Gryphn Trumps Sexting with Security

Posted on 22 Jan 2013 in Awareness, BYOD, Cyber Security, Press, Security 0 Comments

We had some fantastic questions and comments in response to our press this week that deserved public answers. As a security company we recognize that people trust us when they use our product. We want to reciprocate this trust by offering transparency in our processes. Please feel free to add any more comments or questions  you may have

“Great idea – my wife is a middle school principal. It’s amazing the things teens are sending via SMS and their ignorance about its lasting impact and potential for broad distribution. Snapchat is clearly targeted to this younger group and if it (Gryphn) can save just one person from disastrous embarrassment, I’m all for it.” – Shopilly (TechCrunch)

Protecting teens from sexting mistakes? Sure, we can roll with that. The same security that protects a soldier’s mission critical image from being intercepted in transit, downloaded to a computer, forwarded, saved, screenshot-ed, decrypted or shared will also protect a teen from having their ill-advised image uploaded to Facebook.

“And this is necessary for life because why exactly? So teens can sext each other. Wow, I want to invest in this company. Where do I put my money? Maybe the company founders just want to see a lot of user generated porn.” – Darth (Business Insider)

User generated porn? This is (by far) our favorite comment. Our users include SWAT, local law enforcement and first responders. While we’re sure there’s a fetish for that, we don’t hold the keys to decrypt people’s messages. Or have the ability to see them. Or to give anyone access to them. Even under duress. Our patent-pending public/private encryption key exchange makes it impossible for ANYONE other than the sender and recipient to access or view the contents of even one single message encrypted and sent through our app. Yes, even if it’s porn. Yes, even if it’s really good porn.

“(This works) until people start taking pictures of their phones with other peoples’ cameras…” – Evan (Business Insider)

Yes. Absolutely true. For healthcare, financial and law enforcement (and eventually government), the concern is in knowing who is accessing these images. In whose hands does the phone rest? We achieve this currently through a passcode on the app itself and, eventually, with technology that… has already been used in beta by some of you. This last point in particular is, perhaps, proof that, despite the amusing moniker that some of our press bestowed upon us, our target market is not those looking to macgyver a sexting app, but those who are required to encrypt digital messaging to satisfy the legal requirements of their regulated industry.

“If this is developed in the US, it must be CALEA-compliant, and in that case the company has to store either plaintext conversations, or decryption keys, on its servers, to furnish to law enforcement whenever asked. In that case the first successful break-in into their infrastructure would give the attacker keys to information that is thought to be secure.” – prostoalex (Pandodaily)

Actually – your conversations never flow through Gryphn’s servers, and the encryption is performed by you, the individual, and not by Gryphn. Gryphn maintains Public Keys, but the corresponding Private Keys reside with the user. From: http://paranoia.dubfire.net/2011/02/deconstructing-calea-hearing.html (and other sources) — “US law is surprisingly clear on the topic of encryption — companies are free to build it into their products, and if they don’t have the decryption key, they can’t be forced to deliver their customers’ unencrypted communications or data to law enforcement agencies

These are good questions, comments and thoughts, but this is only the beginning. Please add any other questions you would like to see answered in the comments below.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

Gryphn Secure Text Messaging: Our Recent Update

Posted on 18 Jan 2013 in Android, Gryphn Secure Text Messaging, Media Roundup, Press, Startup 0 Comments

Our latest release has seen us juxtaposed with Snapchat and Facebook poke. Our image self-destruct feature and corresponding media encryption and disabled screenshot security additions have seen us called “totally secure”. We’re a proud bunch here at Gryphn. Check out our new features in the video below!
-

The Press

Gryphn Updates Secure SMS Platform To Better Compete With Facebook… - TechCrunch
These text messages will self-destruct in five, four, three, two… - Upstart Business Journal
Gryphn updates secure SMS platform – Washington Business Journal
Gryphn Is An App That Will Let You Send Sexts And Actually Get Away… - Business Insider
Gryphn Launches Self-Destructing Text App That Solves the Security… – In The Capital

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

DC’s Hottest Tech Startup: Gryphn

Posted on 7 Jan 2013 in Media Roundup, News, Press, Startup 0 Comments

A hilarious and heartfelt interview with the team

http://storify.com/GryphnCo/dc-s-hottest-tech-startup-gryphn

mHealth 2012 Recap: Doctors are Texting and Healthcare Wants Protection from HIPAA Violations

Posted on 14 Dec 2012 in ArmorText, BYOD, Healthcare, HIPAA, News, Press 0 Comments

HIPAA text messaging for Doctors and healthcare encrypted

Our presence at the mHealth Summit 2012 was a great success. We were offered and took advantage of a booth in the primary and startup pavilions, receiving press for both. Our two locations were advantageous as we were able to funnel interested parties from our startup table to our relaxing couch and charging station in the main area. Our product was featured on camera, and we managed a flood of interested healthcare and healthcare related companies.

We learned more about our market, straight from the providers, users and practitioners themselves. Though aware of the risks, Doctors are still texting. They are downloading any text messaging app available on the app store that claims to secure text messaging and be HIPAA compliant. Providers, threatened with HIPAA related fines up to $4.3M, are interested in creating a cohesive policy, managing risks to confirm the safety of PHI and thus of HIPAA compliance. Representatives were searching for texting best practices, comparing and contrasting various secure texting options available on the market in order to make a recommendation to implement as policy. Here is a sample of our comparison, focused exclusively on usability. If you are interested in our comparisons in the basic and advanced security departments, please contact us.

encrypted text messaging comparison chart armortext whatsapp Tigertext

 

We received requests for protecting and tracking Doctor-patient text messages and their affect on patient behavior. Do patients that receive messages from their doctor have a reduced number of in-office visits? Some research regarding increased contact via mobile device suggests so.  We have developed our solutions specifically to adhere to HIPAA guidelines and are open to development solutions and applications in the Doctor-patient relationship. We are currently conducting pilots, let’s see how we can work together.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

Text Messages Are Not Private Under The Freedom Of Information Act

Posted on 8 Nov 2012 in ArmorText, Enterprise, FOIA, Press, Security 0 Comments

 

If you hold public office, your text messages with your wife, your husband, or your children are public property. Any text message you send, personal or business related, is accessible to the public under the Freedom of Information Act (FOIA). When the FOIA was enacted in 1966, it could not account for today’s technological advances, especially concerning text messages.

FOIA In The United States

Politicians and other public figures have had their text messages exposed as a result of FOIA. The political scandal involving Detroit Mayor Kwame Kilpatrick, in 2007, made headlines when The Detroit Free Press requested all records, including text messages sent from his government-issued device, be released to the public under FOIA. Information obtained from his text messages revealed an on-going affair with his Chief of Staff, Christine Beatty and their use of city funds for their romantic getaways. The messages disclosed how they conspired to fire Police Chief Brown, who was investigating Kilpatrick’s illegal activities and the corruption in his office, including racketeering, bribery, conspiracy, and extortion.

FOIA Reveals All

With the public’s right to access records, it has exposed the wasteful spending of our government in numerous documents. E-mails obtained through FOIA revealed that the Solicitor General’s office planned to groom Elana Kagan to ascend to the Supreme Court. A ruling in Illinois determined that text messages on government-issued or personal phones are considered public record, if business is conducted on their personal phone. According to the FOIA, all written text is public property.
In the Kilpatrick scandal, the public deserved to know how their elected official was running their government. Our elected officials are people too and should have the right to privacy in their personal and family lives, despite their career. In cases like these, there needs to be a way to distinguish between what information the public has the right to access and what information must remain private.

Freedom of Information Is World-Wide

The idea of Freedom of Information is not just a U.S. law that affects our elected officials, but it spans internationally as well. The latest scandal involves, British Prime Minister, David Cameron, who has been urged to publish his text messages with News International Chief Executive, Rebekah Brooks. Several of his personal messages were made public, stemming from a 2009 phone-hacking inquiry from Rebekah Brooks herself. The Prime Minister was granted some right to privacy since they didn’t publish the messages that could be embarrassing to P.M. Labour MP Chris Bryant stated that ordinary public members would consider all of the text messages sent by the Cameron to be relevant in determining the nature of their relationship. As a result, no text message would be safe from public record.

ArmorText Protects You and Your Loved Ones

Gryphn’s ArmorText is the secure solution for elected officials to keep their personal life private. Our secure, text-messaging app erects a barrier between your personal and professional communications, so you can conduct both appropriately on a single phone. FOIA requests that pull data from text messages on carrier servers would only have access to the encrypted version of your texts. As a public official, you have the right to privacy in your personal and family life. With the help of ArmorText, you can shield your family’s personal communications on the same phone you use to fulfill your public duties.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

NIST Releases New Draft For Securing Mobile Devices

Posted on 5 Nov 2012 in BYOD, Enterprise, Mobile Development, NIST, Press, Security 0 Comments

The National Institute of Standards and Technology (NIST) released a new draft titled Guidelines on Hardware-Rooted Security in Mobile Devices and are requesting comments from the public until December 14.

“This document is intended to accelerate industry efforts to implement security capabilities that can provide a higher degree of assurance of the trustworthiness of the device.”

NIST released this guideline in the wake of emerging technologies and the trend among businesses towards BYOD (Bring Your Own Device). Employees are bringing their own devices to access corporate enterprise services, data, and other work-related resources, a trend that has surpassed the use of organization-issued devices. The BYOD system can reduce costs for the enterprise and is more convenient for employees. To properly integrate BYOD into a secure system, enterprise needs to be cautious and verify that the mobile devices are secure enough for business use.

A company needs methods to test mobile devices brought in by employees to determine if they can adequately protect the organization’s information. Companies need to verify that the device itself has the capacity to follow their policies and that the device has not already been compromised. There is the need to verify that the device can be authorized to access the organization’s data and that the stored data from the organization will remain protected during access and on the device afterwards.

The guideline draft proposes that mobile devices should be required to contain these security elements:

  • Roots of Trust (RoTs): RoTs combine the hardware, firmware, and software components of the mobile device that are intended to provide crucial security features with the confidence that they will perform properly. The security needs to implemented in their design. The devices need to contain these specific RoTs:
    • Root of Trust for Storage (RTS)- ability to securely save and manage business information with protected storage and interface
    • Root of Trust for Verification (RTV)- protected engine and interface to authenticate digital signatures related to software/firmware
    • Root of Trust for Integrity (RTI)- provides protected storage, integrity and interface to store and handle assertions.
    • Root of Trust for Reporting (RTR)- provides a protected nature and interface to control identities and sign assertions.
    • Root of Trust for Measurement (RTM): works with the RTI and RTR to provide protected measurement used by assertions
  • An application programming interface (API) to expose the RoTs to the platform: RoTs need to establish a chain of trust for user apps by being introduced to the device and OS. Mobile apps typically use the security functions provided by the RoTs to locally save cryptographic keys.
  • A Policy Enforcement Engine (PEnE): Facilitates the processing, maintenance, and administration of policies on the mobile device. The PEnE lets Information Owners of the device to control the information allowed; it also permits them to set the necessary conditions required for storing and sharing the information on the device, network, and policy.

The draft also recommends that the mobile devices contain these key security abilities. Device Integrity, to ensure there isn’t corruption in the hardware, firmware, or the software. Isolation to avoid any accidental contact between Information Owners on the same device. Thirdly, Protected Storage that sustains the confidentiality and integrity of the important data on device while in use, in rest, and with access cancellation.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

 

Veterans Affairs Chooses an MDM: A First Step Toward Modern, Secure Communications

Posted on 9 Oct 2012 in Android, Apple, ArmorText, ArmorText applications, BYOD, Enterprise, Healthcare, HIPAA, News, Press, Security 1 Comment

[The CIA triad (confidentiality, integrity and availability) is one of the core principles of information security]

 

Veterans Affairs chooses an MDM, announcing a contract for anything-but-Blackberry mobile device management, a boon to stressed and dated healthcare IT departments. Hospitals and doctors around the country have transitioned into the 21st century with new technologies and devices: 393,000 board certified doctors will communicate via text message during this workday[2], while security implementations meeting regulatory compliance are trailing badly behind these trends i.e. the majority of these text message communications are unsecured. Data breaches cost hospitals $6 billion annually yet 70% of hospitals say protecting patient data is not a top priority. Patients are typically the first to detect data breaches at healthcare organizations, with the majority of these organizations employing less than two staff members to manage data protection[1].

Past failures with BlackBerry, which have led the VA to evaluate other platforms, have stemmed from availability issues with server-based messaging solutions like RIM’s BlackBerry Messenger (BBM). Apple iMessage also experienced recent downtime from server failure, resulting in messages transiting without encryption in a recent security snafu.

“The right solution for the VA isn’t as simple as something that works cross-platform among Android, iOS, and Windows Mobile.  There is more to security than just encrypting data stored on a device. You have to consider how messages and data are moving outside and transiting networks.  Any competent solution must evaluate confidentiality, integrity, and availability beyond the device itself,” says Bobby Saini, CMO at Gryphn Corporation.

The VA’s move to proactively address security issues and improve communication practices through an MDM solution is the first step of regulatory modernization. MDM will allow the 85% of doctors who bring their smartphones to work to use them as functional tools while still protecting the privacy and PHI of former soldiers and marines at VA treatment facilities.

However the MDM solution is only as valuable as the capabilities of the device it is designed to manage. Text messaging, in particular, is on the rise; 72% of IT decision makers expect secure text messaging to surpass pager use within 3 years[3]. Federal encryption standard compliant texting services on iOS and Windows devices are limited to server-based messaging solutions with similar vulnerabilities to BBM’s well documented failings. The most secure messaging solutions are focused on carrier-based network transmissions rather than data transit over the Internet and into the cloud, ArmorText being the only application on the market to provide an encrypted solution that fulfills all VA and other U.S. Government encryption standard requirements at the highest permissible levels while also transiting through the most ubiquitous and most often used means of mobile messaging – your everyday standard text message.  MDM solutions (such as Boxtone and McAfee) can be used in conjunction with ArmorText, but are not a requirement for implementation

The VA’s MDM is an excellent start, as is the cloud based app store that has been contracted through Longview International Technology Solutions.

In conjunction with an MDM contractor or as a standalone product, Gryphn is well positioned to serve as a messaging solutions provider with its unique ArmorText application for Android.  A single finger swipe allows users to exchange public encryption keys, encrypt text messages, and protect text, audio, video and picture messages from eavesdroppers, hackers and thieves.  ArmorText users are able to control how messages are disseminated in the future, the sender controls how the recipient can (or even if they can) copy, forward and soon expire content on the receiving device. ArmorText supports the CIA triad across all carriers and devices.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

[1] http://www.hcpro.com/CCP-258819-862/Hospitals-still-do-not-have-resources-to-prevent-data-breaches.html

[2] According to the 2010 census there are 661,400 physicians in the USA. According to the American Board of Specialties 85% are board certified. According to the 2010 census there are 661,400 physicians in the USA. According to the American Board of Specialties 85% are board certified= 562,190. 70% are texting = 393,533 conservatively

[3] http://portals.imprivata.com/ftp/marketing/Cortext/Healthcare_Texting_Survey.pdf

 

Update 11/13 – “IT organizations now recognize that standalone mobile device management (“MDM”) simply does not meet the demands of a fully-mobilized enterprise. In response, commodity MDM vendors are scrambling to bolt-on new mobile app security, containerization and perhaps service management features” – PRNEWSWIRE

10 Days of the RNC and DNC: The Fun Bits with Navroop and Aasif Mandvi

Posted on 28 Sep 2012 in ArmorText, Event, Media Roundup, News, Press, Startup, Team 0 Comments

 

Attendance at the conventions proved to be a huge success for Gryphn. Interest was generated from established media partners, Navroop ended up on stage with Arianna Huffington and in a multitude of photos. Steve Roberson, marketing executive from StartUpHire and American Airlines’ employees recognized Navroop from his photos with President Obama. American Airlines, connections from Navroop’s presentation at Meeting of the Minds, provided introductions and connections with other execs and startups in the event. Navroop was also approached by a globally diversified investment firm who had already heard of Gryphn and they were interested in learning more. At both conventions, Navroop met Aasif Mandvi, a correspondent from the Daily show. Aasif’s producer offered Navroop a spot in a convention related segment which Navroop declined in favor of a future opportunity with the production. Stay tuned for more info…

On the Fun Side:

All work and no play makes… well, you know how the saying goes. Navroop successfully combined business and pleasure at the conventions’ after hours. He mingled with political rockstars like Senator Lee of Utah who showed interest in using ArmorText, and prominent CEO’s like Scott Case and Arianna Huffington, all while enjoying performances from well-known musicians including Common and Flo Rida.  The ladies, as always, loving Navroop’s impeccable style, pulled him into a picture that was meant to feature Stephen Baldwin yet ended featuring Navroop (see below). The women from BET showed him love as well by teaching him the Electric Slide. While listening to Salt’N’Peppa live onstage, Navroop was also discussing ArmorText with some politicians from New York. Even when Gryphn plays, we’re still working. Navroop continued making connections and pitches over the weekend at his sister’s wedding. He had the chance to meet two potential angel investors from the medical profession and demonstrate ArmorText and some of our (TOP SECRET) upcoming enhancements.

A Pleasure at both the RNC and DNC

Such conventions are dense in creativity and opportunity. We developed multiple connections with other startups, opportunities in regards to investment and were offered a plethora of ArmorText applications through customer input. We truly believe that changing America is a partnership and, if we can return the favor for any of the companies mentioned or any other connection we made at the event, don’t hesitate to ask. Startups and partnerships are #Whatisworking in energizing America.

 

Others in the RNC/DNC ARMORTEXT FAN CLUB

Anna Eisenberg of Startup America
Julie Piotrowski Former speechwriter for Secretary Sebilious
Senator Sheldon – Security initiatives and bills within Congress
Aasif Mandvi – Daily Show Correspondent
Tie Global
Robin Richards, currently of internships.com and TweetMyJobs
Scott Case
Senator Lee (Utah)
Steve Roberson of Startup Hire
Wife of chief of staff of Senator who wants to remain anonymous who passed us on to office
State legislator rep (who asked to remain anonymous) while their office was working with homeland security and was on top of mobile concerns; he still had concerns about mobile messaging due to BYOD.

Download ArmorText

“Go from unsure to secure in 60 seconds or less — FREE with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

ArmorText: Encrypted Text Messaging for SWAT

Posted on 24 Sep 2012 in Android, ArmorText, ArmorText applications, FIPS, Mobile Development, Press 0 Comments

ArmorText: Encrypted Text Messaging for SWAT
Download today on Google Play.

 

http://storify.com/GryphnCo/armortext-protects-swat-teams

To Celebrate Apple’s iPhone 5 Release RIM Bows Out (With a 5 Hour Outage)

Posted on 21 Sep 2012 in Android, Apple, ArmorText, ArmorText applications, News, Press 0 Comments

BlackBerry burning - Armortext encrypted text messaging

RIM’s Blackberry service paved the way for smartphones to exist in industry, but their day has come and gone. On the day of the iPhone 5 debut, BlackBerry services were spotty or down for approximately 5 hours across Europe, the Middle East and Africa, RIM has said. The service outage did not affect voice calls or text messages but took down BBM, email and internet accessthe three key components for enterprise users.

This is by no means the first time. Last year a four day global disruption frustrated millions, and cost an estimated $8 Billion in productivity losses. Global technology specialists theorized that this would drive client companies toward the mushrooming #BYOD trend, a hypothesis that has proven all too true for RIM’s stock evaluation.

Last year from October 10 – 13, 2011, Blackberry experienced crippling worldwide outages that shut down email, calendar, and BBM (secure mobile messaging) functionalities.

 

40 M World Wide BB Users x 50% Enterprise Users x 4 Days of Sever Outage x 4 Hrs/Day of Lost Productivity (out of an 8 hour workday) x $25/HR Average Pay Per World Wide BB User = $8 Billion in Lost Productivity

 

Today 15 M BB Users in the affected areas x 50% Enterprise Users x 2.5 Hours of Lost Productivity (during a 5 hour Server Outage) x $25/HR Average Pay Per World Wide BB User = another half Billion in Lost Productivity

According to the analysts we’ve spoken to, these estimates are extremely conservative.

For big companies, BlackBerrys (were) the gold standard in security. But employees keep chipping away at the power of IT managers by bringing in their own phones and tablets – iPhones, iPads or devices powered by Google’s Android software and demanding to get their work email on them, said Ahmed Datoo, vice president of Zenprise Inc., which helps companies manage their cellphone fleets[1].

How many companies, government agencies and individuals have switched from Blackberry already?

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

 

[1] http://www.huffingtonpost.com/2011/10/15/blackberry-blackout-blackberry-outage_n_1012380.html

[2] http://www.tomshardware.com/news/RIM-BlackBerry-10-Thorsten-Heins-Android-BBM,16617.html

 

 

10/16/12 Update: The New York Times publishes an article on Blackberry Users ashamed of their devices.

10/24/12 Update: The Office of Immigration and Customs Enforcement is also dumping their contract with Blackberry.

11/01/12 Update: The Pentagon is jumping on the BYOD trend, bringing in iPhones, Androids, and complimentary security measures.

01/11/13 Update: Blackberry users on the Vodafone network aren’t receiving e-mails. Blackberry suffers yet another outage.