (and in YotaPhone 2 there is no slot for ).
Bluetooth connectivity is great for elegant and complete solutions. The token is in your pocket, you use an electronic signature, nothing prevents you - everything happens with minimal user intervention. Even with constant work with the token (which is actually difficult to imagine), the charge of the internal battery lasts for almost two days of work, which provides an opportunity not to think about its charge.
No one has forgotten about security either: between a mobile device and a token, the data is transmitted encrypted according to GOST 28147-89, and the keys are coordinated according to VKO GOST 34.10-2001 (RFC 4357). To activate a secure channel when formatting a token, a password is generated, which will need to be entered once when the device is connected in the application.
If you have a Rutoken EDS Bluetooth, then his work can be viewed using our utility, located in the Google Play store ( link ). By the way, YotaPhone 2, we have already tested with Rutoken EDS Bluetooth, for which there is a corresponding certificate of compatibility.
Compatible software is required to work with external key carrier.
Since the majority of developers use software developed by CRIPTO-PRO, S-Terra, Infotecs for cryptographic tasks in which Rutoken EDS Bluetooth support is provided, in many solutions tokens will work practically out of the box. As a real case, it is now possible to use the Sli-Terra VPN Client Client-M client.
Using the keys securely stored on external media, it is possible to create a secure VPN channel. And information about the status of the current connection can be displayed on the E-Ink screen via Yota Mirror.
Due to the interest of state-owned companies in the smartphone, there is no doubt that soon enough the applications of Russian developers in the field of information security will be optimized for smartphones YotaPhone 2.
YotaPhone 2 left a pleasant warm impression. It is a pity that the retail price in the end turned out to be higher than stated, but, I believe that it is still worth it.
Details under the cut
In addition to having a second screen that uses E-Ink technology, the YotaPhone 2 smartphone has another obvious advantage over many analogs - the domestic developer company. Yes, in spite of the widely researched online research on the quantitative relationship between “Russian” and “non-Russian” in its structure, it’s impossible not to admit that YotaDevices is Russian, with a real (and very beautiful) Russian office, The solution was developed by us and focused on our market, in particular in the aspect of information security.
But back to the phone itself. Looking ahead, I want to admit that my “cold” attitude was absolutely unreasonable and unfair - the device is healthy and interesting.
')
The first thing that catches your eye is an excellent Super AMOLED screen, which gives a very clear and rich picture. The phone works nice and fast, while possessing decent battery life. YotaPhone 2 is pleasant to hold: a fashionable plastic is used, a high-quality assembly (it is worth noting that something noticeably fluctuates inside when shaken - whether it is so interesting provided by the design, or the “cant” of the pre-production sample).
But, of course, the most interesting is the second screen with electronic ink. Using Yota Snap on it you can put any static data that will not disappear if the phone is discharged (I personally had such troubles a couple of times, it was especially sad to be without a hotel address in an unfamiliar city). Yota Mirror is even more interesting - the back screen can be used to fully manage applications. The speed of the used E-Ink display allows you to do this very comfortably. As a result, the owner of YotaPhone 2 has, for example, the ability to put the phone on the table and monitor what is happening in any application with virtually no battery power — this is very cool.
Since I work in an information security company, I was interested in researching the YotaPhone from this point of view, including testing it with our product Rutoken EDS Bluetooth, which, as the name implies, can connect to mobile devices via Bluetooth.
Note that YotaDevices can boast of a certificate received by the FSB for KS1 in cooperation with InfoTexC, provided that ViPNet Client for Android is installed on the smartphone. The company wants to become a supplier for government projects, which is quite logical.
However, it is not a secret for anyone that the Android operating system has a lot of vulnerabilities. According to Kaspersky Lab statistics, 100% of the most common mobile malware infects the Android platform. Similar conclusions are contained in the Group-IB 2014 High-Tech Crime Trends Report. The vulnerability of the system to various malicious software severely endangers the private keys stored in the device memory.
To solve security problems on mobile platforms, our company has developed an electronic identifier Rutoken EDS Bluetooth, using hardware GOST to encrypt the Bluetooth channel and allowing the use of external secure key storage on smartphones.
We decided that using a wireless channel is much more practical than devices connected to a smartphone, be it a classic smart card reader (you can imagine how cumbersome and inconvenient the design is) or a microSD memory card (and in YotaPhone 2 there is no slot for ).
Bluetooth connectivity is great for elegant and complete solutions. The token is in your pocket, you use an electronic signature, nothing prevents you - everything happens with minimal user intervention. Even with constant work with the token (which is actually difficult to imagine), the charge of the internal battery lasts for almost two days of work, which provides an opportunity not to think about its charge.
No one has forgotten about security either: between a mobile device and a token, the data is transmitted encrypted according to GOST 28147-89, and the keys are coordinated according to VKO GOST 34.10-2001 (RFC 4357). To activate a secure channel when formatting a token, a password is generated, which will need to be entered once when the device is connected in the application.
If you have a Rutoken EDS Bluetooth, then his work can be viewed using our utility, located in the Google Play store ( link ). By the way, YotaPhone 2, we have already tested with Rutoken EDS Bluetooth, for which there is a corresponding certificate of compatibility.
Compatible software is required to work with external key carrier.
Since the majority of developers use software developed by CRIPTO-PRO, S-Terra, Infotecs for cryptographic tasks in which Rutoken EDS Bluetooth support is provided, in many solutions tokens will work practically out of the box. As a real case, it is now possible to use the Sli-Terra VPN Client Client-M client.
Using the keys securely stored on external media, it is possible to create a secure VPN channel. And information about the status of the current connection can be displayed on the E-Ink screen via Yota Mirror.
Due to the interest of state-owned companies in the smartphone, there is no doubt that soon enough the applications of Russian developers in the field of information security will be optimized for smartphones YotaPhone 2.
YotaPhone 2 left a pleasant warm impression. It is a pity that the retail price in the end turned out to be higher than stated, but, I believe that it is still worth it.
Source: https://habr.com/ru/post/245379/
All Articles