Whatsapp Security Issues Continue with International Investigations

Posted on 29 Jan 2013 in News 0 Comments

Whatsapp unsafe

Whatsapp Messanger Downloads (Green = highest penetration rates)

Whatsapp messanger has crossed  7 billion inbound messages a day just this year, making the app one of the most popular apps in the world. All this use has drawn attention to security issues that crop up on nearly a monthly basis.

Most recently, Investigations by Canada and the Netherlands have shown that the app is uploading contact lists from users’ phones to Whatsapp servers and failing to delete them even after users had deleted the service.

Whatsapp issues began with WhatsApp Sniffer on the Google Play store (removed) that allowed users to intercept WhatsApp messages directly and Whatsappstatus.net (removed) which allowed users to change the status message of… anyone. Passcodes and authentication were generated from information that was often written on the phone itself (in the case of android, it is on a sticker on the inside of the phone by the battery) and can be obtained extremely easily. If you are using the device on a public WiFi, the information broadcasted can be used to take over your WhatsApp account. If you are using the app on your iPhone, the hackers can grab your phone number.

(Whatsapp Unsafe)

Other issues include:

10/9/12 Update: Whatsapp “encryption” hides your data, but does not protect it. A measure defended as “commercial reasonable effort”.

11/30/12 Update: A hack out of Heise Security generates users’ passwords from the phone number and and the phone’s serial number.

12/11/12 Update: Cat and mouse game of Whatsapp security continues, with updates that still don’t close the gap.

01/23/12 Update: Whatsapp partially solves security issues investigated by the Hague.

 

Be sure, with Secure messaging from Gryphn: Upgrade your Texting Experience

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

DC’s Hottest Tech Startup: Gryphn

Posted on 7 Jan 2013 in Media Roundup, News, Press, Startup 0 Comments

A hilarious and heartfelt interview with the team

http://storify.com/GryphnCo/dc-s-hottest-tech-startup-gryphn

States Can’t Agree on Smartphone Privacy: Businesses Protect Themselves (continued)

Posted on 26 Dec 2012 in Android, Apple, ArmorText applications, BYOD, Enterprise, News, Security, State Texting Laws 0 Comments

States can't agree on smartphone security law use armortext encrypted text messaging

Continued from last week…

Overcoming uncertainty

To view the mobile security and privacy problem in management terms, consider that businesses generally dislike uncertainty of any kind.  But the mobile revolution and resulting patchwork quilt of search and seizure laws across borders suggests plenty of businesses have zero certainty about whose hands their data could fall into.  Once an unencrypted device is imaged, there is no going back.  It is impossible to know with certainty how law enforcement authorities here or anywhere will parse patent drawings; budget spreadsheets or acquisition plans while searching for evidence.  There are too many variables. Even if we assume authorizes will act in good faith and take measures to respect confidentiality, encryption is a far better bargain for applying controls over information, particularly if you are a lawyer worried about attorney-client privilege or work in an industry subject to tough data protection regimes.  As mobile device searches become increasingly routine enterprise data swept up in evidence searches – “caught in the crossfire,” if you will – may have to be deemed “compromised,” if only for practical purposes.  

The way forward

Companies need to monitor the global regulatory picture closely.  The best defense, of course, is to compartmentalize access and information.  A salesperson headed overseas does not need to carry your patent portfolio through border crossings.  But except for these kinds of obvious cases, reconfiguring devices and networks around today’s shifting job roles and travel is tedious and impractical.  Plus, when you strip-down handhelds to the point where they become safely “expendable” you start to offset the business value of all these great tools and connectivity.  Why not build a standardized mobile security profile with encryption instead and let users bring the apps they need to be productive?  Senior executives need to lay the foundation here by looking at requirements, risks that can be tolerated and mitigating them as far as possible.

On the technology side, mobile encryption is a powerful tool to tactically deploy in your plan.  To securely harden many common types of smartphones quickly, look for encryption tools that to not require cumbersome hardware accessories or multi-tasking between apps just to read e-mail. Such ease of deployment positively empowers users and helps different types of devices in a company to benefit from consistent protection.  Users of different hardware that all run some version of Android, for example, can in most cases go to the same app storefront and pull down their own security software.   As technology rewrites our legal and societal perceptions of trust, privacy and security, businesses and consumers should expect continued legal dust-ups and uncertain times.  Often the only recourse is to seize the initiative by taking proactive control.  In this spirit, armoring-up your smartphone is easily done and could spare your company and career from needless future worry and pain.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

mHealth 2012 Recap: Doctors are Texting and Healthcare Wants Protection from HIPAA Violations

Posted on 14 Dec 2012 in ArmorText, BYOD, Healthcare, HIPAA, News, Press 0 Comments

HIPAA text messaging for Doctors and healthcare encrypted

Our presence at the mHealth Summit 2012 was a great success. We were offered and took advantage of a booth in the primary and startup pavilions, receiving press for both. Our two locations were advantageous as we were able to funnel interested parties from our startup table to our relaxing couch and charging station in the main area. Our product was featured on camera, and we managed a flood of interested healthcare and healthcare related companies.

We learned more about our market, straight from the providers, users and practitioners themselves. Though aware of the risks, Doctors are still texting. They are downloading any text messaging app available on the app store that claims to secure text messaging and be HIPAA compliant. Providers, threatened with HIPAA related fines up to $4.3M, are interested in creating a cohesive policy, managing risks to confirm the safety of PHI and thus of HIPAA compliance. Representatives were searching for texting best practices, comparing and contrasting various secure texting options available on the market in order to make a recommendation to implement as policy. Here is a sample of our comparison, focused exclusively on usability. If you are interested in our comparisons in the basic and advanced security departments, please contact us.

encrypted text messaging comparison chart armortext whatsapp Tigertext

 

We received requests for protecting and tracking Doctor-patient text messages and their affect on patient behavior. Do patients that receive messages from their doctor have a reduced number of in-office visits? Some research regarding increased contact via mobile device suggests so.  We have developed our solutions specifically to adhere to HIPAA guidelines and are open to development solutions and applications in the Doctor-patient relationship. We are currently conducting pilots, let’s see how we can work together.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

DoD App Store Coming To A Smartphone Near You

Posted on 14 Nov 2012 in ArmorText, BYOD, Cyber Security, Enterprise, News, Security 0 Comments

 

 

Back in July, we discussed Mobile Device Solutions for the Department of Defense (DoD). We are still waiting for the DoD to release its mobile device implementation plan, but the Defense Information System Agency (DISA) has announced they are looking for a mobile device management (MDM) software and an enterprise mobile application store that will be able to support more than 250,000 mobile devices. The military has a longstanding relationship with DISA as their network service provider

“The mobility implementation plan is a way for the DoD to take advantage of where the rest of the world is going with mobile communications,” Air Force General Robert E. Wheeler said.

The benefits of BYOD driving many industries to implement such plans remains the same: reduced costs, increased security, and a productivity boost. This new strategy could completely enhance the functionality of the DoD, “allowing the department to move faster, make decisions quicker, stay ahead of adversaries, and make better business decisions.” This is all well and good as long as security concerns are appropriately managed. One security breach on a national or international level would nullify all cost savings and productivity gains.

The DoD’s enterprise-wide mobile strategy will center around DISA. DISA claims that the MDM and app store will eventually be able to meet all of the military’s requirements. To go along with the MDM, the DoD has categorized three types of devices that will go through the authorization process.

  1. Devices that never need to connect to the DoD network, for example this may include tablets used by a pilot that contain checklists and charts.
  2. Devices that connect to the unclassified networks, for example commercially available devices like iPhone and Android.
  3. Devices that connect to the classified network; some of the previous devices may meet this requirement as well.

The mobile devices available to have the public have countless applications and if approved by DoD standards, users will be available to use one phone on the DoD classified and unclassified networks. The approved devices would also have the ability to download any mandatory apps from a DoD app store.

The DoD has a strong desire to adapt to commercial mobile technology, by having its own app store. Specialized apps for critical communications or processes could be approved, developed and deployed within three months.

“As new technology comes out we need to take advantage of that new technology and move with that new technology to keep our stuff more secure,” Wheeler said. “So, waiting two, three, four years to approve something is something that would actually hurt our ability to do the mobility implementation plan.”

ArmorText is a new technology that could be beneficial to the DoD app store and the DISA MDM Plan. It is a secure text messaging app that can be used regardless of “security clearance” associated with classified and nonclassified networks. Every employee at the DoD should be using ArmorText to encrypt their text messages.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

Government, Industry, and Enterprise Switch from Blackberry to BYOD

Posted on 2 Nov 2012 in Android, Apple, ArmorText, BYOD, Cyber Security, News 0 Comments

Enterprise switch from blackberry to gryphn armortext encrypted text messaging with BYOD

Government, Industry, and Enterprise Switch from Blackberry to BYOD

More companies, enterprises and government agencies are turning from Blackberry toward BYOD. Most recently the Office of Immigration and Customs and the Pentagon, dumped their contract with Blackberry and brought in iPhones, Androids, and complimentary security measures, respectively.

Discerning appropriate security measures is similar to protecting against HIPAA violations: It depends heavily on the data that needs to be protected and the methods by which that data is interacted with – determinations that need to be made before allowing BYOD.

BYOD policy basics

The White House also moved away from Blackberry with their most recent Digital Government Strategy, released in May, laying out security standards for a bring-your-own device policy. Most notably Obama has been featured for BYOD, as he insisted, originally, in bringing his Blackberry to work, and now has an altered and neutered iPad on which he reads his daily briefs.

 

Individuals, Government, and Enterprise Switch from Blackberry to BYOD

Enterprise

Napa County switches to BYOD

DLA Piper

Qantas will replace 1300 BlackBerry phones with iPhones.

IBM

DELL

Haliburton switched from Blackberry to iOS

Clorox

Standard Chartered

AstraZeneca Plc

Thames River Capital UK

The Pentagon (see above)

Office of Immigration and Customs (see above)

The White House (see above)

Veterans Affairs

 

Individuals

Andrew Mills, a child abuse investigator for the state of Arkansas.

Fritz Nelson Executive Producer of TechWebTV switched from Blackberry to iPhone (and android) as the IT department recently allowed it.

Dr John D. Halamka switched from Blackberry to iPhone. “I’m seeing a slow death of Blackberry. We have about 400 people still on the Blackberry Enterprise Server. I imagine as contracts expire more will jump to iPhones and Androids. We lose 5-10 Blackberry accounts per month.”

John Kleinschmidt founder and operator of DataOutages.com andDataOutageNews.com switched from a blackberry to an iphone

Robert Burkhart, the director of new technology innovation at Nationwide Mutual Insurance, tells the news organization that employees at his company started migrating from BlackBerry devices to iOS and Android devices last year because he “could see that RIM started to decline.”

Jon Williams - CTO at Experian CheetahMail switched to Droid PRO

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook
Data courtesy of http://www.e-janco.com/index.htm

October: National Awareness Month – Cyber Security

Posted on 27 Oct 2012 in Cyber Security, Mobile Development, News, Security 0 Comments

October might as well be called National Awareness Month. As this month draws to an end, it is important to recognize the various causes associated with this month. There are over 15 different national observances in the U.S. alone. The majority of these observances are health related, the most popular or most known probably being Breast Cancer Awareness Month. Others recognized are Pregnancy Loss and Infant Loss, Infertility, SIDS, Spina Bifida, Physical Therapy, Lupus, Dental Hygiene, Domestic Violence, Rett and Down Syndrome. Aside from health and violence issues, this month celebrates Clergy Appreciation, Filipino American History, the Arts and Humanities; and finally, the National Cyber Security Awareness Month (NCSAM).

“Cyber threat is one of the most serious economic and national security challenges we face as a nation. America’s economic prosperity in the 21st century will depend on cyber security.” – Barack Obama

Our technology – computer, laptop, tablet, smartphone – driven world multiplies out vulnerabilities to cyber attacks. NCSAM was established to inform both public and private sectors about cyber threats and security practices mitigating these risks. Here are a few tips on how you can remain cyber secure!

General Guidelines

  • Always use a secure password and keep it to yourself. Passwords should be updated regularly and hard to guess. Stay away from using personal information like name or birthday in your password.
  • Keep your operating system, browser, anti-virus and other critical software up to date.
  • Back up your computer regularly.
  • Do not share access to your computer with strangers

Email

  • Disable attachments from automatically downloading
  • Save and scan all attachments before opening for any viruses.

Social Media

  • Be cautious as to what information you are posting about yourself. Never display personal information like your address or even your daily schedule.
  • Use the privacy and security settings to restrict what information is shared with the general public online.
  • Keep your guard up with strangers or anyone you meet online. Be aware that they may give you misleading or false information.

Mobile Device

  • Treat your mobile phone like you would your computer. Only access the internet over a secure, protected network.
  • Be wary of any unknown links or requests sent through text message or email. Don’t open unknown links or answer questions sent to your device, no matter who the sender is.
  • Only download trusted applications from reliable sources.

Business

  • Restrict access and secure the personal information of employees and customers to prevent identity theft.
  • Be cautious of all unsolicited contact from someone looking for internal organizational data or private information.
  • Always report any suspected data or security breaches to the proper authorities.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

 

[1]http://www.dhs.gov/national-cyber-security-awareness-month

 

 

Apple iMessage Down – Regulated Industries Exposed

Posted on 26 Oct 2012 in Apple, Enterprise, News, Security 0 Comments

iMessage Down – Why Does It Matter?

iMessage Down Use ArmorText Encrypted Text Messaging Service

 

iMessage down since 5pm EST and is still down for many consumers as evidenced by twitter status updates.

Update: Continuing independent testing shows that iMessages are now being automatically switched to SMS texts[1].

iMessage Down – Regulated Industries, Such As Healthcare, Exposed

The iPhone has been considered a potential replacement in part because enterprise looked to diversify from the single point of failure Blackberry has become infamous for. It seems iMessage suffers from similar issues. Sporadic outages were also reported on July 22nd, and Sept 17th of this year.

It has been suggested that iMessage is a possible HIPAA compliant solution, allowing for encrypted messages to be sent between patients, doctors or other healthcare professionals. However, when iMessage fails to send, it is now confirmed it automatically reverts to a regular text message which is not encrypted. This fail-safe program for delivery is not sufficient for use in finance, healthcare or other heavily regulated industries where both the security AND deliverability of the message are of legal paramount.

More Details on iMessage Problems in Regulated Industry.

Other iMessage troubles.

Even if you use the extremely popular Whatsapp, which is not currently down, the slew of security issues and breaches should give you pause.

iMessage Down and Whatsapp is a poor replacement

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook
11/18/12 UPDATE: Apple’s iMessage and FaceTime experiencing another disruption for “some users”
10/29/12 UPDATE: FaceTime and Game Center also down, joining iMessage just in time for Apple’s quarterly earnings report.

[1] http://appleinsider.com/articles/12/10/25/apples-imessage-down-for-many-ios-and-os-x-users

Text Messages As Evidence In Court? California and Ohio

Posted on 17 Oct 2012 in Evidence, News, Security, State Texting Laws 0 Comments

text messages as evidence in court california ohio gryphn armortext encrypted text messaging

Text messaging – we all do it and it has even become second nature to us, but have you ever thought about your text messages being admissible into court as evidence? Do your text messages contain sensitive information that might get you into trouble? Some state courts have ruled that text messages can be used as evidence without a search warrant or subpoena. Do you know how your state rules on this?

“Under U.S. Supreme Court precedent, ‘this loss of privacy allows police not only to seize anything of importance they find on the arrestee’s body … but also to open and examine what they find,’ – [California] state court in a 5-2 ruling.

California

Californians if you’re planning on getting arrested then you better make sure you don’t have any incriminating text messages. Last year the Supreme Court of California ruled that police officers can legally read a suspect’s text messages on their cell phone without a warrant in California v. Diaz . This ruling came about after a man in California was arrested for selling drugs to a police informant. Police confiscated his cell phone and discovered incriminating text messages connecting him to drug sales. In making this decision they ignored the vast amount of data that can be stored on a phone, but considered it the same as searching through your personal pockets or bags.

Ohio

Ohio, on the other hand, has taken the opposite stance and requires a warrant to search a cell phone carried by somebody under arrest. In the case Ohio v. Smith, police used an informant to call Smith to set up a drug deal. After the police arrested Smith, they searched his cell phone and used this as evidence at the trial. The Ohio State Supreme Court overturned this decision and claimed that people have a right to privacy on their cell phones due to the large amount of information that can be stored. Argued that a cell phone is more like a laptop computer than just a bag, therefore a search warrant is required.

Two states, two very different views on the same subject. The U.S Supreme Court has been silent on this very issue and left it the states to decide case-by-case, but in order for a standardized resolution it may be time for the Supreme Court to speak up. Will they rule that it is acceptable to use text messages as evidence in court or that text messages are protected by the 4th Amendment?

 

Stay tuned for our next installment in the state by state texting exposé!

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

 

[1] http://www.sfgate.com/crime/article/Court-OKs-searches-of-cell-phones-without-warrant-2533990.php#ixzz295k92NWM
[2] http://www.forbes.com/sites/kashmirhill/2011/01/04/why-your-cell-phone-is-more-private-in-ohio-than-in-california/2/
[3] http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=2431&issue_id=72011
[4] http://stopthedrugwar.org/chronicle/2011/jan/05/california_supreme_court_okays_t

Gryphn Tackles Mobile Security Threats: App Hacking, Mobile Payments, and Wi-Fi

Posted on 11 Oct 2012 in Enterprise, News, Security 0 Comments

Protect yourself from mobile security threats with ArmorText Encrypted Text Messaging

Gryphn Takes Care Of Your Mobile Security

App Hacking

The News: Researchers at the U.S. Naval Surface Warfare Center have discovered a way to utilize malicious software to remotely operate a smartphone’s camera and manipulate it to spy on the phone’s user.

The App: PlaceRaider

The Mobile Security Threat: This is the first known malware that can be used to take advantage of the high definition cameras on every smartphone. “Remote Burglars” can use this app to virtually steal any objects visible to the camera like financial documents or private information. While this app was created for only research, if leaked into the wrong hands it could easily be disguised as an App and unknowingly downloaded by consumers.

 

Mobile Payments

The News: A security expert created an App on his Samsung Nexus S that allows him to steal a credit card by simply waving his phone over a wallet. He can then walk into any store and make a purchase using your credit card from his smartphone.

The App: No app or smartphone required from you, just carry your wallet in your back pocket.

The Mobile Security Threat: Luckily the App creator isn’t a thief, but paid to find weaknesses with wireless payment technologies…lucky this time. The threats associated with Apps like this are unlimited and with the use of mobile payments increasing, targets will increase too.

 

Wi-Fi

The News: Any mobile device that uses Wi-Fi and connects to Wi-Fi hotspots for internet access is open to various security issues. Most mobile devices don’t have security features that can protect against Wi-Fi threats

The App: Numerous – Firesheep and Sniffpass are two examples of Apps that can watch and steal credentials to login to unsecured sites or services.

The Mobile Security Threat: Since the majority of Wi-Fi hotspots aren’t encrypted, it allows anyone within reach to spy on the data you send and receive from the internet and your mobile device. These data snoopers can see your online banking information and other delicate transactions when using Wi-Fi.

 

Blackberry RIM Problems

The News: Blackberry Services were down for about 5 hours across Europe, the Middle East, and Africa. They conveniently went down the day the iPhone 5 made its debut. The Blackberry outage did not affect calls or text messages, but it took down BBM, email, and internet access.

The App: Anyone who owns a Blackberry.

The Mobile Security Threat: As a regular user, none, but for enterprise users it can result in a hefty financial loss. Last year a four day global disruption frustrated millions, and cost an estimated $8 Billion in productivity losses..

 

See More Mobile Malware Apps…

 

Life Saving

The News: During emergencies, more and more people are turning to Apps for Information. Today people can easily download an App to their smartphone that can be used as a source of information for paramedics and other first responders at the scene of an accident, crime, or disasters. These Apps can provide life-saving information.

The App: ICE (In Case Of Emergency) stores your driver’s license picture, emergency contact information, medical history, and more.

The Mobile Security Threat: Not all Apps and technological advances involving phones are a threat, but it is important that you understand how to properly use them. While this app is designed to help save your life, if your smartphone ended up in the wrong hands what personal information would you want them to know? You should only store pertinent medical information including allergies, illnesses, and your medications in your medical history. Managing the threats that go along with these benefits is an important topic that doesn’t get enough press. That’s why we’re here, to show you how to enjoy the advances while blocking the distresses. You’re Welcome.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook