Have Any Questions?
Call Now +353-1-5666-640

360 Degree Protection

MANAGED ATTACK SURFACE

As a general rule, you cannot be certain of the integrity of third-party applications, regardless of the provider’s reputation. App behavior within the mobile ecosystem and the potential for some of its libraries to maliciously abuse standard flows cannot be accurately predicted. Services such as Google Mobile Services (a collection of Google’s apps and APIs baked in every consumer-grade android device) utilize embedded location-tracking functionality, which can be exploited.

Users can take charge of their device through our hardware control feature enabling users to manage hardware components and sensors (Wi-Fi, Bluetooth, Location, and more) reducing the attack surface by switching them on and off depending on their needs.

PHYSICAL EXTRACTION SAFE

There are numerous ways to extract data from a mobile device, especially if it is obtained physically. Physical access to a device poses a significant threat as adversaries can files through the USB port using specialized equipment. This method allows attackers to bypass many security measures, gaining access to sensitive information. Especially vulnerable are devices that are protected with simplistic PINs, patterns or passwords (e.g. a 16 digit PIN is cracked in 1 hour)

The device’s USB port is modified to allow users to fully control it, including fully disabling all USB port functions (except for charging). The USB port is disabled on a hardware abstraction level, ensuring that it can not be utilized even by the most sophisticated extraction tools.

MULTIPLE DATA WIPE OPTIONS

Even if users are well protected against over-the-air attacks, they can lose control of their data if an adversary forces them to unlock their phone or if they lose possession of the device. To counter these risks, our solutions offer users and administrators multiple methods to wipe all stored data:

 

  • Anti-Tamper Wipe: In the event of physical tampering through a way of brute forcing the security lock, the device will enter an automatic wipe flow that will delete all of the user’s data and render the account inaccessible.
  • Emergency Center: Sometimes, critical circumstances require immediate action. The Emergency Center provides users with a one-swipe option to utilize critical functionalities, such as an instantaneous wipe, removing all sensitive data with a single click.
  • Remote Wipe: In some cases, you need to react quickly even if the device is not physically with For such situations, our devices support remote wipe through the MDM ensuring that all data on the device will not end up in the wrong hands.
  • Sync Wipe: If adversaries get a hold of your phone there is a high chance that they will disable the phone’s connectivity in order to extract data without the risk of getting a remote wipe command. To address this risk, we developed a sync wipe flow that triggers when the device fails to sync with the backend for a pre- set amount of time.
ENCRYPTED BOOTLOADER

The bootloader of a device is its most basic, low-level software. Its purpose is to check and verify the software running on your device before it boots to ensure its integrity.

If the bootloader is unlocked, various custom ROMs and software not approved the organization could easily be pushed to the phone. Additionally, as mobile devices are PIN or password-protected, unlocking the bootloader opens dangerous attack vectors that can be exploited to bypass the password-authentication process if an attacker gains physical access.

Our OS features not only a locked but an encrypted bootloader, preventing any non- authorized third-party software from being installed on the device. This protects against attacks attempting to install a malicious OS that would gain control over the device, as the encrypted bootloader will refuse to load it.

 

SPYWARE PREVENTION

A common way of adversaries to infiltrate devices is by installing spyware software without the consent or knowledge of the user. Adversaries are able to install malicious software through exploiting native vulnerabilities of smartphones. This software allows them to execute collection attacks to identify and gather information such as sensitive files, user keystrokes, screen activity, browsing history, and more.

For example the Pegasus spyware was installed on consumer smartphones through exploitation of third party or system app vulnerabilities. The spyware allowed the adversary to access devices through zero-click exploitation, where user didn’t even have to click a phishing link.

Secure OS allows users and organizations to forbid the installation of any software outside the app store managed by the MDM, ensuring that no untrusted apps are installed.

 

ANTI DATA MINING

Data mining on Android devices, particularly within Google’s ecosystem, involves extensive collection of user data points, including location, search history, app usage, and more. This pervasive data collection raises privacy concerns and exposes users to potential vulnerabilities, especially due to pre-installed bloatware that can introduce security risks.

Secure OS is a completely de-Googled Android Operating System. It relies on in- house developed or open-source technology to deliver necessary mobile microservices such as location, push notifications, time, app updates, and others. Users can easily disabled those services, unlike consumer smartphones.

 

SOFTWARE INTEGRITY CHECKS

While having the necessary spyware mitigation mechanisms in place is vital for protecting digital data, having a way to detect if those mechanisms fail is equally important.

Secure OS comes with a software integrity feature that compares the local device policies and installed software (apps and OS) to the policies saved on the server. Any discrepancies are reported, and the user is alerted. With this feature, users and organizations can easily identify if their device has been compromised.

 

TRIPLE PASSWORD PROTECTION

To prevent physical tampering with our encrypted mobile communication devices, we have implemented triple password protection: The storage holding all sensitive information, the OS allowing the phone’s basic functions, and the system communication apps storing your correspondence are separately protected by different passphrases. The passwords securing sensitive data, such as the information in your storage, are highly complex, ensuring that even supercomputers cannot penetrate them

 

SECURITY-HARDENED LIBRARIES

Libraries are sets of prewritten code that applications use to perform their functionalities. As part of the standard application security testing application stores tests all applications submitted to them and provide developers with instructions on fixing vulnerabilities.

However, this model does not consider that in the mobile ecosystem, applications are not isolated from one another. Their libraries and logic coexist with those of other apps. App store’s implied security model overlooks the possibility of different behaviors of various libraries within the same mobile stack, leading to three major threats:

  • Malicious Modifications: Applications’ libraries can be modified to be malicious through repacking, which reverse- engineers and rebuilds the library to introduce harmful behavior.
  • Masquerading Libraries: Adversaries can create libraries that masquerade as existing ones, overtaking their For example, they use the same namespace as the legitimate library, as seen with the notorious DavidKungFu malware that uses names like com.google.ssearch and com.google.update to pretend to be legitimate.
  • Aggressive Behavior: Even legitimate third-party libraries can have aggressive behavior, such as collecting the device owner’s email address. The major problem is that most library-centric security threats cannot be adequately addressed by malware-detection software, anti-viruses, and anti- repackaging techniques.

To ensure the security of our device, we have tested all libraries used by our system applications, both in isolation and within the mobile ecosystem. We have also taken rigorous measures to harden library security and introduce a further defense layer through additional device encryption.

 

NO LOCATION TRACKING

A known technique for tracking device location is through utilization of Silent SMS or Silent call attacks. Those techniques are very effective since al smartphone devices have enabled those services, with the capability to execute SMS and calls without notifying the user.

Even if users have disabled their location through their settings or policy, they are still vulnerable to the attack, since the disabling of location services only prevents the API calls to fetch location from executing,.

Instead the Silent SMS and Silent Call attacks help adversaries triangulate the device location by seeing which towers they are pinging on incoming SMS/Call.

Secure OS allows users to disable phone and SMS services on a OS framework level. By disabling those services, they have a guarantee that no SMS or calls will go through, even if initiated by the most sophisticated software.

 

ENCRYPTED BACKUP

People face challenges when managing their on-device data due to the lack of control over data when it’s backed up to the cloud. Current solutions either cannot perform a full device backup (third-party cloud apps) or back up everything without giving users full control or transparency over the process (system backup software of consumer-grade smartphones). Many people are opting out of their data backups due to the risks or complexity of it, risking to lose their most valuable digital assets in case of phone malfunction or theft.

Secure OS supports full device backup and restore functionality through its backup manager feature. The device backup is stored on the self-hosted MDM server, fully encrypted with user-generated keys, ensuring that it cannot be decrypted in transit or at rest. Users can easily delete the backup to guarantee confidentiality.