SKY ECC December 2019 Newsletter

We’re in the gift-giving spirit for December! Gifts include Telegram’s founder explaining that WhatsApp’s vulnerabilities may be a feature (for surveillance), Hezbollah gifted themselves a phone—by stealing it out of a journalist’s hand, US presidential candidates have the everlasting gift of poor email security, millions of SMS messages were a free gift for hackers, and we look at a gift for Android phone users as the security-compromised SMS service is being replaced by…the security-compromised RCS service.

Be sure to read all the way through to see my gift to you—the launch of the SKY ECC Usage Case Series!

December Industry News and Trends

Telegram founder on WhatApp’s bugs

In a damning message, Pavel Durov (Telegram’s founder), accused WhatsApp of being a Trojan Horse with intentional security ‘flaws’ in it’s service for surveillance companies to exploit. This comment came after another major security flaw was discovered in WhatsApp.

WhatsApp/Facebook said it wasn’t exploited, but Pavel commented:

“A security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users.”

The post goes on with other excellent points about how WhatsApp should not be trusted as a secure tool, and I agree. Read my secure app comparison article to know exactly how I feel about WhatsApp.

Hezbollah steals phone from journalist’s hand

Journalists are vulnerable to hacking, but there is one hack that is painfully easy to do: a journalist in Beirut had her unlocked phone stolen from her hand by Hezbollah supporters during a protest.

This is unfortunate, but why is this being brought to your attention? Because it is a perfect use case for an often glossed-over Auto-lock feature of SKY ECC:

  • All SKY ECC devices have Auto-lock on by default.
  • Users must enter the passcode for the SKY ECC app every five minutes.
  • Passcodes must be entered regardless of whether or not the phone is already unlocked and in continuous use.
  • Settings can be changed to as often as passcode entry every two minutes.

The journalist is a perfect use case example as she knew her phone was unlocked and anything could be taken from it. If she was using SKY ECC she could have set her phone to Auto-lock every two minute so that the criminals would’ve had mere moments with her phone before it required the passcode they didn’t have.

2020 US political candidates not securing their email

After all of the endless screeching about Hillary Clinton’s emails, many US presidential candidates still aren’t protecting their email—including President Trump. You may recall he was slightly critical of the Clinton campaign for this.

The email security feature not being used, DMARC, allows for attackers to easily spoof emails for phishing attacks. Yes, that’s exactly what happened to the Clinton campaign. No one learns.

The list below shows those in green have enforced DMARC, yellow means it’s not enforced properly, and red means they appear to have nothing in place:

The worst part? DMARC is free to use and implement.

Massive text message leak exposes millions

The latest flaw to expose millions was created by True Dialog, who specialize in…text messaging solutions for small business. They didn’t add any security or encryption to their crucial databases, leaving this data exposed:

  • Passwords and usernames for Google and Facebook
  • Medical service access information
  • Phone numbers
  • Financial application details

This is another reminder that SMS isn’t a secure platform, and never has been.

The last word…

Not only is SMS lacking basic security, so is it’s coming replacement: RCS. The protocol is being rolled out for Android and is being pushed hard by Google. The flaws in it allow for easy interception and manipulation of messages by hackers. Perhaps this is not a security bug at all and is actually an exploit feature—just like WhatsApp’s flaws are exploit features—for the global surveillance and data collection programs. We all know how Google feels about your data…

Links to stories mentioned:

Read recent posts from SKY ECC

Launching the SKY ECC Usage Case Series!

I have something really special for you this month as I’ve begun publishing the SKY ECC Usage Case Series! These 15+ pieces of content will help everyone understand how SKY ECC helps those in many industries and jobs.

I’ve been hard at work on these for you, here are the first seven. For more, visit the SKY ECC blog for more posts on security, privacy, and SKY ECC product updates. 

Usage Cases to Encrypt Communications with SKY ECC

This is the parent page which explains the goals of the series, and maps out the specific industry or job functions which may apply to you. If you want easy reference to the page you’re looking for, bookmark this one.

Read more

Industry Usage Cases to Encrypt your Communications with SKY ECC

Read a quick overview of seven industries that can benefit from using SKY ECC. Each is summarized in one paragraph with an example of an actual hack that took place in that industry.

Read more

Job Function Usage Cases to Encrypt Communications with SKY ECC

There are nine jobs that we’ve identified so far whose employees should be using SKY ECC. These jobs take place across nearly every company from the boardroom to the remote employee’s home office. Each job has a one paragraph summary and a real world example of that job being hacked.

Read more

Securing the Manufacturing Supply Chain Usage Case

The manufacturing supply chain is increasingly vulnerable to cyber-attacks as more analog systems move to digital. Systems which are now digital include important factory communications, how products are made, and vital plant safety controls.

Read more

Usage Case for Secure Communications for Medical Facilities

The medical field is a prime target for the average hacker as hospitals and medical offices combine data-rich environments with poor digital security. This must change, and this post looks at how it’s possible.

Read more

Usage Case for Secure Communications for Journalists

Journalists need to protect themselves and their sources because they are becoming one of the most attacked professions. These attacks are coming through digital means and are ruining journalists professionally and personally.

Read more

Legal Industry Usage Case for SKY ECC

The legal industry is built on having privileged information which must remain secure. More lawyers and law offices are being attacked as hackers look to exploit data for blackmail, or for the opposing counsel.

Read more