Showing posts with label BlackBerry. Show all posts
Showing posts with label BlackBerry. Show all posts

Wednesday, February 19, 2014

5 questions your boss will ask you on encrypted mobile communication


Companies working with valuable technologies and information have to protect their ideas from the beginning. Employees work on valuable ideas for a while before the idea becomes a product or a service. Meanwhile they communicate with each other through mobile communication too. It is essential to protect the information in transit. If you work a company like that, and you do not use high security level mobile communication solution, than be prepared to brief your boss on encrypted mobile communication. You will have to make the brief, sooner or later…

 1st Question: What encryption software should we use?
Answer: Encryption software provide very limited security level. One of the most fundamental features of a secure mobile encryption solution is to protect the encryption keys, because once the key is compromised, the communication is leaked. Software reside on smartphones non-protected storage and run on smartphones non-protected processor. These parts of the smartphones are not designed to protect any information. There is no way to protect the keys on any smartphone.

2nd Question: Is there a mobile encryption solution that can effectively protect the encryption keys?
Answer: Yes, there are some solutions on the market. Only special hardware, designed for generating, storing, managing and using encryption keys can protect the keys. These hardware are not readable by design and hack-proof. Often referred to as cryptochip or trusted platform modul. They are sensitive by design, so any attempt to read out the information from them damages the hardware and destroys all the information it stores, including the encryption keys.

3rd Question: Which TPM or cryptochip based solution should we choose?
Answer: TPM or cryptochip is just the bottom line. For the highest level of security the solution has to implement the protection of the communication, the encryption keys and the smartphone too. If let’s say the smartphone is not protected, than the communication can be eavesdropped directly through the microphone before any encryption takes place. Known backdoor called DROPOUTJEEP exists on all iPhone and BlackBerry smartphones. It is totally useless to use any mobile encryption solution on these smartphones.

4th Question: What kind of encrypted mobile solution should we use?
Answer: We should use a cryptochip based solution with triple-level protection. The solution has to protect the communication, the encryption keys and the smartphone. It has to run on a smartphone and operating system which has no known backdoors. 

5th Question: How much does the most secure solution costs? Is it expensive?
Answer: Surprisingly not the highest level of security is the most expensive. The most expensive software solution, Crypttalk costs 250 euro/month with all the defects mentioned. Yet we can reach the highest level of security at a reasonable price of 55 euro/month. A one-time fee of 300 euro applies that includes the price of a unique cryptochip. We do not have to buy new smartphones, we just have to insert the cryptocard into the micro SD card slot of our smartphones. The solution is called Secfone.

If you liked this post please Google+ it or share it on Facebook, Twitter or any social media you prefer. Thank you!

Posted by at 1 comment:
Labels: , , , , , , , ,

Wednesday, January 15, 2014

Snowden killed all iPhone encryptions

If you use encryption software on your iPhone and you paid for it, than you paid for illusion not for security. Thanks to Snowden and security researcher Jacob Appelbaum now the entire World knows the magic word DROPOUTJEEP and the meaning of it.

DROPOUTJEEP is a spyware program developed by NSA that runs on iPhone, and provides access to almost everything. It can intercept SMS messages, can read the contact lists, locate the iPhone based on cell tower data, and the best part is, it can turn on the camera and the microphone, and can listen to any conversation. It can even be deployed remotely.

According to leaked documents NSA claims 100% success rate on iOS devices. It is impossible to reach 100%, unless you have access to a backdoor. Of course Apple denies that it helped NSA to build iPhone's backdoor, but it does not change anything. It does not change the 100% success rate.

How DROPOUTJEEP impact encryption softwares on iPhone?

Now come the bad news. It is well known for the industry experts that purely software-based mobile encryption solutions can not secure any communication. Now things are going bad to worse. No encryption solution can protect your communication on iPhone. Not even hardware based solutions.

Since DROPOUTJEEP can manage the microphone of the iPhone, it listens to the conversation BEFORE any encryption takes place. Your software or hardware solution can even use military-grade 4096 bit encryption keys, it provides zero security if you use it on iPhone. If you use Gold Lock, Silent Circle, Zfone, Crypttalk, Cellcrypt, Kryptos, Secustar or any other encryption software on iPhone and you still need secure mobile communication, consider just deleting your app.

Time to reconsider what you think about encryption software and iPhone security.

Takeaway

The good news is you still can have secure mobile communication. Avoid iPhone and BlackBerry, use open source operating system. Choose cryptochip (hardware) based encrypted mobile communication solution with triple-level protection. Triple level protection keeps any unauthorized process to access your phone's microphone.

If you have found anything new in this blog post, please share it. Thank you :-)

Posted by at 8 comments:
Labels: , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)