YotaPhone 2: Innovation and Security

    On December 2, the presentation of YotaPhone 2 was held at the Garage in the Gorky Park in Gorky Park. The Asset company in which I work is a technology partner of YotaDevices, so I managed to join the new smartphone even before the presentation. As a follower of the iOS platform, I reacted very coolly to the appearance of this device, but nevertheless, the innovation attributed to it aroused curiosity.

    Details under the cut

    In addition to having a second screen using E-Ink technology, the YotaPhone 2 smartphone has another obvious advantage over many analogues - a domestic developer company. Yes, despite the studies that have appeared on the network and are widely circulated on the quantitative relationship between “Russian” and “non-Russian” in its composition, one cannot but admit that YotaDevices is a Russian company with a real (and very beautiful) Russian office, The solution was developed by us and focused on our market, in particular in terms of information security.

    But back to the phone itself. Looking ahead, I want to admit that my "cold" attitude was completely unreasonable and unfair - the device is healthy and interesting.

    The first thing that catches your eye is the excellent Super AMOLED screen, which produces a very clear and rich picture. The phone works nicely and smartly, while having decent battery life. It’s nice to hold YotaPhone 2 in your hands: it uses fashionable plastic, high-quality assembly (it is worth noting that something inside vibrates significantly when shaking - whether it is so interestingly provided for by the design, or a “cant” of a pre-production model).

    But, of course, the most interesting is the second screen with electronic ink. Using Yota Snap, you can have any static data on it that will not be lost if the phone runs out (I personally had such a couple of times, it was especially sad to be left without a hotel address in an unfamiliar city). Yota Mirror is even more interesting - the back screen can be used to fully manage applications. The speed of the used E-Ink display allows you to do this very comfortably. As a result, the owner of YotaPhone 2 has, for example, the ability to put the phone on the table and control what is happening in any application with virtually no battery power consumption - this is very cool.

    Since I work in an information security company, I was interested in exploring YotaPhone from this point of view, including testing it with our product, Rutoken EDS Bluetooth, which, as the name implies, can connect to mobile devices using the Bluetooth protocol.

    Note that the YotaDevices company can boast of a certificate obtained in conjunction with the InfoTeKS company in the FSB for KC1, provided that the ViPNet Client for Android is installed on the smartphone. The company wants to become a supplier for government projects, which is quite logical.

    However, it is no secret that the Android operating system has many vulnerabilities. According to Kaspersky Lab statistics100% of the most common mobile "malware" infect the Android platform. Similar findings are contained in the Group-IB report on high-tech crime trends for 2014. The vulnerability of the system to various malicious software greatly endangers the private keys stored in the device’s memory.

    To solve security problems on mobile platforms, our company has developed an electronic identifier Rutoken EDS Bluetooth, using hardware GOST to encrypt the Bluetooth channel and allowing the use of an external secure key storage on smartphones.

    We decided that using a wireless channel is much more practical than connecting devices to a smartphone, whether it be a classic smart card reader (imagine how cumbersome and inconvenient the design is) or a microSD memory card (and YotaPhone 2 does not have a slot for it )
    A Bluetooth connection is great for sleek and complete solutions. The token is in your pocket, you use an electronic signature, nothing prevents you - everything happens with minimal user intervention. Even with constant work with the token (which is actually hard to imagine), the built-in battery lasts for almost two days, which makes it possible not to think about its charge.

    Nobody forgot about security either: between the mobile device and the token, the data is transmitted encrypted in accordance with GOST 28147-89, and the keys are negotiated in accordance with VKO GOST 34.10-2001 (RFC 4357). To activate a secure channel when formatting a token, a password is generated that will need to be entered once when connecting the device in the application.
    If you have a Rutoken EDS Bluetooth, then its work can be viewed using our utility located in the Google Play store (via the link ). By the way, we already managed to test YotaPhone 2 with Rutoken EDS Bluetooth, for which there is an appropriate certificate of compatibility.

    To work with an external key medium, compatible software is required.
    Since most developers use Crypto-PRO, S-Terra, Infotecs companies, which provide support for Rutoken EDS Bluetooth, for cryptographic tasks in applications, in many solutions tokens will work almost out of the box. As a real case, it is now possible to use the S-Terra Client-M VPN client.
    Using keys securely stored on an external medium, it is possible to create a secure VPN channel. And information about the status of the current connection can be displayed on the E-Ink screen using Yota Mirror.
    Due to the interest of state-owned companies in the smartphone, there is no doubt that soon enough the applications of Russian developers in the field of information security will be optimized for YotaPhone 2 smartphones.

    YotaPhone 2 left a pleasant warm impression. It’s a pity that the retail price in the end turned out to be higher than the declared one, but I think that it is worth it anyway.

    Also popular now: