Top 10 forgotten mobile threats revealed

Do you have a smartphone? Of course you have. Let's say you even use some encryption for your mobile calls. Do you know what threats you are exposed to when using it? Keep reading...

Just for you. Really?

1. Spyware
Spyware run on smartphone and can record all communication. It can send the recorded communication later or broadcast it live. Spyware is hidden and difficult to detect.

2. Record microphone
A malware can record the microphone of your smartphone can send or broadcast the communication it captures.

3. Man-in-the-middle attack
A malicious outsider inserts him or herself into a conversation between you and your party and gains access to your private information.

4. Stealing encryption keys
The encryption keys can be stolen before or during the communication. It is a common problem of encryption software. However it is possible to physically protect encryption keys with cryptochip or TPM technology. It requires a hardware piece in your smartphone, typically integrated into a micro SD card.

5. Cracking encryption keys
Cracking the keys can be easier if you use public key encryption. Since public keys are sent over the Internet and define the key space, they make cracking a lot easier. You can find a nice explanation of the mathematical background here: https://www.udacity.com/course/cs387.

6 to 10
Find the rest in the infographic below. Just click on it. Hover or tap the threats.

Please share and like :-) Thank you!

First NSA-proof phone already on the market

Believe it or not, the first NSA-proof phone is on the market for years, and it is called Secfone, not Blackphone. It was not available for public for a long time - only for governments and military organizations -, but as of 2013 it can be ordered from BeSure Europe LLP. It was announced at Mobile World Congress (MWC) Barcelona in 2013.

This is the only solution that we have enough information about to claim it to be NSA-proof or rather eavesdrop-proof.

How can Secfone protect mobile conversations?

Secfone is the only solution on the market that implements triple-level protection. Triple-level protection means the protection of communication, encryption keys and smartphone. Leaving any level out makes the encryption solution vulnerable and easy to tap. For example encryption software on iPhone and BlackBerry smartphones can not protect the smartphone itself, since these smartphones have proprietary operating systems. We had no information how these operating systems work until Snowden released the NSA documents. These documents prove that iPhone and BlackBerry has a backdoor. The backdoor called DROPOUTJEEP, and provides direct access to the smartphone's microphone and camera. This makes these smartphones a personal bug.

Protection of communication - Level 1

Secfone protects the communication with unique implementation of assymetric encryption. Using non-standard implementation is inevitable. Standards define the methods of cracking - they provide enough information to crack the keys. Encryption cracking software and hardware appliances are designed and optimized to crack standard encryptions.

Read the implementation (patent description only for experts!)

Protection of encryption keys - Level 2

Encryption keys can not be protected on any smartphone, especially not with encryption software. Keys can be protected only in a special hardware, called Trusted Platform Modul or cryptochip. This hardware is designed to generate, manage and use encryption keys. It is unreadable by design, and there is no known method for getting the encryption keys out of it.

Protection of smartphone - Level 3

The solution have to protect the smartphone itself too. It means that no software can access the smartphone's microphone and camera during calls. Secfone monitors the microphone during the calls, detects the malicious software that tries to access it, and handles the situation.

Takeaway

NSA-proof phone will never come from US or any other world-power. Think it over...

Please click Google+ below, or share this post on Facebook, Twitter or any other social media. Thank you!

3 characteristics of any eavesdrop proof mobile communication solution

Eavesdropping and tapping is a hot topic right now. But how can a company choose a really eavesdrop proof solution?

You can read articles on daily basis on how politicians were tapped by several national agencies. You might think that there is no eavesdrop proof mobile communication solution on the market, because if there were, at least Angela Merkel would buy it. Let's take a close look.

There are 3 requirements of eavesdrop proof encrypted mobile solutions:

1. Purely software-based solutions are not secure

The reason is evident. Computer softwares are codes that reside and run on devices, like laptops, smartphones or tablets. These codes use the general storing and processing capabilities of devices, which are not designed to protect or secure any information. So if you find a software on Google Play or iTunes Store that claims it can protect you communications if you download it, it is simply not true.

Think of softwares that can be downloaded from torrent sites. Those softwares consist of codes. Codes, that construct a purely software based encryption solution too. Sounds safe?

If you have ever encountered a software that can not be copied, that software must have been included some kind of unique hardware protection (USB dongle for example). The unique hardware piece provides the security, because the hardware can not be copied.

2. Using standard encrpytion methods reduces security

If a solution claims that is uses standard encryption that means only one thing: It is a way easier to crack that solution than a solution that use non-standard encryption. Standardization is a big help for a cracker. The more characteristics regulated by the standard, the easier to crack the solution. Not mentioning that agencies specialized in cracking encryptions have hardware designed to crack standardized encryptions.

3. Certificates of agencies indicate backdoor

If you run into a solution that claims it is a certified solution of for example an Israeli agency, that means you can be sure that the agency in question has access to a backdoor in the solution. The reason is simple. There is not a single agency in a world that would encourage the use of a solution that can not be controlled - that is eavesdropped - by that agency. The picture is getting clear as you think it over...

Now comes the final question. Are there solutions on the market meeting these requirements? Of course yes, there are. But most of them are not available for public, only for agencies and governmental institutes.

UPDATE:

The only hardware based encrypted mobile communication solution that provides triple layer protection is Secfone.

Secfone Official Website

Please click +Google or share on Facebook if you found this article interesting.

What is the privacy score of your smartphone?

You might know that apps on smartphones ask for permissions upon installing. However, some apps might ask more permission than their function really needs. If you would like to protect your information, than the first step is to check if your smartphone can leak your data. We have tried an app that does the work, Clueful (available for Android and iOS).

Clueful gives a general privacy score, that gives you an idea how safe is your smartphone.

It categorizes the apps into three categories:

• High risk apps
• Moderate risk apps
• Low risk apps

You should really think over to uninstall apps that are in the high risk category. After installation Clueful checks new installations too, and alerts if a new app asks for too many permissions. Filtering by specific types of risks is also available (what apps can send SMS for example).

Check your smartphone, and put your Privacy Score in a comment here. Its free.

Please click +Google or share on Facebook if you found this article interesting.

Did US Tap Chancellor Merkel’s Mobile Phone? - Opinion

I read new articles every day on how Germany complains about NSA spying. Now turned out that there is a high chance that even Merkel’s phone conversations were tapped. What is the main problem behind protecting ourselves?

1. Security solutions come from US

This is a big problem since there is not a single security solution in US that has no backdoor. Even the “most secure” PGP was compromised, however PGP has no connection to any US governmental institutes. Why not to use PGP? Read this: https://github.com/pagekite/Mailpile/issues/79. Blackberry is very popular smartphone in Germany, and guess, what encryption Blackberry uses? Yes, you all right, PGP.

2. Standard mobile encryption solutions

The standards considerably decrease the security level. You now why? Because standard sets rules that is a good help when you try to break an encryption (you know the key lenghts for example). Not mentioning that governmental institutes and corporations have hardware and software resources tailored to break standard encryptions. Any non standard encryption need substantial extra effort to break.

3. Software based solutions

To protect a communication channel you need to protect all information that provides security of that converstion. These are encryption keys in the first place. If you use software base solution, your keys are stored in standard storing elements of your device. These elements (memory for example) are readable, writeable storages, not designed to store anything in a secure way. That means your encryption keys can be read or written. Sounds secure? Not really…

Any solution?

Of course, there is a solution. The keys that provide the security of a communication network have to be stored in a secure place, which MUST BE some kind of a hardware piece. Several solutions are on the market with unique hardware protection, mainly available for governmental use. These are special hardwares, you can not use it with you smartphone. However, Secfone seems to break the rule…

Please click +Google or share on Facebook if you found this article interesting.