Security and privacy don’t happen by accident
Saying you have the most secure phone is easy, there are at least a dozen companies making this claim, but actually showing that your phone is the most secure is something else entirely. For those who don’t want to watch another video of a sleek phone spinning on its axis while jargon and catchphrases pass over it, read on to learn what makes SKY ECC so secure.
Starting with our zero-trust philosophy
Our entire platform is built on the premise that everything on and connected to a device, and we mean everything, is already compromised. When you assume, “if the device has a keylogger, how to we protect passwords” or “if there is a packet sniffer on the network, how to we protect communications” you build layers of protections to ensure compromising one layer doesn’t compromise all the layers. In practice this means we secure the:
- Device, or hardware, that SKY ECC is on.
- Operating system that SKY ECC is installed on.
- Connections made by the device.
- Application features we built.
- Trust in our app with verification.
We believe the only way to have a secure communications platform is a zero-trust, layered security approach; and that’s how we made SKY ECC.
1: Zero-trust for devices
The first step in building a secure mobile device is to use devices with built-in tamper resistant chips. Tamper resistant chips protect against kernel rollbacks (going back to an insecure version of an OS) and trigger a reset if the core OS is tampered with. For example if you trigger the tamper resistant chip on an iPhone it goes into “Recovery Mode” and can only be reset to factory settings (and usually only with the help of an Apple Store).
We did our research on which devices met this high standard, and currently install SKY ECC on the latest devices from Apple, Google, and BlackBerry. We update the exact list as devices stop receiving software updates—therefore not receiving new security patches—or become unavailable. You can view all the devices we have available on our global online store.
Protect Your Privacy with SKY ECC
2: Zero-trust for operating systems
We secure both the operating system (Android or iOS) and add another set of hardware protections on our devices by:
- Using all available secure features for each OS. You can read more about these features by reading the whitepapers from Apple iOS, Android, and BlackBerry UEM.
- Using the newest settings for authorizing USB connections. We disable data connections through the USB port to prevent someone getting who has your device from planting software on it and prevent “juice jacking” attacks from USB chargers and cables.
- Preventing brute force passcode attacks with strong passcodes on all devices. We also ensure all devices trigger an OS-level wipe and reset if too many password attempts are made.
- Enabling kernel and rollback protection. Both prevent hackers from loading an older OS with known security flaws onto a phone and then exploiting those flaws. This is part of the hardware set and supported by our device management settings.
Secure communications apps you can download from an app store can’t control these factors. They can only trust people keep their devices up to date and follow good mobile security practices. All SKY ECC devices are managed device with a leading enterprise UEM. Managing devices lets us disable features (like Bluetooth and NFC) that are security and privacy risks and enable additional security settings not turned on by default. Here are some of the features we disable on all SKY ECC devices:
- App installs: We block access to even official app stores and don’t allow new app installs after the device is set up. No new apps means you can’t be tricked into installing malware and it makes it much harder for someone to install apps on the sly.
- Screenshots and screen recording: These two features compromise the security of your chats, as well as the chats of others. Why create an image, which is another vulnerable point of attack for your conversations, when you can store it in the secure Vault behind another password?
- Voice assistants: The issue with voice assistants, such as Siri, is that they can be told to display information by people who aren’t you or be tricked into allowing access to your device. As we’ve learned, and you have probably experienced, voice assistants are always listening and can be used for espionage. Voice assistants are convenient, but the price of convenience is always security.
- AirDrop & iCloud: Disabling Airdrop and iCloud protects you from having files pushed to your device via AirDrop (or a similar tool on other devices) maliciously. We disable iCloud to prevent any information about you, your files, or your device being stored on any server anywhere.
- Free access to the internet: We only allow connections to our servers and a select few others. You can’t get malware if you can’t visit a malware ridden site. Malware can’t sent information back to their servers (like a keylogger capturing passwords) if it can’t connect.
Zero-trust for biometrics as security tools
Biometrics, like unlocking your phone with a fingerprint or your face, is very convenient, however because biometrics aren’t 100% foolproof, we disable them on SKY ECC devices. We don’t believe the current state of biometric security is good enough for an ultra secure device like SKY ECC. We have already seen how a single photograph can compromise your fingerprint and face recognition has similar problems, so we’d rather err on the side of security and privacy.
Ok, so your child could pick up your phone and buy some games. That’s embarrassing and costly, but what if hackers who really want access to your phone they stole from you? As little as $150 spent on some 3D printing can do the trick:
Every OS which uses biometrics has had this disabled in the OS to keep you secure against threats you may have never heard of. Not only are biometrics not foolproof, they are also easily fooled. You can not build the most secure phone out with these features enabled.
3: Zero-trust for connections
We assume that every network you connect to—mobile data or Wi-Fi—is being surveilled. We don’t trust the security of any public data network, so we encrypt all connections to and from SKY ECC devices. On mobile networks, SKY ECC devices use SIMs with our own APN settings to connect to our private, global data network. We have mobile data coverage in over 190 countries around the world. Wireless networks pose a different security challenge. We know you can’t use mobile data all the time; it isn’t practical.
However wireless networks, especially in places like coffee shops, hotels, and airports, are often used to hack and exploit devices. A simple Man-in-the-Middle attack can intercept traffic to steal passwords, login details, and credit card data. Disabling Wi-Fi on SKY ECC devices isn’t practical, however, so whenever you connect to a Wi-Fi network we establish a secure, anonymized connection to our gateway servers. On top of this SKY ECC checks network security before you can log into the app. If the app detects an insecure connection, you can’t log in. Anything that prevents our devices from connecting, and connecting securely, to our servers disables SKY ECC until you have a secure connection.
Protecting all your data and communications
We’ve designed our entire communications network for secure communications. From hardened servers to only allowing authorised devices on the network, we’ve taken the extra steps required to protect your communications, device, and connection no matter where you are or how you connect to the internet.
4: Zero-trust features in the app
Up to this point we’ve secured the device, the OS, and the connection, three layers of security before we even get to the SKY ECC app itself. We have thought through every part of secure messaging and built features in SKY ECC to match. Here are the core security features we’ve built into SKY ECC to protect you:
- Environment checks: Our app is designed to check itself for security risks. If your device, connection, or app has been compromised you can’t log into the app.
- Secure container: SKY ECC is installed within a secure container on the device. We separated the app from the rest of the phone with a layer of encryption around it. This protects data from outside the container getting in and prevents data from inside the container leaking out. For example you can’t copy text from a note or message within SKY ECC and paste it into a notes app on your phone.
- Scrubbing push notifications: Apple and Google’s push notification servers are another vulnerable point, so we made sure that your data is scrubbed before it gets there.
- Metadata encryption: Many secure messaging apps don’t encrypt message data—like to, from, your IP address, message subject—and these data can expose a lot more information than you realize. You can read why this is so important in our post dedicated to protecting metadata. To further protect your privacy we encrypt all metadata with AES-256 before messages are sent.
- 521-bit encryption: Your messages and files are the most important aspect of any chatting app. We encrypt all of your messages and files using 521-bit ECC (elliptic-curve cryptography, now you know where the name comes from), which is magnitudes more secure than the 128-bit ECC used by most of our competitors. No other secure communications app uses encryption this strong. We believe your messages deserve the best and strongest encryption possible.
- One device, one account: Each SKY ECC ID and account is tied to one device and one device only. This means your ECC ID can’t be faked or spoofed on another device. If someone tries to register your ECC ID on another device, your app resets so you know to contact support. Also, new devices (even authorised ones) don’t receive any of your chats and your imposter can’t read any new chats either—the encryption keys won’t match up and your contact will be notified something is wrong with the keys.
- Brute force prevention: As the first line of defense we limit the number of password attempts to unlock the app. You can set the limit to 3, 5, or 10 tries. No matter which you pick, on the second to last attempt we included a CAPTCHA to block fully-automated attacks. If you exceed the number of attempts, we don’t just lock the app for a period of time, we reset the entire app. When SKY ECC resets all chats and saved items are deleted. You then need to contact support to re-enable the account and device. Even once re-enabled, the only information restored is your contact list.
- Separate passwords: You have two separate password in SKY ECC. One unlocks the app and lets you send and receive messages. The other unlocks the Vault for your saved photos, chats, and notes. If someone is able to get access to your app, they still have to breach another password to see your saved items.
- Message deletion: All messages are deleted at most 7 days after they are read. You also can control how long your messages stay on other people’s devices, 7 days is the default but 2 hours after reading being the quickest. Not fast enough? Send a flash message which self destructs 30 seconds after being read.
- Full deletion: Did you lose your phone? It can be deleted remotely so that no one can touch your data. Are you being forced to hand your phone over? Use your emergency password to delete the device. Don’t ever let your data fall into the wrong hands with these two powerful features.
The app alone makes this one of the most secure phones ever built. This, in addition to all of the other protections that we have built into it from the device up, make our devices impenetrable. And if you don’t believe us, we’re offering US$1,000,000 to anyone who can defeat our protections and get into the app and get a secret code.
5: Trust…but verify
Because we set out to have the most secure phone available, we didn’t even trust ourselves. We took our phone to the people at BlackBerry to allow them to test of two of our phones—a Google Pixel 2 and a BlackBerry KEYone—and see if they could unlock them and get to SKY ECC.
BlackBerry’s dedicated penetration testing team found no flaws after three days of exhaustive testing. If you don’t believe us, click this link to view the PDF which BlackBerry sent to us with their results. Here are the results which mattered the most:
“All test cases were assessed against, and the application was found to be secure and correctly prevented unauthorised and unauthenticated access to the application, user data and the service. BlackBerry Cybersecurity Services have therefore assessed the overall risk posed to SKY GLOBAL by the ECC Android mobile application to be…”
As you can see, we are considered low risk. This is the best possible score that is given by BlackBerry as this is a summary of all the issues they found:
You are reading that correct, they did not find any. BlackBerry went on to further elaborate on how long it would take to correct any of the errors they found. They summarized it here:
You are reading that correctly; it will take no time to fix issues with our app or devices because there are no issues to fix.
We took our zero-trust philosophy so far that we didn’t even trust ourselves. Bringing BlackBerry in to test our devices all ties into this philosophy—never trust someone who isn’t willing to put their money where their mouth is. We have done the testing, opened ourselves up to criticism by experts, and confirmed our phone is secure.
Here is one last parting shot from BlackBerry before we move on:
“Test case assessments against the application and devices identified that it is not possible to bypass the application’s authentication and authorisation processes. Therefore, BlackBerry can confirm it is not possible to access the chat messages, contact lists, or protected data from the devices or Sky server without providing valid authorisation credentials to the ECC application.”
Testing done by BlackBerry has proven that we have the most secure phone possible.
Bonus: Zero-trust in usage
The most secure phone in the world is useless if users need an instruction manual just to send a message. Here is a screenshot of one of our devices:
How complicated does that look? I’m sure that it looks like any messaging app you have used in the past.
All the security features in the world are useless if the average person cannot use them. We have advanced knowledge of cryptography, encryption, and online security–we have no problem with being secure. We also believe you shouldn’t have to be a security expert to communicate securely. We are offering all our knowledge on device, OS, and connection security within the SKY ECC app in a simple to use package which makes it the easiest to use and most secure phone possible.
Making the most secure phone possible
We believe that there is only one way to build the most secure communications platform—with zero-trust. We secured all of those outside factors so that SKY ECC is protected against its hardware, OS, connections, and even the app itself from being compromised. We did this with:
- Hardware: Starting off with the most secure phones available. Not only are they secure, but they are also so popular that people are always checking them to make sure that there are no security holes. When phones get old, and they aren’t updated or reviewed as often, we no longer use them.
- Operating system: Enabling all secure features for each OS, including kernel and rollback protections. Preventing brute force attacks against passcodes, disabling OS features which could be attack vectors, and using the newest settings for USB connection authorization settings.
- Connections: We encrypt all connections all the time, send you through our secure servers, and keeping bad actors off our network entirely by only allowing unknown devices on it.
- App: The 521-bit encryption used by our app is powerful, but we went the extra step by securing the app in a container, having the app check itself for problems, stopping brute force attacks, and allowing for multiple options in message deletion.
When you’re handed your SKY ECC device you are getting you’re holding a great device that is extremely secure and still easy to use. You can learn more about our features and security or head right to our online store and purchase a device.
Protect Your Privacy with SKY ECC
Private, encrypted mobile data network
Encrypted network communications
Private, encrypted mobile data network
Strongest encryption of any secure communications app