Whatsapp Messanger Downloads (Green = highest penetration rates)

Whatsapp messanger has crossed  7 billion inbound messages a day just this year, making the app one of the most popular apps in the world. All this use has drawn attention to security issues that crop up on nearly a monthly basis.

Most recently, Investigations by Canada and the Netherlands have shown that the app is uploading contact lists from users’ phones to Whatsapp servers and failing to delete them even after users had deleted the service.

Whatsapp issues began with WhatsApp Sniffer on the Google Play store (removed) that allowed users to intercept WhatsApp messages directly and Whatsappstatus.net (removed) which allowed users to change the status message of… anyone. Passcodes and authentication were generated from information that was often written on the phone itself (in the case of android, it is on a sticker on the inside of the phone by the battery) and can be obtained extremely easily. If you are using the device on a public WiFi, the information broadcasted can be used to take over your WhatsApp account. If you are using the app on your iPhone, the hackers can grab your phone number.

(Whatsapp Unsafe)

Other issues include:

10/9/12 Update: Whatsapp “encryption” hides your data, but does not protect it. A measure defended as “commercial reasonable effort”.

11/30/12 Update: A hack out of Heise Security generates users’ passwords from the phone number and and the phone’s serial number.

12/11/12 Update: Cat and mouse game of Whatsapp security continues, with updates that still don’t close the gap.

01/23/12 Update: Whatsapp partially solves security issues investigated by the Hague.

Be sure, with Secure messaging from Gryphn: Upgrade your Texting Experience

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Unlike the iOS App Store, the Google Play store is a much more open and accessible marketplace. This makes it easier to develop for Android, but it also means that users are vulnerable to malware and viruses posing as useful or fun apps.

Even if you haven’t  downloaded an app from the Play store yet, your phone is still extremely vulnerable to loss or theft. It’s likely you keep personal data, business correspondence, or even banking information on your device. How can you protect that data if the device goes missing?

People are trusting their devices with more personal data, while at the same time malware and viruses are becoming more ambitious and common. These two trends have been met with the rise of mobile security apps, protecting users from these exact threats.

Below are three apps that keep the user safe from most of threats to their data and mobile device.

Lookout Mobile Security (Free, with a Premium option)

The main threats for Android users exist on the Google Play store, which is why apps like Lookout exist. During setup, it scans your old apps for malware and viruses. After initial setup, it runs in the background, scanning new apps as they are downloaded.

Not only does Lookout provide basic malware protection, it also comes with several other security and peace-of-mind features. Upon logging in to your Lookout account on their website, you can locate the device on a map or make your phone or tablet “scream” (much louder than your ringer and works even if your phone is on silent). Premium users ($2.99/mo or 29.99/year) can also lock the device and wipe all data if it is permanently lost or stolen.

Lookout even backs up contacts, pictures and call history to the web portal, although picture and call history backups are only available to premium users.

Avast! Mobile Security (Free)

Where Lookout provides simplicity and ease of use, Avast! Mobile Security provides an utterly exhaustive feature set. In addition to securing you from malware and virus threats, you can locate the device, sound a siren, lock the device, wipe the device, call the device, send a message to the device and much more, right from the Avast! portal.

Unlike Lookout, Avast! places a heavy emphasis protecting you and your data if your device is lost or stolen. Avast! Anti-Theft features allow a user to force the data connection to stay active so the device can be tracked, lock the phone settings, and prevent USB debugging (which is often used by thieves to reset a device to factory settings after it has been stolen).

Avast! also tries to keep its users aware of privacy and permission settings of the different apps on their device. Privacy Advisor shows you which apps have access to which areas of your device, but as far as I can tell does nothing to help you limit that access from within the app. Network Meter tracks how much data each app is using, which is helpful for those of us who aren’t using unlimited data plans.

Because it has most of the features Lookout has, Avast! could be used as a replacement for lookout, but if used together, they present a very thorough security solution for Android devices.

Gryphn Secure Text Messaging (Free)

Lookout protects the information on your device from falling prey to malware and viruses on the Google Play store, while Avast! is a great solution for preventing your data from getting into the wrong hands if the phone is lost or stolen, but what about the contents of your text messages, on the phone and coming and going from your device?

Gryphn Secure Text Messaging replaces your stock texting app and encrypts text, picture and video messages, both on your device and in transit. Even if you do have the misfortune to download malware or come into contact with a virus, neither of these will be able to access any of your messages, images or any other texting content.

After the quick setup process you are greeted by a clean interface (based on the stock Android Jelly Bean messaging app) and all of your old text conversations, ready to continue them in a safer environment.

If you have friends, family or colleagues who have the app, you can enable encryption for those conversations, meaning your messages are encrypted in transit and decrypted by their device on the other end. Even your wireless carrier, which usually stores your text messages for anywhere from 3 months to a year, can’t read what you are saying. Only the sender and the recipient can read encrypted messages.

We had some fantastic questions and comments in response to our press this week that deserved public answers. As a security company we recognize that people trust us when they use our product. We want to reciprocate this trust by offering transparency in our processes. Please feel free to add any more comments or questions  you may have

“Great idea – my wife is a middle school principal. It’s amazing the things teens are sending via SMS and their ignorance about its lasting impact and potential for broad distribution. Snapchat is clearly targeted to this younger group and if it (Gryphn) can save just one person from disastrous embarrassment, I’m all for it.” – Shopilly (TechCrunch)

Protecting teens from sexting mistakes? Sure, we can roll with that. The same security that protects a soldier’s mission critical image from being intercepted in transit, downloaded to a computer, forwarded, saved, screenshot-ed, decrypted or shared will also protect a teen from having their ill-advised image uploaded to Facebook.

“And this is necessary for life because why exactly? So teens can sext each other. Wow, I want to invest in this company. Where do I put my money? Maybe the company founders just want to see a lot of user generated porn.” – Darth (Business Insider)

User generated porn? This is (by far) our favorite comment. Our users include SWAT, local law enforcement and first responders. While we’re sure there’s a fetish for that, we don’t hold the keys to decrypt people’s messages. Or have the ability to see them. Or to give anyone access to them. Even under duress. Our patent-pending public/private encryption key exchange makes it impossible for ANYONE other than the sender and recipient to access or view the contents of even one single message encrypted and sent through our app. Yes, even if it’s porn. Yes, even if it’s really good porn.

“(This works) until people start taking pictures of their phones with other peoples’ cameras…” – Evan (Business Insider)

Yes. Absolutely true. For healthcare, financial and law enforcement (and eventually government), the concern is in knowing who is accessing these images. In whose hands does the phone rest? We achieve this currently through a passcode on the app itself and, eventually, with technology that… has already been used in beta by some of you. This last point in particular is, perhaps, proof that, despite the amusing moniker that some of our press bestowed upon us, our target market is not those looking to macgyver a sexting app, but those who are required to encrypt digital messaging to satisfy the legal requirements of their regulated industry.

The Press

Gryphn Updates Secure SMS Platform To Better Compete With Facebook… - TechCrunch
These text messages will self-destruct in five, four, three, two… - Upstart Business Journal
Gryphn updates secure SMS platform – Washington Business Journal
Gryphn Is An App That Will Let You Send Sexts And Actually Get Away… - Business Insider
Gryphn Launches Self-Destructing Text App That Solves the Security… – In The Capital

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

http://storify.com/GryphnCo/dc-s-hottest-tech-startup-gryphn

Graphic courtesy of MBAonline.com

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Continued from last week…

Overcoming uncertainty

To view the mobile security and privacy problem in management terms, consider that businesses generally dislike uncertainty of any kind.  But the mobile revolution and resulting patchwork quilt of search and seizure laws across borders suggests plenty of businesses have zero certainty about whose hands their data could fall into.  Once an unencrypted device is imaged, there is no going back.  It is impossible to know with certainty how law enforcement authorities here or anywhere will parse patent drawings; budget spreadsheets or acquisition plans while searching for evidence.  There are too many variables. Even if we assume authorizes will act in good faith and take measures to respect confidentiality, encryption is a far better bargain for applying controls over information, particularly if you are a lawyer worried about attorney-client privilege or work in an industry subject to tough data protection regimes.  As mobile device searches become increasingly routine enterprise data swept up in evidence searches – “caught in the crossfire,” if you will – may have to be deemed “compromised,” if only for practical purposes.  

The way forward

Companies need to monitor the global regulatory picture closely.  The best defense, of course, is to compartmentalize access and information.  A salesperson headed overseas does not need to carry your patent portfolio through border crossings.  But except for these kinds of obvious cases, reconfiguring devices and networks around today’s shifting job roles and travel is tedious and impractical.  Plus, when you strip-down handhelds to the point where they become safely “expendable” you start to offset the business value of all these great tools and connectivity.  Why not build a standardized mobile security profile with encryption instead and let users bring the apps they need to be productive?  Senior executives need to lay the foundation here by looking at requirements, risks that can be tolerated and mitigating them as far as possible.

On the technology side, mobile encryption is a powerful tool to tactically deploy in your plan.  To securely harden many common types of smartphones quickly, look for encryption tools that to not require cumbersome hardware accessories or multi-tasking between apps just to read e-mail. Such ease of deployment positively empowers users and helps different types of devices in a company to benefit from consistent protection.  Users of different hardware that all run some version of Android, for example, can in most cases go to the same app storefront and pull down their own security software.   As technology rewrites our legal and societal perceptions of trust, privacy and security, businesses and consumers should expect continued legal dust-ups and uncertain times.  Often the only recourse is to seize the initiative by taking proactive control.  In this spirit, armoring-up your smartphone is easily done and could spare your company and career from needless future worry and pain.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Have a new Android app you got for Christmas?

Make sure it’s not malware, stealing your data, uploading your contact information to a foreign server or sending premium international SMS messages at your expense! Check the list below for the worst offenders:

3D Anti-terrorist

Android.Trojan.SMSSend

Android.Trojan.FakeInst

Holiday SMiSishing

Geinimi Trojan

TapSnake

Red Bunny Trojan

Ikee Worm

Beware of an HTC flaw allows malicious apps to steal WiFi passwords

Many apps not on this list threaten user security. Protect yourself in advance so even if one of those new toys you downloaded happens to be malware, it won’t have access to your data. Have a Merry Christmas. Enjoy your new Android apps!

Secure your device from malicious apps with Lookout

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

What’s in your phone?

Mounting uncertainty around warrantless device searches means mobile encryption is becoming even more essential for businesses  

Laws are trying to keep up with technology, particularly in areas like privacy and information security.  Many of the keystone regulations and legal precedents the government and private sector live by in this arena were conceived well before smartphones, tablets, and today’s Web itself were even imaginable.

In a perfect example, the New York Times recently published a survey of courts and legislatures in various states and how they have addressed the legal uncertainty surrounding warrantless cell phone searches conducted by law enforcement authorities. (We offer a state by state synopsis beginning here).  Judges and state legislatures delivery complimentary, contradictory and downright oppositional rulings on the conditions necessary for law enforcement to perform cell phones searches. Is a warrant required? What if the phone is on your person? Is your location data the property of the providers? Years ago the data on your phone might have been limited to scrolling through call logs and contacts.  However, the ramifications are much greater with today’s smartphones, which are repositories of, not only our calendars and contacts, but the apps we use and data we send through them, as well as Web histories, multimedia libraries and geo-location data.  All this before we even consider the confidential corporate data many of us keep in our personal devices.  (See a State by State breakdown of cell phone privacy laws)

Everyone wants a peek

The phenomenal growth of mobile devices around the world is triggering disruptive and unpredictable regulatory issues for monitoring communications and searching devices.  The smartest business strategy, accordingly, for companies worried about new risks to sensitive information is strong encryption tools, for communications security and safeguarding sensitive workplace information that inevitably ends up on mobile.   This is much broader issue than U.S. domestic concerns. In recent years India, the United Arab Emirates and other countries pressured Research in Motion to grant their state authorities access to BlackBerry users’ BBM and e-mail traffic within their borders. In a similar vein, there have been concerns over whether U.S. and other countries’ border security screenings compromise business secrets if and when laptops and other media are searched.  In these and other examples, the more portable and indispensable devices become, the more exposure they have to these issues.

More devices, more problems

The current “bring your own device” (BYOD) movement introduces more mobiles to business settings. The usability of these devices means it is only a matter of time before confidential office information starts flooding into these handhelds.  Employees copy files to them.  They intentionally (or inadvertently) activate file-sync and back-up apps that replicate confidential files to the cloud and to every gadget they own. These and many other actions risk exposing sensitive information to unauthorized publics.  After all, the more copies of something you have, the more likely one copy stands to be lost or viewed by others. Yet, if a business does not have the legal grounds or employee buy-in to dictate precisely how mobiles are configured and used, they must (uncomfortably) rely on uneven user awareness and habits to keep handhelds away from malicious code, thieves – and now evidence lockers, too.   It is one thing for a company to get a call from authorities explaining why an employee’s device (that is hypothetically central to an investigation) needs to be unlocked, since this is a matter that can be appropriately handled with corporate counsel and dialogue.  But it’s quite another case when you have a searched device handed back to you after the fact – knowing encryption was not in place to prevent data from being viewed, copied or altered – and worry about what might have been exposed.

To Be Continued…

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

On December 3, 2012, Representative Mike Honda of California introduced The Healthcare Innovation and Marketplace Technologies Act (HIMTA) with the intent to foster more innovation in the health care industry by removing barriers in wireless health.

This bill offers loans, tax relief, and grants for Health Information Technology not covered by EHR incentives, offering up to $250,000 in a taxable year for medical care providers. Health Information Technology that would qualify for these loans includes “storage, retrieval, sharing, and use of health care information, data and knowledge for communication and decision-making.”

Small businesses are elibible to receive loans or financing for any health information technology that “enhance(s) continuity of care for patients ..such that this information is accessible at the times and places where clinical decisions will be or are likely to be made; (as well as) enhancement of communication between patients and health care providers (and) technology that has already been purchased.”

There is a particular emphasis placed on technologies that will be widely adopted and useful for patients, patient engagement, doctor-patient consultation and patient health monitoring. These technologies are offered grants and prizes.

Office of Wireless Health Technology

This document would also establish the Office of Wireless Health Technology, a subsidiary of the FDA designed to coordinate regulation of wireless health technology across federal agencies, offices and institutes such that such regulation might be “more robust, predictable, and easily understood and navigated by indiiduals and entities that design, produce, disseminate, or have a prevailing interest in wireless health technology.”

Mobile Health Software Application Tehcnology is defined thus;

A:) Offers health-related services and runs on a mobile device; OR

B:) enables health-related services through other portals associated with the use of a mobile device.

We have visited the unnecessarily confusing topic of regulatory requirements on mobile previously, calling for consistency and clarity similar to the aspirations present in the first draft of this bill. FINRA, FIPS, HIPAA and the DoD Mobile Strategy all contain similar concepts and security measures.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘