How to Get Out of an InPrivacy Jail By Yury Chemerkin
How to Get Out of an InPrivacy Jail By Yury Chemerkin June 7, 2014 [ YURY CHEMERKIN ] linkedin.com/in/yurychemerkin http://sto-strategy.com [email protected] MULTISKILLED SECURITY RESEARCHER EXPERIENCED IN : REVERSE ENGINEERING & AV, DEVELOPMENT (IN THE PAST) MOBILE SECURITY, INCL. IAM, MDM, MAM, etc. CYBER SECURITY & CLOUD SECURITY (INCL. IAM) IAM & COMPLIANCE & FORENSICS ON MOBILE & CLOUD SECURITY WRITING (STO BLOG, HAKING, PENTEST, eFORENSICS Magazines) PARTICIPATION AT CONFERENCES: INFOSECURITY RUSSIA, NULLCON, ATHCON, CONFIDENCE, PHDAYS, HACKERHALTED, DEFCON MOSCOW, HACKTIVITY, HACKFEST, NOTACON, HACKMIAMI; CYBERCRIME FORUM, CYBER INTELLIGENCE EUROPE/INTELLIGENCE-SEC, DEEPINTEL; ICITST, CTICON, ITA, I-SOCIETY; WILD ANIMALS: ANIMAL PLANET AGENDA Wild Animals :: < Mobile Apps > Wild Tools :: < Forensics Tools, Data/Backup Tools > Wild Security Concepts :: < Data Protection Concepts, Best Practices > Wild Environment :: < OS: iOS, Android , BlackBerry > Wild Security Solutions :: < OS Security, MDM, MAM, MIM Solutions > State of Facts :: < Mobile Data Application Report - BlackBerry, iOS, Android > Recommendations :: < MAM, Development Advices, etc. > Other Salvation Ideas :: < BlackPhone > Forensics Capabilities on Application Data Access DATA PROTECTION CONCEPTS Type Roots Data-at-Rest (DAR) protection Depends on sandbox & FS architecture Data-in-Use (DIU) protection More about developer’s imagination Data-in-Transit (DIT) protection Mix two previous in regards to whole device Data-in-motion (DIM) protection (~DIT) Like DIT but depends on app Data-in-action (DIA) protection (~DIU) OS API and developer’s imagination App Disablement (similar to DIU & DAR) Rule based policies, out of dev activity Location Masking (similar to DIT/DIM) Policies & DIM/DIT characteristics Storing Information on device :: iOS data-in-rest Specifics SQLite storage any type of data File Cache attachments, files from clouds, etc. Binary cookies depends, usually, credentials, tokens Error logs any data, even credentials Keyboard Cache auto correction, word list counts 600 iCloud all data backup to cloud, even credentials Snapshot Storage any preview info, like email from Banks Storing Information on device :: Android data-in-rest Specifics Where & What stores :: /data/data/<package>/… App analytics, dump, misc Cache up/downloaded files Databases history, chat, bank info Files attachments, crypto-keys Shared_prefs credentials, token, history How does it store Shared preferences (lightweight XML format) Internal storage (/data/data/ + shared docs & media) External storage (cache, debug, db, maps) SQLite (DB, discussed earlier) Network (logs/event, datestamp, credentials) Storing Information on device :: BlackBerry data-in-rest Specifics BlackBerry Backup What :: app, app data, app config, all documents, etc. How :: ElcomSoft, any other that works with BB backup Shared folders What :: docs, media, backup with credentials may happen How :: live access, spyware, rarely encrypted Remotely accessed data What :: device entirely plus SD-Card How :: BB Link should authorized PC before gaining access Android application data files What :: cached files, any other like Android App Where :: Device/misc/android/Android/data) How :: like a shared folders or remote access Misc tracks Device/Misc What :: Misc files, backup like whatsapp, How:: like a shared folders or remote access Device/Android except android data What :: any data Android and Android apps usually store on SD card How :: :: like a shared folders or remote access The rest data protected except you got an access to backup or find a way how to root/jailbreak OS EMM FEATURES : Vendors [ EMM FRAMEWORK ] EMM (Enterprise Mobile Management) 3rd Party Solutions to EMM MDM: Mobile Device Management NAC: Network Access Control (Management) MAM: Mobile Application Management AV: Antiviruses Solution MEM: Mobile Email Management Mobile SIEM: Log Management Solution MIM: Mobile Information Management DLP: Data-Leakage Prevention Devices: Smartphones, Tablets COMPLIANCE: Standards, BestPractices, Guidelines, etc. EMM FEATURES EMM :: MDM Password protection & reset Remote & Selective device wipe Remote lock Set VPN, Wi-Fi, APN, proxy/gateway settings Configuration monitoring/auditing Automated provisioning/enrollment Disable basic features (camera, Bluetooth, Wi-Fi, NFC, Cellular, etc.) Manage mobile-attached devices (e.g printers, scanners) EMM FEATURES EMM :: MAM Full-featured enterprise app store Containerization/sandboxing App containerization using developer SDK/toolkit, app wrapping Block copy/paste between apps, from email, etc. Restrict which apps can open a given file App inventory tracking / usage monitoring Remote desktop access to apps and data on desktop from mobile [ EMM FRAMEWORK :: MEM SOLUTIONS ] MDM: Mobile Device Management NAC: Network Access Control (Management) MAM: Mobile Application Management AV: Antiviruses Solution MEM: Mobile Email Management Mobile SIEM: Log Management Solution MIM: Mobile Information Management DLP: Data-Leakage Prevention Devices: Smartphones, Tablets COMPLIANCE: Standards, BestPractices, Guidelines, etc. [ EMM FRAMEWORK :: MIM SOLUTIONS ] MDM: Mobile Device Management NAC: Network Access Control (Management) MAM: Mobile Application Management AV: Antiviruses Solution MEM: Mobile Email Management Mobile SIEM: Log Management Solution MIM: Mobile Information Management DLP: Data-Leakage Prevention Devices: Smartphones, Tablets COMPLIANCE: Standards, BestPractices, Guidelines, etc. [ MOBILE DEVICE SECURITY ENVIRONMENT ] SPOT THE DIFFERENCE SECURE BOOTLOADER SYSTEM SOFTWARE SECURITY (UPDATES) APPLICATION CODE SIGNING RUNTIME PROCESS SECURITY (SANDBOX, APIs) HARDWARE SECURITY FEATURES IN-REST PROTECTION IN-TRANSIT PROTECTION (SSL, TLS, VPN) PASSCODE PROTECTION CENTRALIZED APPLICATION DISTRIBUTION SETTINGS DELIVERY (PERMISSIONS, CONFIGURATIONS) REMOTE MAGAGEMENT LOG COLLECTION NO DIFFERENCE, RIGHT [ KNOW YOUR APPS – 3RD PARTY REPORTS ] AFFECTED PLATFORMS APPTHORITY REPORT HIGHLIGHTS App Reputation Report , Winter 2014% 31% 91% iOS apps exhibited risky behaviors 22% 83% Android apps exhibited risky behaviors 91% 24% 70% iOS and Android apps allow location tracking 56% iOS and Android apps identify the user’s ID (UDID) 58% 83% 56% 58% free Android apps share data with ad networks 24% paid Android apps share data with ad networks 31% free apps access users’ contact list or address book 70% 22% paid apps access users’ contact list or address book [ KNOW YOUR APPLICATIONS ] AFFECTED PLATFORMS [ KNOW YOUR APPLICATIONS ] FEATURES VS PRIVACY :: BUILT-IN APP Calls; 93,00% Email; 73,00% Messages; 85,00% Notes; 89,00% Calendar; 76,00% Contacts; 95,00% [ KNOW YOUR APPLICATIONS ] FEATURES VS PRIVACY :: IM APP Facebook Messenger; 87,00% Lync; 61,00% Kik Messenger; 79,00% Viber; 87,00% BBM; 86,00% Whatsapp; 85,00% WeChat; 78,00% Hangouts; 80,00% Skout; 76,00% Yahoo Messenger; 75,00% [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Account country code, phone number login / tokens Facebook wasn’t revealed ‘Buy me for….$$$’ Avatars :: [email protected] (jfif) Address book No records of address book were revealed… Check log-file and find these records (!) Messages Messages Date & Time content of message ID :: [email protected] Attachments (as is) FORENSICS EXAMINATION [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Account country code, phone number Device Hardware Key login / tokens of Twitter & Facebook Calls history Name + internal ID Duration + date and time Address book Quantity of contacts / viber-contacts Full name / Email / phone numbers Messages Conversations Quantity of messages & participants per conversations FORENSICS EXAMINATION Additional participant info (full name, phone) Messages Date & Time content of message ID Attachments & Preview (as is) VoiceMessages Media Snapshots (iOS only) Snapshot of active chat [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION Account ::: PIN , Names, Status "74afbe19","Yury Chemerkin“, "*fly*“, "@ Holiday Inn (MOSCOW)" Information Barcode / QR history (when, what) "QR_CODE","bbm:2343678095c7649723436780","1382891450014" Transferred files "RemotePin“, "Path","ContentType“, "image/jpeg“, "23436780“, "/storage/sdcard0/Android/data/com.skype.raider/cache/photo_1383731771908.jpg“ Transferred as a JFIF file :: FFD8FFE000104A464946 ......JFIF Invitations: "Pin","Greeting","Timestamp",”LocalPublicKey/PrivateKey","EncryptionKey« Messages (Date, Text,…) :: "1383060689","Gde","Edu k metro esche, probka tut","Park pobedy”,"Aha","А щас","Belorusskaja","Долго" Logs Revealing PINs, Email, device information, Applications actions associated with applications modules *.c files, *.so, etc. It helps to analyze .apk in future [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Contacts Full Name Work Info Phone number (00-country-code-….) Email Is AppName user App Info App Name (list of app) App Icon Misc Friends group, Friends requests Members Messages Country Name FORENSICS EXAMINATION FB number ID G+ number ID Twitter numeric ID Foursquare numeric ID FB access token NickName (Device name is like iPhone (Yury) Media Snapshots Profile photos App icons Credentials Nothing revealed [ KNOW YOUR APPLICATIONS ] FEATURES VS PRIVACY :: SOCIAL APP SlideShare; 67,00% Scribd; 63,00% Facebook; 83,00% So.Cl; 42,00% Instagram; 67,00% Groupon; 68,00% Twitter; 81,00% MySpace; 61,00% Pinterest; 57,00% Vkontakte; 78,00% LinkedIn; 59,00% Google+; 55,00% [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Media User images/avatar (first of all, of those who're on messenger/chat) Snapshot of app screen (iOS only) Pic/avatar URL, Image cache .jfif Conversation Thread ID, Name , Date & Time Quantity of Messages Message / body ID of sender/recipient Status :: Unread/archived/can reply Account Tokens, incl. private Lot of configs FORENSICS EXAMINATION Numeric ID of account (100001827345335.plist) Address book / Synchronized Full Name, Email , Phone number Users User ID, User Name , User NickName Has a mobile messenger? Is a Friend ? Email FB Messenger configs User Phone Number Friend avatars Credentials Nothing revealed [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Media Snapshots Profile Info Friend profile URL + Full Name + Photo Twitter User name FB Permissions – publish stream FB token key & expiration Login name Actions Comments & profile name of those who comment photo Cache of uploaded photos plus date & time Stored on Amazon S3 FORENSICS EXAMINATION Credentials Nothing revealed Network (in-transit) Profile Name + URL Friends’ Name + Url Upload /Download photos Comments Seems everything except credentials [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Media Snapshots Messages time Conversations Attachment Info, URL Uploading attachments in plaintext Sending messages in plaintext Friends Full Name Profile URL Avatar Birthday Misc tokens (?) Credentials Nothing revealed FORENSICS EXAMINATION [ KNOW YOUR APPLICATIONS ] FEATURES VS PRIVACY :: GEO APP Trover; 69,00% Banjo; 62,00% Google Maps; 73,00% FourSquare; 85,00% 2GIS; 61,00% Yandex Maps; 76,00% GeoBucket; 54,00% TrackMe; 51,00% Navitel; 64,00% [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Media Snapshots PNG map shots of friends & check-ins Uploaded photos via app on check-in event User/Credentials Search request info by name/location/etc. Like, Comments + friend username per check-ins Badges + description and who unlocked it Credentials weren’t revealed FORENSICS EXAMINATION [ KNOW YOUR APPLICATIONS ] FEATURES VS PRIVACY :: OFFICE APP AsusWebStorage; Google Disk; 57,00% 51,00% eFax; 73,00% Box; 67,00% Dropbox; 67,00% OneDrive; 51,00% Office Mobile; 51,00% QuickOffice; 71,00% AdobeReader; 51,00% DocsToGo; 71,00% Yandex.Disk; 65,00% Mail.Ru; 65,00% Amazon Cloud Drive; 67,00% [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Logs iOS version as a log-file-name Settings like upload_over_cell or geofence_state User_id (numeric) Perms like “permission.photos.granted” Extension Connection time – WiFi, Cellular Size Download info (started, finished, failures) Device ID FORENSICS EXAMINATION Uploads Images, resized images Other files as is even (cpp ) Cached PDF as separated jpg pages Media Snapshots (iOS only), profile photo Credentials Nothing revealed [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY OneDrive + OneDrive for Business Uploads Images, resized images URL to download (have to login via liveID) Full url to download file Full user name Downloaded files as is Permissions info PDF stored NOT as separated jpg pages Credentials Nothing revealed FORENSICS EXAMINATION Office Mobile login name (= email) cached files w/o name Images, resized images Sharepoint URL even it's not public Media Snapshots (iOS only) holiday inn reservation pdf as a jpeg [ KNOW YOUR APPLICATIONS ] FEATURES VS PRIVACY :: TRAVEL APP Taxi (any); 31,00% Yelp; 57,00% AnywayAnyday; 74,00% Hotels.com; 64,00% Travel; BlackBerry S7; 62,00% 73,00% KLM; 64,00% Hilton; 78,00% Lufthansa; 26,00% Miles & More; 27,00% HotelByMe; 23,00% JetBlue; 43,00% American Airlines; 56,00% United Airlines; 61,00% Aeroflot; 73,00% British Airways; 23,00% Delta; 67,00% IHG; 81,00% Hilton; 73,00% SPG; 79,00% Booking.com; 54,00% Marriott; 56,00% [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY AeroExpress Account & Credentials Email address = login Password Phone Number Products Tickets number & QR-ticket How to use e-Ticket What time train departs & arrives Payment Info Full Name Card number Expiration Data CVC/CV2 wasn’t revealed Repack app and grab any type of data FORENSICS EXAMINATION Aeroflot Account ID , email, password Other id & tokens Information Loyalty (bonus) of your membership all you ever type Date of birth Passport details All PASSPORT INFO (not only travel data) Your work data (address, job, etc.) you have never typed! (except preparing member card) Flights tickets Repack app and grab it [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Account ID , email, password Information Loyalty (bonus) of your membership all you ever type Date of birth Passport details Book/order history Routes, Date and time, Bonus earning Full info per each order FORENSICS EXAMINATION Connected cards Encryption? AES 256 bit On password anywayanydayanywayanyday Store in plaintext Sizeof(anywayanydayanywayanyday) = 192 bit [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Delta (Fly with Delta) Account ID , password is seems encrypted on Android& BB, password not found on iOS Information (android & bb only, nothing found on iOS, seems not precached) Loyalty, Membership 901***** \\ Skymiles Flight confirmations, depart time, flight #:: GCXXXX || 0467 || 2013-1107T12:40:00+04:00 || DL90 "checkedIn": "false“, "seatNumber": "09B", Issued date, ticket # :: "2013-1026T15:37:00-04:00", 006xxxxxxxxxxx Aeroports :: SVO/ "Sheremetyevo Arpt, JFK/"John FORENSICS EXAMINATION F Kennedy International“, NYC / "New York-Kennedy“… British Airways Account ID , password on Android, BB ID on iOS Loyalty card number & Info Tracked Flights Info (iOS) Full Name (iOS), Email (iOS) Product Not revealed (tickets, history or else) PassBook Integration (iOS only) Media Snapshots Cached images with exif (like NY SkyBridge) [ KNOW YOUR APPLICATIONS ] Mail.Ru Money; 15,00% RBK Money; 22,00% A AlfaBank; 4,00% 4,00% Raffeisen; RSB; 4,00% Sberbank; 6,00% Citibak; 3,00% Tinkoff; 3,00% Paypal; 16,00% Yandex Money; 17,00% Qiwi; 14,00% Megafon Money; 17,00% [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Account Phone number Password, secret code weren’t revealed Trace app, find the methods use it Repack app and have a fun No masking of data typed Information Amount Full info in history section (incl. info about who receive money) FORENSICS EXAMINATION Connected cards Encryption? No Bank cards Masked card number only Qiwi Bank cards Full & masked number Cvv/cvc All other card info [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Megafon.Money Account Phone number tokens Other Password wasn’t revealed Rest data wasn’t found RePack app and find everything FORENSICS EXAMINATION Mail.Ru Money Account ID (email = payment ID) Password , salt hash (seems, SHA_X, not detected which SHA) Payment Info Amount Masked bank card number RePack app and find everything [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Yandex Money Account & Credentials ID info for Yandex Money ID info for Yandex Bank name per attached card Transaction history ID , Amount , User comments Status, Time & Date, Favorite or not Login per transaction misc Other Password and payment password weren’t revealed RePack app and find everything FORENSICS EXAMINATION RBK Money Account & Credentials Email = login Password Payment Info Payment /Transaction History Phone number on SIM payments RePack app and find everything Masked bank card number like xxxx****xxxx [ APPLICATION EXAMINATION ] ONLY THOSE I HAVE TO USE EVERY DAY Bank apps Rarely store anything in-the-rest Obfuscation happens / NDK instead of JDK Alfabank reveals geo data in-the-rest Alfabank reveals the latest phone number in payments Repack app and grab everything from memory (credentials too) Tinkoff offers his own input field, seems protected Other Password and payment password weren’t revealed Snapshots are protected (!) FORENSICS EXAMINATION [ KNOW YOUR APPLICATIONS ] PRIVACY LEAKAGE :: % OF DATA LEAKAGE In-the-Rest; 57,00% In-the-Memory; 95,00% In-the-Transit; 71,00% [ KNOW YOUR APPLICATIONS ] FORENSICS APPLICATION EXAMINATION :: EXCITING FAILS App Type/Protection In-Rest In-Memory In-Transit built-in apps Plain-Text Plain-Text Rarely Encrypted IM apps Plain-Text Plain-Text Weak Encryption or SSL Social app Plain-Text & Rarely Store smth Plain-Text Best case - SSL/HTTPS Geo Apps Plain-Text Plain-Text Best case - SSL/HTTPS Office Apps Plain-Text Plain-Text SSL/HTTPS Travel Apps Best case - weak encryption Plain-Text Partially Encrypted Bank apps Rarely Store smth & Good Encryption Plain-Text Encrypted EMM FAILS :: MAM PACKAGED/WRAPPED APPLICATIONS QUANTITY OF APPLICATION CHALLENGE ( OBVIOUSLY > 100 ) COOPERATION WITH APPLICATION VENDOR SEPARATION OF PERSONAL, WORK, AND SUSPICIOUS APP SERIOUSLY DIFFERENCE ON APP INTERFACES PER EACH OS WITH THE SAME APP VPN ENCRYPTION ACCESS RESTRICTION (GEO, CREDENTIALS) EMM FAILS :: MIM LACK OF TYPE FILES’ MANAGEMENT LACK OF STORAGE SERVICES’ MANAGEMENT LACK OF DEVICE FILES’ MANAGEMENT LACK OF VENDOR SUPPORT NEED OF A ROOT ACCESS TO DEVICE IN CERTAIN CASES MOBILE OS INCAPABILITIES TO BE INTEGRATED WITH MIM SOLUTIONS EMM :: WHO IS GOOD FOR ? AirWatch App47 AppBlade AppCentral BlackBerry (BES/Fusion) MaaS360 Kony MobileIron Nukona Partnerpedia an MDM and MAM specialist that helped Lowes deploy and manage iPhones which offers a platform that allows enterprises to deploy their own App stores (hot opportunity alert) which supports application deployments and management across iPhone iPad BlackBerry and Android platforms. which also helps enterprises to develop app stores is good for MDM partially MIM & MAM. Supports all mobile OS is good with BlackBerry together which has a platform that allows partners to build enterprise app stores for customers. focused heavily on MDM another provider of enterprise app store technology the former builder of channel partner communities; now focused on private labeled app stores. WorkLight now owned by IBM; focused on mobile development tools middleware and management Terria Mobile which offers a platform for app management. Good Technology supports application deployments and management across modern OS ANDROID SPECIFIC REMEDIATION Call ‘setStorageEncryption’ API for locally stored files (new Android OS v4+) Encrypt externally stored files on SD Card or Cloud (any OS) Reduce using of ‘MODE_WORLD_READABLE ’ unless it really needs Avoid hardcoded and debug tracks as much as possible (it’s easy to decompile) Add extra protect beyond OS (encryption, wiping, etc.) iOS SPECIFIC REMEDIATION Never store credentials on the phone file system. Use API or web scheme instead Define when encryption signature doesn’t matter, else avoid it Use implemented protection mechanism in iOS… But … add extra protection layer beyond OS protection in case of jailbreak Use any API and protection mechanisms properly but never default settings Don’t forget to encrypt SQL databases One More Salvation – Black Phone (?) GeeksPhone – Spanish Hardware StartUp Silent Circle is privately funded (Americans) Black Phone – Examination of Rumors Website offers no details on how those extra levels of security will be implemented, but.. Silent Circle is U.S. based company Zimmermann is cofounder of mobile privacy software firm Silent Circle GeeksPhone is a Spanish smartphone hardware company/start-up GeelsPhone sells open Android phones and developer devices of Firefox OS. SPG Technology is a Switzerland-based join venture IntelliJ IDEA is used to build applications Black Phone Software – Examination of Rumors Computer Retail Week interviews founders and states How was the idea for the Blackphone conjured up? Large market of folks who didn't want to build their own car, but they wanted a good car Why should users want to have a Blackphone? Security Center At $629 is the total package. Lot of security magic to stop leaks out Who is buying the Blackphone? 45 percent of orders have come from Europe and 38 percent from North America Blackphone is gathering as little information as possible on who is buying its product Who should be buying a Blackphone? There are clearly industries that are already predisposed to seek privacy, such as stockbrokers, attorneys, senior executives Why is this phone safer than what's currently out there? It's safer because it's more usable Every bit of information the phone sends out is encrypted whether it's a call or a text. No one can offers it now BYOD/Enterprise? Absolutely, even MDM tools How secure is the Blackphone? Anybody who claims that anything is hackproof is clearly selling snake oil Black Phone - Software The Blackphone is an announced smartphone developed by SGP Technologies, that will provide encryption for phone calls, emails, texts, and internet browsing. Silent Circle Apps Silent Phone Silent Text Silent Contacts 3rd-party Apps Disconnect Secure Wireless SpiderOak Blackphone Edition Kismet Smart Wi-Fi Manager Blackphone-built Apps Blackphone Security Center Blackphone Activation Wizard Blackphone Remote Wipe Misc PrivatOS International Power Adapter Kit Black Phone - Examination Servers of its custom-built network are located in Canada Also Supports iOS, Android, Windows Desktop Silent Phone: Encrypted voice and video calls on iOS and Android, it can be used with Wi-Fi, EDGE, 3G or 4G cellular. Encrypted VoIP from Windows computers. Silent Text: Encrypted text messaging and secure cloud content transfer with “burn notice” feature for permanently deleting messages from devices. Silent Mail: Discontinued August 9, 2013. Encrypted e-mail on Silent Circle’s private, secure network and compatibility with popular e-mail client software. Silent Contacts: App is prebuilt with all previous Black Phone - Examination The company's products enable encrypted mobile phone calls, e-mail, text messaging, and video chat. Servers of its custom-built network are located in Canada Silent Phone/Text/Contact: available for iOS & Android with source code on GitHub Remote Wipe: Provides no centralized cloud service to manage device Private OS: Android 4.4 KitKat International Power Adapter Kit: Android 4.4 KitKat Disconnect Secure Wireless: its custom-built VPN client Kismet Smart Wi-Fi Manager: Public Wi-Fi Manager SpiderOak: Encrypted Cloud Storage Black Phone / Smart Wi-Fi Manager Is that secured ? It manages Android phone Wi-Fi connection by automatically learning where you use networks. Wi-Fi is only enabled when you are in a location have previously used Wi-Fi, increasing battery life, security, and privacy. It is a paid app in Google Play but fully open source under the GPLv2 license. It aims to be smart, invisible and will manage Wi-Fi state in the background. Airplane mode and Wi-Fi Tethering modes are detected and respected Since Wi-Fi will be turned off, your phone won't be broadcasting your home network name everywhere you go! It prevents spoof attacks Successfully installed on BlackBerry 10 Black Phone / SpiderOak Why not Box or Mega? It is US based online backup tool to back up, share, sync, access and store data using an off-site server. It is accessible through an app for Windows, Mac and Linux computer platforms, and Android, N900 Maemo and iOS mobile platforms It uses encrypted cloud storage and client-side encryption key creation, so even employees of SpiderOak cannot access users' information It provides automatic de-duplication of data Black Phone / SCMC (MDM) Oh, God It can be incorporated to the typical policy and management tools in a business environment A web-based console which grants a nominated customer administrator “super user” status within his or her own network. Create, organize and bulk distribute via email to provide team members with Silent Phone, Silent Text, and Out-Circle Access. Create groups and sub-groups to reflect your company’s organization and allocate encrypted mobile apps accordingly. Dynamically manage and control (enable/deny access) for all users under your administration. Enable outliers, contractors, and third parties to communicate securely with your team on the fly. Black Phone: Pros & Cons Fully protected (no any PoC yet) Impractical & too commercial Encrypted Contacts, splitted for personal & business uses Alike any other app on AppStore or GooglePlay,WorkBalance MDM Solution Encrypted Text, Media Messenger TextSecure,CryptoCat, BBM, etc? VoIP for encrypted Calls VoIP is everywhere for the less price Smart WiFi Manager to prevent attacks Gather Geo, Network Data, AutoLearn Disconnect Secure Wireless VPN VPN is everywhere too Privat OS is Android 4.4 KitKat GeeksPhone offers a root access … MDM w/o MAM, MIM, MEM Impractical, MAM need at least BlackPhone gathers little info on who is buying it Name, Address, Payment method, Personal or Enterprise Black Phone: Pros & Cons : Storages SpiderOak Is that only one? Provider Encrypted storage Personal Encryption2 Carbonite + + Copy + + CrashPlan + + ElephantDrive + + Handy Backup + + IASO Backup + + Jungle Disk + + KeepVault + + MediaFire + + MEGA + + Norton Zone + + OwnDrive + + SpiderOak + + Sync + + TeamDrive + + Wuala + + Box (PreBuild on BlackBerry) + + Black Phone: Pros & Cons PrivatOS Android iOS Search PrivatOS Enhancement Anonymous Bundled Apps Few, and all privacy-enabled Wi-Fi usage Smart disabling of all Wi-Fi except trusted hotspots Always on for geolocation and user tracking Separate + Per Apps Global + Separate Per App App permissions Fine-grained control in a single interface All-or-nothing Fine-Grained Control On-Demand Access Both, need VPN configuration Both, need VPN configuration Frequent secure updates from BlackBerry directly Frequent secure updates from Apple directly Cloud account Delivering secure & privacy as a default valued feature last 20+ years Cloud account Communication tools Android Default Trackable BlackBerry Many, with privacy disabled by default Least privilege access control Private calls, texting, video Traceable dialer, SMS, MMS, browser. Vulnerable to chat, file exchange up to spoofed cell networks and 100MB, browsing and Wi-Fi conference calls Frequent secure updates from Blackphone directly Supplied infrequently after carrier blessing Remote Wipe & Anti Theft Anonymous (??) Requires use of centralized cloud account Business Model Delivering privacy as a premium, valued feature Management MDM Updates BlackBerry Both & Flexible iOS Both On-Demand Access Personal data mining for tracking and marketing Music, App, Games :) Weak MDM Features/Samsung enhanced MDM, MAM, MEM, MIM,… MDM, MAM, MEM, MIM,… The end. Y.O.B.A. hacking
© Copyright 2024