SKY ECC was built assuming that everything involved with the phone’s security was compromised and that we must secure them—no assumptions were allowed. This was done to offer complete security if an already secured system failed. Click to learn about:
- Secure Environment checks
- Brute force protections
- Metadata and header encryption
- Push notification obfuscation
- Chat and file encryption
This “zero-trust” model was used so you get security and privacy at the hardware, network, and app level. Each level has vulnerabilities and we secured all of them, making SKY ECC’s app security features the most secure available.
SKY ECC app security features
There are six core security features built into the app:
- Secure environment checks (done at boot)
- Brute force protection (device level and in two places within the app)
- Password protection
- Metadata and header encryption
- Push notification obfuscation
- Chat encryption
Click each one to learn more about it right now if it interests you in particular, or read below to see how each of them works as part of our secure phone ecosystem to protect you, your data, your identity, and your conversations.
Secure environment checks
SKY ECC ensures your security right from the moment you turn on your device with secure environment checks that make sure your operating system hasn’t been tampered with. This is done by using devices which have such security features built into them. Here’s a breakdown by each device:
- iPhones: The Secure Enclave from Apple isn’t so much a separate chip as it is a chip inside a chip. This isolated processor is built into the main system’s chip.
- Google: Pixel phones use the Titan M, which is a completely separate chip from the main CPU. The Titan chip is a part of their broader Verified Boot process.
- BlackBerry: While the secure boot process from BlackBerry doesn’t have a cute name like Apple or Google, they do still have a secure system which functions exactly the same as Apple’s ‘chip in a chip’ feature. They also mention a “Downgrade prevention” feature which gives kernel rollback protection.
Regardless of which tactic is used, they all do the same task of running their own operating system that can’t be compromised by malware if the device gets infected. This prevents kernel rollback, which would allow an attacker to roll the operating system back to a vulnerable version which they can exploit.
There’s no way for the devices we install SKY ECC on to have their boot process be impacted by malware, and they’re safe from kernel rollbacks. This makes our selected devices perfect for our app’s zero-trust model. As we evaluate new phones as possible SKY ECC devices, we want to be sure that they can’t be compromised right from the box!
Brute force protection
The reason that SKY ECC devices, and all phones in general, need to be protected from brute force attacks is because hackers have tools which allow them to guess the password of a device over and over until they get the right one. This can be done in three basic ways:
- Random: Completely at random, which can work with strict numerical passcodes on most phones. 4-digit passcodes are commonly used on smartphones and there are 10,000 possible combinations. That’s a lot for a human, but nothing for a computer. Even with 6 digit codes, people tend to pick a lot of similar ones. It’s so bad that iOS in particular warns you if you’ve picked a common passcode (like 000000 or 123456).
- Dictionary attack: A dictionary list of common passwords which start simple (password) and increase in complexity (password1234) until the right one is found. There are lists of the most common (and frankly stupid) passwords—don’t use any of these.
- Social engineering: A hacker gets familiar with a target and makes educated guesses as to what their password could be. This is why you shouldn’t use birthdays, anniversaries, names of pets, names of loved ones, sports teams, and any other tidbit of information that could be gleaned from your social media profiles. We’re big on long, random passwords managed by a password manager.
We built the SKY ECC app to have brute force protection which works on a scale. The lowest protection is 10 password attempts. The highest protection is three password attempts. Before the last attempt can be made a CAPTCHA screen must be passed. This is a safety feature and a warning that only one attempt remains.
When the last attempt fails, and it’s surely an attacker trying to exploit a (likely stolen) phone, the entire app deletes all of its contents so that it cannot be compromised at all.
Get monthly secure messaging and online security to your inbox!
Your SKY ECC device features a secure Vault. To access it you must sign into your SKY ECC account first. You then have to enter a different password once you click on the Vault tab along the bottom of your home screen. Even if your password is stolen/guessed your most important documents still have another layer of security.
This is our effort to create as many layers as possible for separate features and not depending on any one security function to secure everything. A separate password for your most important documents, files, chats, and photos is one more way to keep you protected.
Metadata and header encryption
Many “secure” messaging apps (I’m looking at you, Telegram!) fail to encrypt metadata entirely, or actively collect it (ya I’m talking about you, WhatsApp!) for later use. If you’re not aware of what metadata actually is, it can be described as the data which tells:
- Where you are
- Who you talk to
- How long you talk to them
- What device you are using
When this data is compiled and analyzed it can give serious insights into your activity and communications. Say, for example:
- Someone sees that you called your doctor for a 15 minute call from the area of your house.
- Then you called a cancer clinic right after for 20 minutes.
- Your next call was from the area of a cancer clinic to your spouse.
That simple data actually reveals a lot about you, and you can imagine how much more personal it can get with a call to a divorce lawyer, STD clinic, or even the police if criminals are tracking you and you fear reprisals.
SKY ECC encrypts your metadata with AES 256-bit encryption. This high level of encryption is stronger than what some apps use to encrypt their entire app communications. We take protecting metadata extremely seriously so that this aspect of your communication is secure.
Push notification obfuscation
Getting messages displayed on your phone’s locked screen isn’t as simple as you’d think. The message is actually sent through a set of servers which are separate from your message. These servers are owned by Google and Apple, two companies not exactly known for their privacy protections.
We knew we needed to secure push notifications in our zero-trust model. The steps we took were:
- New devices generate two tokens at random. One stays on the device while the other goes to the notification server.
- You send a message to someone and the token for that person is sent to the notification server. The server will know where to send the notification based on this anonymous token.
- The minimum amount of data is sent to the server–the device token and nothing else.
- The notification servers read the token, match it with the server token and make the push notification pop up on the screen of the receiving SKY ECC device.
One final step we take to secure push notifications is by not allowing any data to appear on the device’s screen. All someone will see is the message “Encrypted message” displayed.
Not showing a message preview protects that data from being seen when your phone is left on a counter, or by sneaky people peeping over your shoulder. This is all part of our approach to complete network security as well.
Chat and file encryption
The main feature of the app is, of course, our top-of-the-market 521-bit elliptic curve cryptography with Diffie-Hellman key exchange. You can read about this in-depth in our encryption article linked to above, but here are the basics:
- Key exchanges are done asymmetrically with Diffie-Hellman. This makes it so keys are not directly shared over the network.
- 521-bit ECC is equivalent to an RSA 15,360-bit key. The standard used for banking is RSA 2048-bit.
- While that may seem like a large key, it’s actually 7.5 times smaller than RSA, and therefore faster to encrypt and decrypt than our competitors.
This standard is applied to every message sent over the network, including files and photos. The quicker nature of ECC makes it so your files and photos are sent quickly, not delayed as encryption keys are generated and then applied to the content as it is sent and received.
A truly secure messaging app uses the best available encryption, and that is what we have done with SKY ECC 521-bit elliptic curve cryptography. You can check out our competitors on the market, but none come close to our level of encryption…not to mention how they fail with several other layers of the encrypted phone ecosystem.
SKY ECC app security features protect you
Our goal with SKY ECC was to use the zero-trust model to build a complete encrypted phone ecosystem. With the network secure and the device locked down, everything was given the last layer of security needed with our app’s security features:
- Secure environment checks: Making sure the app is secure before it’s turned on, and preventing kernel roll-back.
- Brute force protection: Limiting password attempts and using a CAPTCHA before the last attempt.
- Password protection: Using two different passwords for the app and Vault.
- Metadata and header encryption: Protecting your “who, what, when, and how long” data from tracking.
- Push notification obfuscation: You know when you get a message but no one else can see it.
- Chat encryption: 521-bit ECC is the best encryption available, and we use it for all of your chats and files.
All devices available from SKY ECC have these features built into the app. If you aren’t sure if this is the right feature set for you and would like to discuss it further, use the button below to contact our support team with any questions you may have.