MikroPhone: A privacy enhanced, simple and featured RISC-V mobile phone

It's a bit of an annoyance when products talk a lot about "privacy" and "security", but never once mention what sort of threat model they are private/secure against.

Then add in something like a bespoke (unvetted?) communication protocol on top and my eyes really start to roll.

The people who really want privacy & security enough to be willing to buy something like this will want a lot more detail than what is offered here.

My pet peeve on open-source, *-focused hardware: it should start with an artistic sketch and a mockup, not the final board and a shell wrapped around as an afterthought.

Valve[1] reportedly made over 100 mockups before settling on the final shape, most of them representing shapes only. Apple[2] had at least five iterations of nearly indistinguishable mockups for one of iPhone models that were discovered by fans.

It is certainly possible to build a radio equipment by starting from a block diagram and installation into enclosure, but that's development process for low volume technical instruments which measure of utility is electronic performance. A consumer product should look and feel good in hand, even when it's dead.

1: https://www.rockpapershotgun.com/valves-steam-deck-prototype...

2: https://www.youtube.com/watch?v=GXAsLCAbNGY

This is like, barely risc-v. As far as I can tell, there's a risc-v management micro, an esp32 that I'm not easily finding a part number for so may as well be Tenscilica, and an app processor that's ARM based. I don't understand the GPU chip if you have the app processor, and I don't understand the management micro if you have custom ESP32 firmware. And a lot of SoMs have WiFi + Bluetooth on board. So I also don't understand the ESP32. This really feels like it could be a card-edge SOM, battery, HMI, and modem. As per usual I find this project needlessly complicated and buzzwordy.

Hm. I'm not sure what to make of this, really.

The concept of a RISC-V based "assemble it yourself" phone is solid enough - there have been the PiPhone concepts based around a Pi Zero for long enough, and while I don't think they're terribly usable, they're also a fun looking little project.

But then they throw the ElipticCP concept on top, and sort of handwave it being "secure" if you're talking to someone else who is using a similar device, or similar capabilities, or such. And, unfortunately, there's not a lot of information about that I'm seeing (or, that which there is seems rather vague and handwaving).

https://mikrophone.net/about.html

> The security of the whole system is not compromised even though none of these modules is trusted, because all sensitive data is encrypted by the central MCU before sending it to a communication module. Secure communication uses a protocol EllipticCP originally designed for this project. It provides end-to-end encryption and an additional anonymizing layer based on the principle of onion routing. In order for a security protocol to function to its full extent, the end recipient in the communication channel also needs to use mikroPhone or some other phone with comparable security performances (in other words, both communication parties must be secure enough).

There's a lot of words in here that sound good, but there's a serious lack of details, and then when you go to build the phone, you have open JTAG ports to the device.

So I'm not really sure what threat model they're dealing with exactly. "People who can build their own hardware and firmware, who work in investigative journalism or human rights activists, who have iron clad control over their hardware, who want to talk to other people with identical hardware," maybe? It seems designed to counter remote threats only, and without a lot more details as to what it's doing, it's hard to say if it is or isn't doing that competently. I don't have the time right now to go dig through their firmware to see, unfortunately.

If it weren't a build it yourself sort of thing ("Here's the schematics, go get boards fabricated!") it would trip my honeypot sensors ("Secure Phones!" being more government ops than anything actually useful, IMO), but... it's not that, fairly obviously?

Dunno. I doubt it would work on any US carriers, they're all VoLTE only now. :/

Only kinda related, but I've been excited to try Genode OS on the PinePhone https://genode.org/documentation/release-notes/22.08 for a very different take on a secure mobile os

Tbh I would accept anything usable without being bound neither to Google nor Apple. Like a Linux phone but with usable apps which is quite important.

For example Samsung gets free MP3 player and more important, background-running voice recorder, which is extremely important for me, but was impossible to find on OnePlus One.

> The security of the whole system is not compromised even though none of these modules is trusted, because all sensitive data is encrypted by the central MCU before sending it to a communication module.

No way. You need to decrypt that stuff before sending it to the communication modules (BT, WiFi, cellular, display) and you get them unencrypted from the same.

If the communication modules can decrypt the stream themselves, then eavesdropping will happen there inside.

Are all the needed software drivers open source? Or will this phone end up by using blobs, just like all other devices?

Why is this being pitched as a complete solution? There's no concrete explanation why it's more secure, just open source software = secure while rolling it's own stuff; and there's baffling component choices that completely conflict with each other. A color 400x840 screen is not needed for a "simple" phone, and having any possibility of redundant BT/WiFi radios is a baffling oversight.

There's 2 different ideas here, and instead of splitting them up into their own discrete projects that can excel at both ideas, they are turned into 1 mediocre project. Also, exposing JTAG in your final product and forgetting about physical security aren't good looks either.

Note that esp32 (and esp8266) use proprietary, closed-source network stacks[0]

It's not a important in this project as there is a separate "main" MCU, but having radio module with closed-source software, active radios, and which you pass unencrypted data through (like bluetooth audio) might concern some people.

(The SIM module is likely closed-source too, but hopefully it's impact is much more limited - if you care about privacy, you would not send any data over cell phone networks unencrypted)

[0] https://github.com/espressif/esp32-wifi-lib/issues/1

less a criticism (as this is a fantastic project) and more a general comment about security protocols. The protocol (https://mikrophone.net/ecp.html) for privacy appears to require another MikroPhone device on the other side to communicate with.

the cryptographic backdoors I have encountered in my work were in closed loop systems where having a standards based interface to facilitate separate or independent implementations would have foiled the schemes, as replicating the sabotage in another project would have been far more complex.

the first student project is building this, the next really interesting one is reasoning about that security protocol.

the ideal protocol described provides good forward secrecy, and speculatively if I were looking for implementation sabotage I would look for where the padding nulls were used instead of bytes of the nonce to reduce its entropy to something brute-forcible, and off hand as far as threads to pull, whether the parity bit on the key could reduce the search space by %50 as either even or odd.

from a design perspective, if it only talks to copies of itself, why add the complexity of a new protocol? from a mass interception perspective, the "don't roll your own crypto" cliché is probably one of the most successful psyops of all time and I don't think it's a useful admonition in this case, but imo the question of "why" for a new protocol is the most interesting one.

I am glad that these sorts of projects exist. Even if the implementation may not be the greatest it at least provides an option which is not under the thumb of Google, Apple and others.. and it can always be improved over time.

However, I do wish there were some videos and photos of the completed products

What is the cost for the hardware BoM?

Also curious why someone is motivated? Pretty great, would love a 3rd alternative option to Apple and Android.

Mostly I care about phone calls, texting, and web browsing.

This looks really cool! I don’t know if this more of a feature phone or a smart phone though. Would like to see pictures of completed builds and what they can do.

> Software licensed under the GPLv2

Good for you, you get a cookie. Get back to me when you have a RYF certification and we’ll talk sales.

You traded the Bluesmobile for this?

Ah, another privacy-oriented phone project. As if the Pine-, Libre-, Jolla-, Neo900- etc. etc. endeavours weren't successful enough.