We’re in the gift-giving spirit for December! Gifts include Telegram’s founder explaining that WhatsApp’s vulnerabilities may be a feature (for surveillance), Hezbollah gifted themselves a phone—by stealing it out of a journalist’s hand, US presidential candidates have the everlasting gift of poor email security, millions of SMS messages were a free gift for hackers, and we look at a gift for Android phone users as the security-compromised SMS service is being replaced by…the security-compromised RCS service.
Be sure to read all the way through to see my gift to you—the launch of the SKY ECC Usage Case Series!
December Industry News and Trends
Telegram founder on WhatApp’s bugs
In a damning message, Pavel Durov (Telegram’s founder), accused WhatsApp of being a Trojan Horse with intentional security ‘flaws’ in it’s service for surveillance companies to exploit. This comment came after another major security flaw was discovered in WhatsApp.
WhatsApp/Facebook said it wasn’t exploited, but Pavel commented:
“A security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users.”
The post goes on with other excellent points about how WhatsApp should not be trusted as a secure tool, and I agree. Read my secure app comparison article to know exactly how I feel about WhatsApp.
Hezbollah steals phone from journalist’s hand
Journalists are vulnerable to hacking, but there is one hack that is painfully easy to do: a journalist in Beirut had her unlocked phone stolen from her hand by Hezbollah supporters during a protest.
This is unfortunate, but why is this being brought to your attention? Because it is a perfect use case for an often glossed-over Auto-lock feature of SKY ECC:
- All SKY ECC devices have Auto-lock on by default.
- Users must enter the passcode for the SKY ECC app every five minutes.
- Passcodes must be entered regardless of whether or not the phone is already unlocked and in continuous use.
- Settings can be changed to as often as passcode entry every two minutes.
The journalist is a perfect use case example as she knew her phone was unlocked and anything could be taken from it. If she was using SKY ECC she could have set her phone to Auto-lock every two minute so that the criminals would’ve had mere moments with her phone before it required the passcode they didn’t have.
2020 US political candidates not securing their email
After all of the endless screeching about Hillary Clinton’s emails, many US presidential candidates still aren’t protecting their email—including President Trump. You may recall he was slightly critical of the Clinton campaign for this.
The email security feature not being used, DMARC, allows for attackers to easily spoof emails for phishing attacks. Yes, that’s exactly what happened to the Clinton campaign. No one learns.
The list below shows those in green have enforced DMARC, yellow means it’s not enforced properly, and red means they appear to have nothing in place:
The worst part? DMARC is free to use and implement.
Massive text message leak exposes millions
The latest flaw to expose millions was created by True Dialog, who specialize in…text messaging solutions for small business. They didn’t add any security or encryption to their crucial databases, leaving this data exposed:
- Passwords and usernames for Google and Facebook
- Medical service access information
- Phone numbers
- Financial application details
This is another reminder that SMS isn’t a secure platform, and never has been.
The last word…
Not only is SMS lacking basic security, so is it’s coming replacement: RCS. The protocol is being rolled out for Android and is being pushed hard by Google. The flaws in it allow for easy interception and manipulation of messages by hackers. Perhaps this is not a security bug at all and is actually an exploit feature—just like WhatsApp’s flaws are exploit features—for the global surveillance and data collection programs. We all know how Google feels about your data…
Links to stories mentioned:
- Pavel’s Telegram Post on WhatsApp
- Hezbollah Supporters Steal a Journalists Phone
- Presidential Candidates with Poor Email Security
- Millions of SMS Messages Leaked
- RCS Message Vulnerabilities Exposed
Read recent posts from SKY ECC
Launching the SKY ECC Usage Case Series!
I have something really special for you this month as I’ve begun publishing the SKY ECC Usage Case Series! These 15+ pieces of content will help everyone understand how SKY ECC helps those in many industries and jobs.
I’ve been hard at work on these for you, here are the first seven. For more, visit the SKY ECC blog for more posts on security, privacy, and SKY ECC product updates.
Usage Cases to Encrypt Communications with SKY ECC
This is the parent page which explains the goals of the series, and maps out the specific industry or job functions which may apply to you. If you want easy reference to the page you’re looking for, bookmark this one.
Industry Usage Cases to Encrypt your Communications with SKY ECC
Read a quick overview of seven industries that can benefit from using SKY ECC. Each is summarized in one paragraph with an example of an actual hack that took place in that industry.
Job Function Usage Cases to Encrypt Communications with SKY ECC
There are nine jobs that we’ve identified so far whose employees should be using SKY ECC. These jobs take place across nearly every company from the boardroom to the remote employee’s home office. Each job has a one paragraph summary and a real world example of that job being hacked.
Securing the Manufacturing Supply Chain Usage Case
The manufacturing supply chain is increasingly vulnerable to cyber-attacks as more analog systems move to digital. Systems which are now digital include important factory communications, how products are made, and vital plant safety controls.
Usage Case for Secure Communications for Medical Facilities
The medical field is a prime target for the average hacker as hospitals and medical offices combine data-rich environments with poor digital security. This must change, and this post looks at how it’s possible.
Usage Case for Secure Communications for Journalists
Journalists need to protect themselves and their sources because they are becoming one of the most attacked professions. These attacks are coming through digital means and are ruining journalists professionally and personally.
Legal Industry Usage Case for SKY ECC
The legal industry is built on having privileged information which must remain secure. More lawyers and law offices are being attacked as hackers look to exploit data for blackmail, or for the opposing counsel.