Saying you have the most secure phone is easy, there are at least a dozen companies making this claim, but actually showing that your phone is the most secure is something else entirely. For those who don’t want to watch another video of a sleek phone spinning on its axis while jargon and catchphrases pass over it, read on to see what makes Sky ECC so secure.
The zero-trust philosophy
Our entire platform was built on the premise that everything, and we mean everything, is already compromised. We then built everything about Sky ECC from that philosophy. This means that we have taken steps to secure the:
- Device, or hardware, that Sky ECC is on.
- Operating system that Sky ECC is installed on.
- Connections made by the device.
- Application features we built.
- Trust in our app with verification.
We built our secure phone assuming that all of these aspects were already compromised and then built protections for each one. This is our way of using layers of security so that if one aspect is compromised there are still many other layers too keep you secure. That’s how a secure phone should be made, and it is how Sky ECC was made.
1: Zero-trust for devices
The first step in building any sort of secure mobile device is to use equipment which has built-in tamper resistant chips. This is when they come straight from the factory with security assurances which prevent any sort of tampering with the device.
We did our research on which devices met this high standard, and currently install Sky ECC on:
- iPhone 7
- iPhone 8
- iPhone X
- iPhone SE
- BlackBerry KEY2 LE
- BlackBerry KEYone
- BlackBerry Motion
- Google Pixel 3
This list will change as older phones become less secure and are phased out. See the Sky ECC store for the latest models.
Having a secure device is a great first step, but we also don’t trust that your phone will never be lost or stolen. The most secure phone must have a remote wipe feature, and our certainly do. Mobile device management is a key feature of Sky ECC allowing you peace of mind if you lose your phone.
2: Zero-trust for operating systems
How we make sure that the operating system is performing in its most secure possible setting is by:
- Using all available secure features for each OS. You can read more about these features by reading the whitepapers from Apple iOS, Android, and BlackBerry UEM.
- Using the newest settings for authorizing USB connections. Weaponized hardware is a security threat beyond most people’s understanding of security, but it can be as simple as one bad USB with malware loaded onto it.
- Preventing brute force passcode attacks. The most common ‘hacks’ aren’t hacks at all. They are simple tools which guess passcodes until the right one is guessed. We limit the number of guesses to limit opportunities for this exploit.
- Enabling kernel and rollback protection. Both prevent hackers from loading an older OS with known security flaws onto a phone and then exploiting those flaws.
These are steps which simply are never taken by ‘secure’ apps that you can download from any app store. We have built Sky ECC to be as secure as possible without overlooking the operating system itself as there are too many ways it could be vulnerable without the proper steps being taken.
Part of our assessment was looking at features available on every OS and disabling those which can be exploited. Here’s a look at the most commonly disabled features on all Sky ECC devices:
- App installs: You need to be protected from apps which are harmful because even those on official app stores can be harmful.
- Screenshots and screen recording: These two features compromise the security of your chats, as well as the chats of others. Why create an image, which is another vulnerable point of attack for your conversations, when you can store it in the secure Vault behind another password?
- Voice assistants: The issue with voice assitants, such as Siri, is that they can be told to display information by people who aren’t you or be tricked into allowing access to your device. They’re convenient, but the price of convenience is always security.
- AirDrop & iCloud: Disabling Airdrop and iCloud protects you from having files uploaded to your machine from someone using AirDrop (or a similar tool on other devices) maliciously for a number of reasons, all of them horrible or illegal. The reason for disabling iCloud is how insecure things are once they go to someone else’s servers, so instead you can keep all of these files in your Sky ECC vault on your phone.
- Downloaded media: There are innumerable instances of media-music, TV, and movies-containing malicious code and malware which leads to devices being compromised. If it can’t be on your phone, it can’t compromise your phone.
Your Sky ECC agent will be able to help you get slightly different features depending on your needs, but they must meet our pre-established criteria for security. We want to offer some flexibility, but not to the point where it compromises your security or the security of our app. Contact us now to learn more!
Zero-trust for biometrics as security tools
Using the various fingerprint and face ID biometrics, where your fingerprint or face can unlock your device, sounds really futuristic and sci-fi…until simple hacks compromise your device.
A single photograph can compromise your fingerprint as a secure piece of information. It simply isn’t secure enough, nor is Face ID:
Ok, so your child could pick up your phone and access your data. That’s embarrassing. What if hackers who really want access to highly valuable information on someone’s phone which they have stolen? $150 spent on some 3D printing can do the trick:
Every OS which uses biometrics has had this disabled in the OS to keep you secure against threats you may have never heard of. Not only are biometrics not foolproof, they are also easily fooled. You can not build the most secure phone out with these features enabled. Sky ECC’s zero-trust philosophy protects you here as well.
3: Zero-trust for connections
Using Wi-Fi as an attack vector is an easy task for the average hacker. A simple Man-in-the-Middle attack can intercept unencrypted traffic to steal passwords, login details, and payment card data. We simply could not allow that to happen as end-to-end encryption is a standard for any secure messaging app.
How do you prepare for zero-trust from a communication standpoint? You build a secure server network which spans the globe. That’s the only way to do it, so we did it. We have secure servers in:
- North America
- South America
You’ll be able to connect to a secure server anywhere in the world, even when visiting countries that are notorious for surveillance, and know that you’re secure. Yes, before you ask, we can protect you in China against the Great Firewall.In a global environment, network connections are a key source of vulnerability for #chatapps. They must be secure if your #messageapps are to be secure and private. Click To Tweet
Encrypting your connection on Wi-Fi and mobile
We didn’t think that this was enough protection for your connection. Our next step in building layers of security was to encrypt your connection over both Wi-Fi and mobile data. Here’s what happens when you connect to Wi-Fi:
- All network traffic is encrypted.
- The traffic is sent through our secure servers.
- Only approved devices are allowed on our network, keeping bad actors far away from your device.
All traffic has two layers of protection because one isn’t quite enough to truly be the most secure phone available. No matter where you are on planet Earth, our APN settings will keep you protected regardless of your location or mobile phone carrier.
This applies to point three where if someone, somehow, put a keylogger on your phone (by taking your phone, knowing your password, and getting around our blocking of installs–each more difficult than the last) they wouldn’t be able to collect the data as it would be blocked from going to the hacker’s server. We would be protecting you even when you have no idea you’d been compromised.
4: Zero-trust features in the app
Our app is where our main security features are found. We have thought through every step of the security needs of someone sending messages in a way that no one else has. Here’s a detailed accounting of features built behind the scenes and how they protect you:
- Environment checks: Our app is designed to check itself for security risks. If your device has been compromised, a very unlikely scenario, you are prevented from logging in.
- Secure container: We built the Sky ECC app within a secure container. This means that we have separated the app from the rest of the Phone with a layer of encryption around it.
- Scrubbing push notifications: Apple and Google’s push notification servers are another vulnerable point, so we made sure that your data is always scrubbed before it gets there.
- Metadata encryption: The lack of metadata being encrypted is a major issue with most ‘secure’ messaging apps as it can reveal where you are, who you talk to, and when you talk to them. Our solution is to use AES-256 encryption on all metadata, which is a higher security standard than some of our competitors use on the messages themselves, never mind the metadata.
- 521-bit encryption: Your messages and files are the most important aspect of any chatting app. We encrypt all of your messages and files using 521-bit ECC (elliptic-curve cryptography, now you know where the name comes from), which is magnitudes more secure than the 128-bit ECC used by most of our competitors.
That’s how we protect you in ways you can’t see, but it’s not all we have. There are also features which you’ll use yourself which make our phone the most secure:
- Brute force prevention: We limit the number of password attempts to stop the most basic ‘hacking’ right in its tracks, which is using software which guesses your password over and over and over. The maximum is 10 wrong password attempts, but it can be set lower if you wish. There are also CAPTCHAs on the second-last password attempt. Set for 10 attempts? You’ll get a CAPTCHA on nine. After the last failed attempt, the app is programmed to delete everything on it.
- Separate passwords: Your Sky ECC device will have a section for messages and a section for files and photos. These two sections are kept separate with different passwords for each one. Layers on top of layers is how you stay secure, and this is a perfect example.
- Message deletion: There are several aspects to this. First, all messages are deleted 7 days after they are read. This prevents too much data from ever being on your phone. You also can control how long your messages stay on other people’s devices, with 7 days as the default but 2 hours after reading being the quickest. Not fast enough? Send a flash message which self destructs 30 seconds after being deleted.
- Full deletion: Did you lose your phone? It can be deleted remotely so that no one can touch your data. Are you being forced to hand your phone over? Use your emergency password to delete the device. Don’t ever let your data fall into the wrong hands with these two powerful features.
The app alone makes this one of the most secure phones ever built. This is in addition to all of the other protections that we have built into it from the device up, making this a nearly impenetrable phone.
5: Trust…but verify
Because we set out to prove that we have the most secure phone available, we didn’t even trust ourselves. We took our phone to the people at BlackBerry to allow them to do testing of two of our phones -a Google Pixel 2 and a BlackBerry KEYone.
What was discovered by BlackBerry’s dedicated penetration testing team in Bedfordshire, UK was nothing less than perfection. Absolutely no flaws were found after three days of exhaustive testing by the BlackBerry team. If you don’t believe us, click this link to view the PDF which BlackBerry sent to us with their results.
Here are the results which mattered the most:
“All test cases were assessed against, and the application was found to be secure and correctly prevented unauthorised and unauthenticated access to the application, user data and the service. BlackBerry Cybersecurity Services have therefore assessed the overall risk posed to Sky Global by the ECC Android mobile application to be…”
As you can see, we are considered low risk. This is the best possible score that is given by BlackBerry as this is a summary of all the issues they found:
You are reading that correct, they did not find any. BlackBerry went on to further elaborate on how long it would take to correct any of the errors they found. They summarized it here:
You are reading that correctly; it will take no time to fix issues with our app or devices because there are no issues to fix.
We took our zero-trust philosophy so far that we didn’t even trust ourselves. Bringing BlackBerry themselves in to do testing all ties into this philosophy. You should never trust someone who isn’t willing to put their money where their mouth is. We have done the testing, opened ourselves up to criticism by experts, and found that our phone is without any vulnerabilities.
Here is one last parting shot from BlackBerry before we move on:
“Test case assessments against the application and devices identified that it is not possible to bypass the application’s authentication and authorisation processes. Therefore, BlackBerry can confirm it is not possible to access the chat messages, contact lists, or protected data from the devices or Sky server without providing valid authorisation credentials to the ECC application.”
Testing done by BlackBerry has proven that we have the most secure phone possible. What you need is proof, not marketing jargon, and that is what we are showing you.
Bonus: Zero-trust in usage
The most secure phone in the world is useless if users need a long instruction manual just to send a message. Here is a screenshot of one of our devices:
How complicated does that look? I’m sure that it looks like any messaging app you have used in the past, except for the fact that our app uses all of the zero-trust philosophies we have been looking at.
We didn’t trust that you were a security expert,
so we built you something that is easy to use.
Our recent comparison of WhatsApp vs. Signal and Sky ECC revealed the real difference is in security, and not usability, where all three are basically the same as you can easily send and receive messages.
We have heard the complaints, time and again, of people purchasing secure smartphones and then not using them because they are too complicated. That is not a secure smartphone, that is just another headache. Our secure phone has everything built simply. Here is a look inside the vault feature:
A simple place to store your most valuable files, chats, and pictures. All the security features in the world are useless if the average person cannot use them. Those of us here at Sky have advanced knowledge of cryptography, encryption, and online security–we have no problem with being secure. We are offering all our knowledge on device, OS, and connection security within the Sky ECC app in a simple to use package which makes it the easiest to use and most secure phone possible.
Making the most secure phone possible–Sky ECC
There are many ways to build a phone which is secure. We believe that there is only one way to build the most secure smartphone–with zero-trust that anything is as secure as it’s supposed to be. With zero-trust that every possible outside factor is secure. We set out to secure all of those outside factors so that Sky ECC is protected against it’s hardware, OS, connections, and even the app itself. We did this with:
- Hardware: Starting off with the most secure phones available. Not only are they secure, but they are also so popular that people are always checking them to make sure that there are no security holes. When phones get old, and they aren’t updated or reviewed as often, we no longer use them.
- Operating system: Enabling all secure features for each OS, including kernel and rollback protections. Preventing brute force attacks against passcodes, disabling OS features which could be attack vectors, and using the newest settings for USB connection authorization.
- Connections: We encrypt connections, send you through our secure servers, and keeping bad actors off our network entirely by only allowing known devices on it.
- App: The 521-bit encryption used by our app is powerful, but we went the extra step by securing the app in a container, having the app check itself for problems, stopping brute force attacks, and allowing for multiple options in message deletion.
When you’re handed your Sky ECC device you are getting everything listed above with no effort on your part. To make sure that what we put in your hand is as secure as possible we got verification that we’re secure when we gave two of our phones to dedicated penetration testers who proved that our phones are the most secure phones possible while still being easy to use.